在查看Windows Server 2003上的安全事件日志后,我发现有一个事件记录了失败的审核。该类别是对象访问,需要以下访问权限:
- READ_CONTROL - SYNCHRONIZE - ReadData(或ListDirectory) - WriteData(或AddFile) - AppendData(或AddSubdirectory或CreatePipeInstance)
我无法找到任何关于如何以编程方式修改这些属性的文档。这些失败是由postgres和tomcat可执行文件生成的。
编辑:
- READ_CONTROL - SYNCHRONIZE - ReadData(或ListDirectory) - WriteData(或AddFile) - AppendData(或AddSubdirectory或CreatePipeInstance)
我无法找到任何关于如何以编程方式修改这些属性的文档。这些失败是由postgres和tomcat可执行文件生成的。
编辑:
protected FileSystemRights[] AppendFileSystemRights()
{
return new FileSystemRights[]
{
FileSystemRights.ReadAndExecute,
FileSystemRights.WriteAttributes,
FileSystemRights.Synchronize,
FileSystemRights.ReadAttributes,
FileSystemRights.ReadData
};
}
public void ApplySystemRight(string fileName, FileSystemRights[] rights)
{
if (string.IsNullOrEmpty(fileName))
{
return;
}
if (rights == null || rights.Length <= 0)
{
return;
}
try
{
Console.WriteLine("ATTEMPTING TO OPEN THE FOLLOWING FILE: {0}", fileName);
fileSec = File.GetAccessControl(fileName);
for (int i = 0; i < rights.Length; i++)
{
Console.WriteLine("ATTEMPTING TO ADD THE FOLLOWING ACCESS RULE: {0} TO {1}", rights[i], fileName);
fileSec.AddAccessRule(new FileSystemAccessRule(user,
rights[i], AccessControlType.Allow));
}
Console.WriteLine("ATTEMPTING TO SET THE PRECEDING ACCESS RULES: TO {0}", fileName);
File.SetAccessControl(fileName, fileSec);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", uae.Message, fileName);
}
catch (ArgumentNullException ane)
{
Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", ane.Message, fileName);
}
catch (ArgumentException ae)
{
Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", ae.Message, fileName);
}
}