How to Give Authenticated Users or Everyone Access to Your Share Programmatically

  • Article

Another follow-up from my previous article, Programmatically Configuring Permissions on a Share, David B asked a question, how to share a folder to Everyone, instead of to a specific users. This article will answer that question, based on the code on my previous article.

That is an interesting question, since ‘Everyone’ can be replaced with ‘Authenticated Users’, ‘Network Service’, etc.

First, if you need only to give Everyone read-only access permission, the easiest thing is to set the DACL property of Win32_SecurityDescriptor to null. This is not equal with an array of null. An array of null will lock everyone out from this share.

 ManagementObject secDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
secDescriptor["ControlFlags"] = 4; //SE_DACL_PRESENT 
secDescriptor["DACL"] = null;

If you need to be more explicit, or you need to assign other security principal different access, that method above will not work. As soon as you assign someone access to the share, ‘Everyone’ will lose its read access.

To assign the permission explicitly, the key is to form the correct Win32_Trustee to represent that special account (Network Service, Everyone, Authenticated Users, etc.). Take a look at System.Security.Principal.WellKnownSidType enum. It has a number of well known sid that you might be interested with.

What needs to be done is to assign the SID property of the Win32_Trustee object with the security identifier derived from the well known sid.

Let assume you have this method:

 private byte[] GetWellKnwonSid(WellKnownSidType SidType)
{
    SecurityIdentifier Result = new SecurityIdentifier(SidType, null);
    byte[] sidArray = new byte[Result.BinaryLength];
    Result.GetBinaryForm(sidArray, 0);

    return sidArray;
}

Then when Win32_Trustee object is created, assign the SID property as follow:

 ManagementObject Trustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
Trustee["SID"] = GetWellKnwonSid(WellKnownSidType.WorldSid);

That code above will create Win32_Trustee for ‘Everyone’. Use this Win32_Trustee to form the Win32_Ace, and you now explicitly assign ‘Everyone’ access to your share.