Sharing objects with local system account ?
Posted on 2000-04-11
SDK: IIS 4.0 & 5.0 & BCB 4.0
During the global.asa processing (Application_OnStart), i
create a shared memory via a COM object. At this time of processing,
the token is the iis local system account. The trouble is i
cannot open the same shared memory through another application.
The "service api" help file (because iis is a service) says the
local system account limits the object sharing, because of DACL.
Help api says
The LocalSystem Account ..... has several implications:
The service cannot share objects (pipes, file mapping, synchronization,
and so on) with other applications, unless it creates them using either
a DACL which allows a user or group of users access to the object or a
NULL DACL, which allows everyone access to the object. Note that
specifying a NULL DACL is not the same as specifying NULL. If you specify
NULL in the lpSecurityDescriptor member of the SECURITY_ATTRIBUTES structure,
access to the object is granted only to processes with the same security
context as the process that created the object. For information on specifying
a NULL DACL in the security descriptor field, see Allowing Access Using the
I saw the code in section "Allowing Access Using the Low-Level Functions".
But, i DO NOT KNOW nothing about security, dacl and so on. All i know is
i must create an object (file, mutex...) with a NON NULL security descriptor.
Could you give me some pieces of code to create a NULL DACL for
- File Mapping
Thank you very much