setting a files permission (programatically) to be Administrators group
Posted on 1998-08-10
How does one set a file's security permission to be 'Administrators' group - programatically?
All this is for NT server.
To do this from the desktop - right click a file in explorer, choose properties from the popup, in the resulting dialog box choose the second tab called 'security' and then choose 'permissions'. That allows you to set security permissions on the said file to any user or group.
Now I have done this - set a files permissions to a certain user account Programatically. How?
1. Use 'LookupAccountName' to get a users SID.
2. Use 'AddAccessAllowedAce' to associate a ACL to that SID
3. Use 'SetNamedSecurityInfo' to associate that ACL to a file object.
I will like to do the same for a group like 'Administrators'
'LookupAccountName' does not work for Group names!!
Here is what i have tried- used 'AllocateAndInitializeSid' to create a new SID for a group and then associate it with a file object using 'SetNamedSecurityInfo'. No luck!!
If some has some info on this I will appriciate it.