Re: Localized Group Names or ids?
- From: "Chris Becke" <chris.becke@xxxxxxxxx>
- Date: Thu, 28 Feb 2008 09:23:51 +0200
Thanks a lot.
Is there a correspondingly easy way to generate the ACL a folder *should*
have? Or is the "best" way to CreateDirectory passing NULL for the
SECURITY_DESCRIPTOR*, and then modify the ACL of the created directory?
I mean, lots of code samples just generate a ACL containing full access for
everyone, or full access to Admins and read access for everyone... or
something similar.
However, browsing my PC I see folders with vastly more entries on the ACL.
Im worried that creating an ACL from scratch I might lock out some important
service functionality.
"Kalle Olavi Niemitalo" <kon@xxxxxx> wrote in message
news:874pbuiwtq.fsf@xxxxxxxxxxxxxxxxxxxx
"Chris Becke" <chris.becke@xxxxxxxxx> writes:
I then create an EXPLICIT_ACCESS struct and set the Trustee.pstrName =
TEXT("Users"); which I try to add back to the ACL using SetEntriesInAcl.
This call fails on non english systems. Not unexpectedly.
On Windows XP, you can use CreateWellKnownSid with WinBuiltinUsersSid,
then BuildTrusteeWithSid.
Windows 2000 does not support CreateWellKnownSid though.
So you should instead use AllocateAndInitializeSid.
IIRC, the parameters are SECURITY_NT_AUTHORITY,
SECURITY_BUILTIN_DOMAIN_RID, and DOMAIN_ALIAS_RID_USERS.
.
- References:
- Localized Group Names or ids?
- From: Chris Becke
- Re: Localized Group Names or ids?
- From: Kalle Olavi Niemitalo
- Localized Group Names or ids?
- Prev by Date: Re: HowTo Purge Windows (Server 2003) logon session
- Next by Date: RE: HowTo Purge Windows (Server 2003) logon session
- Previous by thread: Re: Localized Group Names or ids?
- Next by thread: Crypto APIs: Some problems
- Index(es):
Relevant Pages
|
