// (c) 2006 Richard Grimes
// www.grimes.demon.co.uk

using System;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;

class App
{
   static void Main()
   {
      DirectoryInfo di = new DirectoryInfo("Test");
      DirectorySecurity ds = di.GetAccessControl();
      byte[] buf = ds.GetSecurityDescriptorBinaryForm();
      CommonSecurityDescriptor sd = new CommonSecurityDescriptor(
         true, false, buf, 0);
      DiscretionaryAcl dacl = sd.DiscretionaryAcl;
      SecurityIdentifier users = new SecurityIdentifier("BU");
      dacl.RemoveAccess(AccessControlType.Allow, users, 0x00100116, 
         InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
         PropagationFlags.None);
      buf = new byte[sd.BinaryLength];
      sd.GetBinaryForm(buf, 0);

      ds = new DirectorySecurity();
      ds.SetSecurityDescriptorBinaryForm(buf);
      di.SetAccessControl(ds);
   }
}