I've noticed that CommonObjectSecurity.GetAccessRules Method reports incorrect permissions.
Please note the code below:
var dirSecurity = System.IO.Directory.GetAccessControl(@"C:\Temp");
//now we get all ntfs rights to a directory, we take all even the inherited ones
var accessRules = dirSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (FileSystemAccessRule item in accessRules)
{
var account = item.IdentityReference.Value;
if (account.Contains("gd"))
{
Console.WriteLine(account);
var rights = item.FileSystemRights;
if (rights.HasFlag(System.Security.AccessControl.FileSystemRights.ListDirectory))
Console.WriteLine("List content");
if (rights.HasFlag(System.Security.AccessControl.FileSystemRights.ReadAndExecute))
Console.WriteLine("Has file read access");
}
}The permissions on that folder are the following. Please check the 'gd' account.
code output is the following. As you can see it reports incorrectly it has file read access.