取得文件c#的所有权

Question

我正在尝试获取文件的所有权并通过 C# 将其删除。 该文件是 iexplorer.exe，默认为当前所有者 - TrustedInstaller。 FileSecurity.SetOwner 方法似乎设置了指定的所有权，但实际上并没有改变初始所有者并且没有抛出异常。 显然，下一次删除文件的尝试会引发异常。 应该在代码中进行哪些更改以获取文件的所有权并将其删除？

var fileS = File.GetAccessControl(@"C:\Program Files (x86)\Internet Explorer\iexplore.exe");
fileS.SetOwner(new System.Security.Principal.NTAccount(Environment.UserDomainName, Environment.UserName));
File.Delete(@"C:\Program Files (x86)\Internet Explorer\iexplore.exe");

Answer 1

您必须明确启用SeTakeOwnershipPrivilege：

需要在未经授权的情况下取得对象的所有权 随意访问。此权限允许设置所有者值 仅适用于持有人可以合法指定为 对象的所有者。用户权利：获取文件或其他文件的所有权 对象。

我建议您阅读 Mark Novak 撰写的精彩文章：Manipulate Privileges in Managed Code Reliably, Securely, and Efficiently。

和/或看看他的sample。

更新

示例用法：

var fileS = File.GetAccessControl(@"C:\Program Files (x86)\Internet Explorer\iexplore.exe");

Privilege p;
bool ownerChanged = false;
try
{
    p = new Privilege(Privilege.TakeOwnership);
    p.Enable();

    fileS.SetOwner(new System.Security.Principal.NTAccount(
        Environment.UserDomainName, Environment.UserName));

    ownerChanged = true;
}
catch(PrivilegeNotHeldException e)
{
   // privilege not held
   // TODO: show an error message, write logs, etc.
}
finally
{
    p.Revert();
}

if (ownerChanged)
    File.Delete(@"C:\Program Files (x86)\Internet Explorer\iexplore.exe");

Answer 2

        string filepath = @"C:\Program Files (x86)\Internet Explorer\iexplore.exe";

        //Get Currently Applied Access Control
        FileSecurity fileS = File.GetAccessControl(filepath);

        //Update it, Grant Current User Full Control
        SecurityIdentifier cu = WindowsIdentity.GetCurrent().User;
        fileS.SetOwner(cu);
        fileS.SetAccessRule(new FileSystemAccessRule(cu, FileSystemRights.FullControl, AccessControlType.Allow));

        //Update the Access Control on the File
        File.SetAccessControl(filepath, fileS);

        //Delete the file
        File.Delete(filepath);

添加以下导入

        using System.IO;
        using System.Security.AccessControl;
        using System.Security.Principal;

在提升模式下运行代码。

Answer 3

使用示例中的类特权在 Windows 8.1 中提供支持： Manipulate Privileges in Managed Code Reliably, Securely, and Efficiently

    private bool TryDeleteFile(string fileName)
    {
        string filePath = Path.GetFullPath(fileName);
        var fi = new FileInfo(filePath);

        bool ownerChanged = false;
        bool accessChanged = false;
        bool isDelete = false;

        FileSecurity fs = fi.GetAccessControl();
        Privilege p = new Privilege(Privilege.TakeOwnership);

        try
        {
            p.Enable();
            fs.SetOwner(WindowsIdentity.GetCurrent().User);
            File.SetAccessControl(filePath, fs); //Update the Access Control on the File
            ownerChanged = true;
        }
        catch (PrivilegeNotHeldException ex) { }
        finally { p.Revert(); }

        try
        {
            fs.SetAccessRule(new FileSystemAccessRule(WindowsIdentity.GetCurrent().User, FileSystemRights.FullControl, AccessControlType.Allow));
            File.SetAccessControl(filePath, fs);
            accessChanged = true;
        }
        catch (UnauthorizedAccessException  ex) { }

        if (ownerChanged && accessChanged)
        {
            try
            {
                fi.Delete();
                isDelete = true;
            }
            catch (Exception ex) {  }
        }

        return isDelete;
    }

Answer 4

查看这些注册表项以添加上下文菜单。我能够在 Windows 7 上重命名文件夹以及 iexplorer_OFF.exe。 您可能可以从您的代码中外壳/执行相同的内容。

https://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/