Setting Windows file security

Question

My problem is the opposite that most people have. I'm generating files locally in C#, but I want them to be marked as blocked. So when a user opens them in an application like Word or Excel it opens them in "Protected Mode".

I've read that this is set on "NTFS Alternate Data Streams". Does anyone know how I could mimick this in C#?

Answer 1

You can also use the PersistZoneIdentifier object instead of writing the alternative data stream directly.

More information here: http://blogs.msdn.com/b/oldnewthing/archive/2013/11/04/10463035.aspx and here: https://github.com/citizenmatt/UnblockZoneIdentifier

using System;
using System.Runtime.InteropServices;
using System.Runtime.InteropServices.ComTypes;

namespace ConsoleApplication3
{
    public enum URLZONE : uint
    {
        URLZONE_LOCAL_MACHINE = 0,
        URLZONE_INTRANET = 1,
        URLZONE_TRUSTED = 2,
        URLZONE_INTERNET = 3,
        URLZONE_UNTRUSTED = 4,
    }

    [ComImport]
    [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
    [Guid("cd45f185-1b21-48e2-967b-ead743a8914e")]
    public interface IZoneIdentifier
    {
        URLZONE GetId();
        void SetId(URLZONE zone);
        void Remove();
    }

    class Program
    {
        static void Main(string[] args)
        {
            object persistZoneId = Activator.CreateInstance(Type.GetTypeFromCLSID(Guid.Parse("0968e258-16c7-4dba-aa86-462dd61e31a3")));
            IZoneIdentifier zoneIdentifier = (IZoneIdentifier)persistZoneId;
            IPersistFile persisteFile = (IPersistFile)persistZoneId;
            zoneIdentifier.SetId(URLZONE.URLZONE_UNTRUSTED);
            persisteFile.Save(@"c:\temp\test.txt", false);
        }
    }
}