| TaylorMichaelL wrote:|
Are you trying to remove the Users group of another machine from the folder For example you are running on machine A but you want to remove the Users group of machine B. If so then how did you get machine B's account on the folder to begin with Groups local to a machine are not visible outside the machine itself.
For the local machine you can actually skip the NTAccount and use SecurityIdentifier directly with the WellKnownSidType for the Users group. This saves you a step.
If neither of the above help then do not append the machine name. As it stands now the code can easily be broken by a bad string. Instead use the overload of NTAccount that accepts a domain and an account name. Note that NTAccount doesn't actually require that the account exist but when you try to convert to a security identifier it better.
Michael Taylor - 8/8/07
You are correct to assume that I am trying to remove the Users group on another machine.
The reasoning behind that is that this company intranet site will sit on Machine A while these folders will be created on a company wide network share on Machine B.
As I had mentioned in my original post the objective I am trying to achieve is that if a folder or document is marked by the creator as restricted then no one other than the creator or persons specified by the creator should be able to access and read the documents in that folder.
For example we have 3 people person X, person Y and person Z.
person X creates a document called project A, it is to create a folder called project A and marks it unrestricted. Then person X, Y & Z should be able to go to the network share and view the document.
However if person Y creates a document called project B and marks it restircted with access only to himself and person Z it is to create the folder called Project B with access to only person Y and person Z. If person Y or person Z browse to the network share they should be able to view both project A and project B. However if person X browses to the network share he should be able to see both project A and project B folders but only be able to view the documents in project A and get an access denied error if they try to view anything in the project B folder.
I have got the code working to grant access to person Y and person Z in the case of a restricted access while removing the access group "Everyone" from the folder permissions.
However the client (my company) also wants me to remove the group "MachineName\Users" from the folder.
It is here where I am having the issues. Every time I try and access the "MachineName\Users" group I get the "Some or all identity references could not be translated." exception.
I hope this helps