How to see whether "include inheritable permissions" is unchecked for a file or folder?

Question

I'm writing a little utility in C# to make sure a specified folder and all of its contents have appropriate access rights (I want to give the Authenticated Users group full access). The following code seems to work properly for updating the top level folder's ACL (Access Control List):

SecurityIdentifier allUsers = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule newRule = new FileSystemAccessRule(allUsers,
    FileSystemRights.FullControl, iFlags,
    PropagationFlags.None, AccessControlType.Allow);

DirectoryInfo info = new DirectoryInfo(folderPath);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(newRule);
info.SetAccessControl(security);

I've noticed, however, that this new access rule doesn't propagate to subfolders that have the "Include inheritable permissions …" option unchecked in their security properties. That only makes sense. So, what I want to do is turn security permission inheritance back on for any such subfolders.

My digging has uncovered the ObjectSecurity.SetAccessRuleProtection method which should be half of what I need. However, it seems sloppy to just blindly use the above method on objects that already inherit their parent's DACL. Thus, I want to determine which objects have their permission inheritance turned off, but I can't seem to find the corresponding method or property which returns this information. Is there one? Am I missing something here?

Answer 1

I remember using something like this:

DirectoryInfo d = new DirectoryInfo(@"e:\test1");
DirectorySecurity acl = d.GetAccessControl();
if (acl.GetAccessRules(false, true, typeof(System.Security.Principal.SecurityIdentifier)).Count >0)
    // -- has inherited permissions
else
    // -- has no inherited permissions

I was also trying to find a method to check for this but I couldn't find any (even in C++). So I ended up using the code above. It worked like a charm.