Active Directory Components

Some new permissions components i.e. Add Group NTFS Permissions To Folder & Add User NTFS Permissions To Folder should be in the AD library next release.

Try these, you can add / remove users to groups with permissions to those share folders.

http://www.symantec.com/connect/downloads/active-d...

I've used them in my Workflow - they work great!

A few things to note/possible frustration points:

1. For the admin username field:  for some reason domain\user wouldn't work for me, but user@domain.com does
2. Check and verify the container or OU you're looking for or placing data in exists already and that you can traverse it in Active Directory Users and Computers.
3.  Make sure you're aware of timeouts and replication times on your domain - they may affect how quickly you can see results.
4.  If data lives in sub-OUs or containers, be sure to set your scope to SubTree.

The Incendio components create the home directory folder and assign the NTFS permissions but they will not assign rights to just any share.

You can accomplish this though a Code (Script) Component. Search for script in your toolbox and add the Code (Script) Component. In the input params add folder (text) and user (text) and map them to variables in your process. Hit next and leave the return type to No Return. Hit next and paste the code below into the source code section. Hit next and you'll be able to test it. You can right click on the configured component and save it to you library to use in other projects. The code grants full access but you can change that.

One thing to remember though is if you are using the internal web server for the debugger it runs with your credentials so it seems to work fine. When you deploy to IIS it runs as the local Network Service account by default. This account can't access shares so you need to create an application pool in IIS and configure the identity tab to use a domain user with rights to access the share and change the permissions.

I can write this all up in an article with screen shots if anyone is interested.

try
{
if (!System.IO.Directory.Exists(folder))
{
throw new Exception("Directory doesn't exist or can't be accessed");
}

// Strip off trailing backslash which is not supported
folder = folder.TrimEnd('\\');

System.IO.DirectoryInfo dInfo = new System.IO.DirectoryInfo(folder);

System.Security.AccessControl.DirectorySecurity dSecurity = dInfo.GetAccessControl();
const System.Security.AccessControl.InheritanceFlags inhFlags =
System.Security.AccessControl.InheritanceFlags.ContainerInherit |
System.Security.AccessControl.InheritanceFlags.ObjectInherit;

System.Security.AccessControl.FileSystemAccessRule AccessRule =
new System.Security.AccessControl.FileSystemAccessRule
(user, System.Security.AccessControl.FileSystemRights.FullControl, inhFlags,
System.Security.AccessControl.PropagationFlags.None,
System.Security.AccessControl.AccessControlType.Allow);
dSecurity.AddAccessRule(AccessRule);

dInfo.SetAccessControl(dSecurity);
}
catch (Exception ex)
{
throw new Exception(string.Format("Error Setting Folder Permissions for {0}: {1}", user, folder), ex);
}

I learned something new today. You actually can give the local Network Service account access to files and databases on other machines. It's the machine account on the domain. So, when your setting NTFS permissions if you choose Computers from Object Types and punch in the computer name it will come up. This definitely simplifies things. I've always created application pools with domain users to do privileged operations.

Thanks RHamner on the article!

thanks rhamner for the useful link