The problem lays in the fact that you are trying to remove inherited access rights what is not allowed. It happens because it is not enough to call SetAccessRuleProtection(true, true). The changes will take effect only when you call SetAccessControl afterwards. In other words you cannot remove inheritance of access rights and modify them in the one shot. It must be done in 2 stages i.e.:
- disec.SetAccessRuleProtection(true, true);
- m_diWork.SetAccessControl(disec);
- disec = m_diWork.GetAccessControl()
- disec.PurgeAccessRules(act);
- m_diWork.SetAccessControl(disec);
It is not obvious and it doesn't help that PurgeAccessRules doesn't inform about problems with removing access rights.