Weird problem with DACL and memory mapped file on Vista.



I am running into a strange problem with access denied errors and
MapViewOfFile on Vista that I dont understand.

Here is what I did

- created a named memory mapped file in a system service : using the \
\Global prefix with the createFileMapping API and a security
descriptor created with SDDL

L"D:(A;OICI;GRGWRCWDWOSDFRFW;;;AU) < other ACEs for
system , admins etc.>
L"S:(ML;;;;;LW)" // low integrity level

- It appears from my experiments with various access right
specifications for the "AU" SID
that if I do not specify the WD (Write DACL) and WO (Write Owner)
access rights the MapViewOfFileFile API call fails with access denied
(Error 5), although the OpenFileMapping has succeeded. This occurs in
a program run by an Admin user without elevated privileges. Running
with elevated privileges from this same Admin user account succeeds

I am at a loss to understand why I need to grant the Write DACL, and
Write Owner access for this memory mapped file.

Seems to me that the MapViewOfFile should work without having to
specify the WD and WO rights. What have I done wrong ?

Any help will be appreciated.

Thanks
--ks

.