Can't set a DACL on a folder that was NULLed.



A misconfigured setup program created some folders with a NULL DACL (Using
SetSecurityInfo()).

Now, I need to fix the problems this is causing... However, every time I try
to open the folder for DACL writing...
HANDLE hDir = CreateFile(pszDirectory, READ_CONTROL|WRITE_DACL,0,
NULL,FILE_BACKUP_SEMANTICS,NULL);
This call fails with @err =5: Access Denied.

Ive tried making the call from the (standard user) account that owns the
folder, and from and elevated Administrator account, and always error 5
trying to open the folder.

Strangely, the Vista explorer's property sheet can open and show the (lack)
of security info just fine, and even lets me add users and rights back - all
without prompting for elevation. The same standard user account is being
used to explore with explorer as Im using to call CreateFile.

Is there any way out of this pit ive made for myself? While I *could* tell
the effected users just to use explorer to manipulate and delete various
folders, Id really prefer to get a code solution working. The utter lack of
an ability to get a file handle to the folder is styiming me.




.