EDN Admin
Well-known member
Hi All,
I need to grant permission to a group with full previliges at the root level say to c:temp folder , so that it will propogate to all the files and folder within.
I was able to achieve using the microsoft example<br/>
http://msdn.microsoft.com/en-us/library/aa379283(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/aa379283(v=vs.85).aspx
I was calling the funtion <br/>
DWORD dwError = AddAceToObjectsSecurityDescriptor("C:\temp",<br/>
SE_FILE_OBJECT,<br/>
"everyone",<br/>
TRUSTEE_IS_NAME,<br/>
GENERIC_ALL,<br/>
SET_ACCESS,<br/>
SUB_CONTAINERS_AND_OBJECTS_INHERIT<br/>
);<br/>
but when am trying to revoke its not working and i tried lot of other stuff but didnot work. please help me.<br/>
DWORD dwError = AddAceToObjectsSecurityDescriptor("C:\CCtemp",<br/>
SE_FILE_OBJECT,<br/>
"everyone",<br/>
TRUSTEE_IS_NAME,<br/>
GENERIC_ALL,<br/>
REVOKE_ACCESS,<br/>
SUB_CONTAINERS_AND_OBJECTS_INHERIT<br/>
);<br/>
<br/>
<br/>
also tried the below code to remove trustee<br/>
<br/>
DWORD RemoveTrustee(LPTSTR FileName, LPTSTR TrusteeName,<br/>
SE_OBJECT_TYPE ot)<br/>
{<br/>
DWORD dwError;<br/>
PACL Dacl, Nacl = NULL;<br/>
PSECURITY_DESCRIPTOR psd = NULL;<br/>
EXPLICIT_ACCESS *ea;<br/>
unsigned long aclNum, aclIndex;<br/>
BOOL first = TRUE;
<br/>
dwError = GetNamedSecurityInfo(<br/>
FileName,<br/>
ot,<br/>
DACL_SECURITY_INFORMATION,<br/>
NULL,<br/>
NULL,<br/>
&Dacl,<br/>
NULL,<br/>
&psd<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
return dwError;<br/>
}
GetExplicitEntriesFromAcl(<br/>
Dacl,<br/>
&aclNum,<br/>
&ea);
for (aclIndex = 0; aclIndex < aclNum; aclIndex++)<br/>
{<br/>
if (_stricmp(ea[aclIndex].Trustee.ptstrName, TrusteeName) != 0)<br/>
{<br/>
if (first)<br/>
{<br/>
dwError = SetEntriesInAcl(<br/>
1,<br/>
&ea[aclIndex],<br/>
NULL,<br/>
&Nacl<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
return dwError;<br/>
}<br/>
first = FALSE;<br/>
}<br/>
else<br/>
{<br/>
dwError = SetEntriesInAcl(<br/>
1,<br/>
&ea[aclIndex],<br/>
Nacl,<br/>
&Nacl<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
return dwError;<br/>
}<br/>
}<br/>
}<br/>
}
dwError = SetNamedSecurityInfo(<br/>
FileName,<br/>
ot,<br/>
DACL_SECURITY_INFORMATION,<br/>
NULL,<br/>
NULL,<br/>
Nacl,<br/>
NULL<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
}<br/>
return dwError;<br/>
}<br/>
<br/>
calling function :<br/>
RemoveTrustee("c:\temp", "Everyone",SE_FILE_OBJECT);<br/>
<br/>
I need to grant the permission everyone full and remove it when am done.<br/>
<br/>
Thanks. <hr class="sig Masmo
View the full article
I need to grant permission to a group with full previliges at the root level say to c:temp folder , so that it will propogate to all the files and folder within.
I was able to achieve using the microsoft example<br/>
http://msdn.microsoft.com/en-us/library/aa379283(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/aa379283(v=vs.85).aspx
I was calling the funtion <br/>
DWORD dwError = AddAceToObjectsSecurityDescriptor("C:\temp",<br/>
SE_FILE_OBJECT,<br/>
"everyone",<br/>
TRUSTEE_IS_NAME,<br/>
GENERIC_ALL,<br/>
SET_ACCESS,<br/>
SUB_CONTAINERS_AND_OBJECTS_INHERIT<br/>
);<br/>
but when am trying to revoke its not working and i tried lot of other stuff but didnot work. please help me.<br/>
DWORD dwError = AddAceToObjectsSecurityDescriptor("C:\CCtemp",<br/>
SE_FILE_OBJECT,<br/>
"everyone",<br/>
TRUSTEE_IS_NAME,<br/>
GENERIC_ALL,<br/>
REVOKE_ACCESS,<br/>
SUB_CONTAINERS_AND_OBJECTS_INHERIT<br/>
);<br/>
<br/>
<br/>
also tried the below code to remove trustee<br/>
<br/>
DWORD RemoveTrustee(LPTSTR FileName, LPTSTR TrusteeName,<br/>
SE_OBJECT_TYPE ot)<br/>
{<br/>
DWORD dwError;<br/>
PACL Dacl, Nacl = NULL;<br/>
PSECURITY_DESCRIPTOR psd = NULL;<br/>
EXPLICIT_ACCESS *ea;<br/>
unsigned long aclNum, aclIndex;<br/>
BOOL first = TRUE;
<br/>
dwError = GetNamedSecurityInfo(<br/>
FileName,<br/>
ot,<br/>
DACL_SECURITY_INFORMATION,<br/>
NULL,<br/>
NULL,<br/>
&Dacl,<br/>
NULL,<br/>
&psd<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
return dwError;<br/>
}
GetExplicitEntriesFromAcl(<br/>
Dacl,<br/>
&aclNum,<br/>
&ea);
for (aclIndex = 0; aclIndex < aclNum; aclIndex++)<br/>
{<br/>
if (_stricmp(ea[aclIndex].Trustee.ptstrName, TrusteeName) != 0)<br/>
{<br/>
if (first)<br/>
{<br/>
dwError = SetEntriesInAcl(<br/>
1,<br/>
&ea[aclIndex],<br/>
NULL,<br/>
&Nacl<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
return dwError;<br/>
}<br/>
first = FALSE;<br/>
}<br/>
else<br/>
{<br/>
dwError = SetEntriesInAcl(<br/>
1,<br/>
&ea[aclIndex],<br/>
Nacl,<br/>
&Nacl<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
return dwError;<br/>
}<br/>
}<br/>
}<br/>
}
dwError = SetNamedSecurityInfo(<br/>
FileName,<br/>
ot,<br/>
DACL_SECURITY_INFORMATION,<br/>
NULL,<br/>
NULL,<br/>
Nacl,<br/>
NULL<br/>
);<br/>
if (dwError != ERROR_SUCCESS)<br/>
{<br/>
printf("File %s: %dn", FileName, dwError);<br/>
}<br/>
return dwError;<br/>
}<br/>
<br/>
calling function :<br/>
RemoveTrustee("c:\temp", "Everyone",SE_FILE_OBJECT);<br/>
<br/>
I need to grant the permission everyone full and remove it when am done.<br/>
<br/>
Thanks. <hr class="sig Masmo
View the full article
