Grant User Permissions on the Computer

  • Article

The application retrieves the underlying DirectoryEntry object for the computer principal. The permissions are then set on the computer in the ObjectSecurity property.

        private static void GrantUserPermissionsOnComputerObject(UserPrincipal userPrincipal, ComputerPrincipal computerPrincipal)
        {
            if (computerPrincipal.GetUnderlyingObjectType() == typeof(DirectoryEntry))
            {
                DirectoryEntry computerEntry = (DirectoryEntry) computerPrincipal.GetUnderlyingObject();
                ActiveDirectorySecurity objectSecurity = computerEntry.ObjectSecurity;
                ActiveDirectoryAccessRule accessRule = new ActiveDirectoryAccessRule(userPrincipal.Sid, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
                objectSecurity.AddAccessRule(accessRule);
                computerEntry.CommitChanges();
            }
        }

See Also

Reference

System.DirectoryServices.AccountManagement

Concepts

About System.DirectoryServices.AccountManagement
Using System.DirectoryServices.AccountManagement

Send comments about this topic to Microsoft.

Copyright © 2008 by Microsoft Corporation. All rights reserved.