Examine the following two blocks of code:
System.Security.AccessControl.DirectorySecurity dsec = System.IO.Directory.GetAccessControl(str); System.Security.Principal.NTAccount group= new System.Security.Principal.NTAccount("DOMAIN","USERGROUP"); System.Security.AccessControl.FileSystemAccessRule myrule = new System.Security.AccessControl.FileSystemAccessRule(group,System.Security.AccessControl.FileSystemRights.FullControl, System.Security.AccessControl.AccessControlType.Allow); dsec.SetAccessRule(myrule); System.IO.Directory.SetAccessControl(str,dsec);
and
System.Security.AccessControl.FileSecurity fsec = System.IO.File.GetAccessControl(file); System.Security.Principal.NTAccount group= new System.Security.Principal.NTAccount("DOMAIN","USERGROUP"); System.Security.AccessControl.FileSystemAccessRule myrule = new System.Security.AccessControl.FileSystemAccessRule(group,System.Security.AccessControl.FileSystemRights.FullControl, System.Security.AccessControl.AccessControlType.Allow); fsec.SetAccessRule(myrule); System.IO.File.SetAccessControl(file,fsec);
One would expect them both to do the same, only one to the directory and the other to the file. And, in a way, they do it. In both cases, the file system object is modified, so that DOMAIN \ USERGROUP has effective full control permissions.
However, the strange part is that when you right-click on a file and view security, you see the following: 
and when you right-click on the folder and view the security, you will see the following: 
If I go to Advanced-> Effective Permissions-> Select (DOMAIN \ USERGROUP), it will show that the effective permissions for the folder for this group are full control (all the checkboxes are checked, not just the Full control unit. That would be weirder) .
My question is: why is there a difference in the effect of an almost identical implementation and does anyone know how to replicate the effect of applying permissions to files?