Re: NULL DACL versis Empty DACL and Owner implcit access

Hi Paul,

Thanks for your feedback.

Yes, I understand your concern now. In file security, the right to create a
new file is different from the right to create a new directory. They are
FILE_ADD_FILE vs FILE_ADD_SUBDIRECTORY. Please refer to the link below for
more details:
"File Security and Access Rights"
http://msdn2.microsoft.com/en-us/library/aa364399.aspx

So it is possible that the user's token is granted the
FILE_ADD_SUBDIRECTORY access right but not the FILE_ADD_FILE.

Regarding why cacls will output no ACEs for "w32x86\3" directory, I have no
idea. My first thought is that the user's token may even do not have the
READ_CONTROL right. This means that cacls.exe can not read the DACL list of
"w32x86\3" directory. But test shows that this will cause the cacls.exe to
output "Access is denied" text, so this should be the cause. Currently, I
also can not understand why cacls.exe will output empty DACL while we still
have FILE_ADD_SUBDIRECTORY right to create directory in "w32x86\3"
directory. I think we can only find out the root cause by performing a live
debugging on the problematic machine, however, this appears impossible now.

Anyway, if there is still anything I can help you, please feel free to tell
me, thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: winword.exe.manifest for multiple add-ins?
    ... Microsoft Online Community Support ... Get notification to my posts through email? ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ...
    (microsoft.public.office.developer.com.add_ins)
  • RE: WMP ActiveX control kills Internet Explorer
    ... utilizes the WMP ActiveX control to play a WMV file. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ...
    (microsoft.public.win32.programmer.mmedia)
  • RE: Missing method in TLB
    ... missing entries are simply blank vtable entries, but there is no way to ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ...
    (microsoft.public.win32.programmer.ole)
  • Re: Problems with uiAccess = true
    ... It seems that the "A referral was returned from the server" error dialog is ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ...
    (microsoft.public.win32.programmer.ui)
  • RE: Cannot see modules window when debugging
    ... find any known records regarding "Modules" window disappear filed. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ...
    (microsoft.public.vsnet.debugging)