Solved

setting a files permission (programatically) to be Administrators group

Posted on 1998-08-10
4
310 Views
Last Modified: 2013-12-03
How does one set a file's security permission to be 'Administrators' group - programatically?

All this is for NT server.

To do this from the desktop - right click a file in explorer, choose properties from the popup, in the resulting dialog box choose the second tab called 'security' and then choose 'permissions'. That allows you to set security permissions on the said file to any user or group.

Now I have done this - set a files permissions to a certain user account Programatically. How?
1. Use 'LookupAccountName' to get a users SID.
2. Use 'AddAccessAllowedAce' to associate a ACL to that SID
3. Use 'SetNamedSecurityInfo' to associate that ACL to a file object.

I will like to do the same for a group like 'Administrators'
'LookupAccountName' does not work for Group names!!

Here is what i have tried- used 'AllocateAndInitializeSid' to create a new SID for a group and then associate it with a file object using 'SetNamedSecurityInfo'. No luck!!

If some has some info on this I will appriciate it.

Thanks.

Robin.
0
Comment
Question by:robin_raul
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
chensu earned 50 total points
ID: 1413331
So, you are looking for the SID for 'Administrators', aren't you?

Use the well-known SIDs.

DOMAIN_USER_RID_ADMIN The administrative user account in a domain.

DOMAIN_GROUP_RID_ADMINS The domain administrator's group. This account exists only on systems running Windows NT Server, not Windows NT Workstation.

DOMAIN_ALIAS_RID_ADMINS A local group used for administration of the domain.

Look into the Platform SDK documentation about Access Control/Well-Known SIDs.
0
 

Author Comment

by:robin_raul
ID: 1413332
You do know what I am talikg about.
I did try that. See the code below. What I am trying there is
Get ADMIN group's SID using 'AllocateAndInitializeSid' (just as you said) and then attach this SID to the file name (Args[0])
And that has been failing. DO you see any thing wrong there?

Thanks for your help.

pGSID = (PSID) LocalAlloc(LPTR, cbSID);
      if (! AllocateAndInitializeSid(&SIDAuth,                  2,SECURITY_BUILTIN_DOMAIN_RID,
      DOMAIN_ALIAS_RID_ADMINS,
      0,0,0,0,0,0,
      &pGSID) ) {
      MessageBox( NULL, "Could not create SID for Admin Group",
              "ErrorMessage",
              MB_ICONERROR|MB_OK);
            }
      
            
if ( !(ERROR_SUCCESS == SetNamedSecurityInfo  (
                           pArgs[0],                                          SE_FILE_OBJECT,                                          GROUP_SECURITY_INFORMATION,
                  NULL,                                                pGSID,
                  NULL,
                  NULL)) )
      {
            MessageBox( NULL, "Could not set the permissions!!", "Error Message" , MB_ICONERROR|MB_OK );
            return FALSE;
      }
0
 
LVL 23

Expert Comment

by:chensu
ID: 1413333
Did you initialize the SDIAuth structure properly?

You don't need to allocate memory for pSid. The AllocateAndInitializeSid function allocates the memory for you and passes the pointer to pGSID. Use the FreeSid function to free it.

I don't know exactly what is wrong. There may be some useful information at
http://www.mvps.org/win32/security/index.html
0
 

Author Comment

by:robin_raul
ID: 1413334
Yes I did. I had this line in my code

SID_IDENTIFIER_AUTORITY SIDAuth = SECURITYZ_NT_AUTHORITY;

I got all the details from a sample app at MS

premium.microsoft.com/msdn/library/sdkdoc/winbase/accctrl_138u.htm

Wht did work finally is what I had tried first thing, use 'LookupAccountName'. When I tried first I was on my NT workstation. When used that on the server it worked! So original approach, just instead of giving accountname give it a groupname.

NT5 has 'SetNamedSecurityInfoEx' which does exactly the same thing on one call.

Thanks for all the help.

Robin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Event ID 10010 3 61
Winform not working on 64 bit machine 31 100
Problem to packaging 1 91
Problem to file 3 75
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question