Can't set a DACL on a folder that was NULLed.



A misconfigured setup program created some folders with a NULL DACL (Using
SetSecurityInfo()).

Now, I need to fix the problems this is causing... However, every time I try
to open the folder for DACL writing...
HANDLE hDir = CreateFile(pszDirectory, READ_CONTROL|WRITE_DACL,0,
NULL,FILE_BACKUP_SEMANTICS,NULL);
This call fails with @err =5: Access Denied.

Ive tried making the call from the (standard user) account that owns the
folder, and from and elevated Administrator account, and always error 5
trying to open the folder.

Strangely, the Vista explorer's property sheet can open and show the (lack)
of security info just fine, and even lets me add users and rights back - all
without prompting for elevation. The same standard user account is being
used to explore with explorer as Im using to call CreateFile.

Is there any way out of this pit ive made for myself? While I *could* tell
the effected users just to use explorer to manipulate and delete various
folders, Id really prefer to get a code solution working. The utter lack of
an ability to get a file handle to the folder is styiming me.




.



Relevant Pages

  • Re: Cant set a DACL on a folder that was NULLed.
    ... I assume you are running it under the owner's account. ... I would check your parameters using a folder that is not affected to make ... try to open the folder for DACL writing... ... Ive tried making the call from the (standard user) account that owns the ...
    (microsoft.public.platformsdk.security)
  • Re: Cant set a DACL on a folder that was NULLed.
    ... So NULL DACL is no security at all, ... the linked MSDN article clearly implies the owner ... should be able to open the folder with WRITE_DACL and READ_CONTROL - I ... I assume you are running it under the owner's account. ...
    (microsoft.public.platformsdk.security)
  • Re: Cant set a DACL on a folder that was NULLed.
    ... If it's a NULL DACL, the only access is READ_CONTROL|WRITE_DACL for the ... I assume you are running it under the owner's account. ... listed as the items owner, I am unable to open a handle to the directory. ... removed the DACL from the folder:P ...
    (microsoft.public.platformsdk.security)
  • Re: Unprivatize files???
    ... When I added a p/w to one of my admin accounts, ... asked if I wanted to make its files private-and I answered ... Now my standard user is having issues running ... undo "Make this folder private" option" ...
    (microsoft.public.windowsxp.basics)
  • Re: Trouble with permisions
    ... I was trying to remove the standard user from having permission ... "Include inheritable permissions. ... box when error warnings came up. ... folders under this folder. ...
    (microsoft.public.windows.vista.networking_sharing)