Re: API to change "Allow inheritable permissions...
From: Nick Finco [MSFT] (nfinco_at_online.microsoft.com)
Date: 07/01/03
- Next message: Jake: "Lost password"
- Previous message: Hindy: "Forcing authentication with a specific DC"
- In reply to: Tim Bedford: "API to change "Allow inheritable permissions..."
- Next in thread: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Reply: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Reply: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Reply: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Jul 2003 11:09:44 -0700
Use GetNamedSecurityInfo to grab the DACL or SACL of the object. Then use
GetAce to retrieve each ACE until you find the one you are trying to modify.
Once you have found the ACE, type-cast it to a ACE_HEADER (you most likely
already did this to determine the ACE type). Then modify the AceFlags field
to include the correct flag. Pass the security descriptor you retrieved
into SetNamedSecurityInfo to set the modified ACL onto the object.
You could also pass the security descriptor returned from
GetNamedSecurityInfo into ConvertSecurityDescriptorToSecurityDescriptor,
modify the SDDL string to reflect the new flags, convert the string back
into a security descriptor
(ConvertSecurityDescriptorToStringSecurityDescriptor), and use
SetNamedSecurityInfo like above.
N
-- This posting is provided "AS IS" with no warranties, and confers no rights. Any included code samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Tim Bedford" <tim.bedford@ttplabtech.com> wrote in message news:uckEQj#PDHA.3020@TK2MSFTNGP10.phx.gbl... > Hi, > Windows 2000: Under the Security tab in the right-click, file/dir properties > dialog thing there's a checkbox to "Allow inheritable permissions from > parent to propagate to this object". > > How do you do this programmatically? I've tried using the flags in the > AddAccessAllowedAceEx call on the object in question and its parent object > but can't get it to work. > > Sorry if this questions been asked a thousand times already. > thanks for any help, > > Tim > > > >
- Next message: Jake: "Lost password"
- Previous message: Hindy: "Forcing authentication with a specific DC"
- In reply to: Tim Bedford: "API to change "Allow inheritable permissions..."
- Next in thread: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Reply: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Reply: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Reply: Tim Bedford: "Re: API to change "Allow inheritable permissions..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
