Solved

How can I set security  properity to a directory?

Posted on 2001-08-05
19
250 Views
Last Modified: 2013-12-03
I set security propertiy a directroy,but it shows propertiy as "all(*)(not sure)"
0
Comment
Question by:wenson
  • 9
  • 6
19 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 6353613
0
 

Author Comment

by:wenson
ID: 6354312
sorry,your anwser is not what i want .I set successfuly the security properity to a file with VC++. But I didn't correctly set the security properity to a directory.
0
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 6354348
>>I set successfuly the security properity to a file with
>>VC++.

That's actually the same...
0
 
LVL 86

Expert Comment

by:jkr
ID: 6354380
Well, IOW - the terms 'directory' and 'file' are interchangeable in this context, as - from the point of view of the API - it IS the same...
0
 

Author Comment

by:wenson
ID: 6354382
no,it works well to a file ,but didn't work well to a directory? if you have time ,we may discuss it throught email,my email is :wangah@ggw.com.cn
thanks!
0
 

Author Comment

by:wenson
ID: 6354390
you are right.but the directroy security have two items,
one term is directory permittion,another is directory access permission.then use SetFileSecurity() only can set directroy permittion ,not diretory access permission.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6354402
Well, Cacls e.g is supposed to cope with all of that - MS ships it in the NT Resource Kit...
0
 

Author Comment

by:wenson
ID: 6354413
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:wenson
ID: 6354417
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354419
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354421
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354815
no,if I use comand cacls,it will pop up a dialog .if I set lots of directorys ,it will be too bad.so I must do it by programing.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6355693
>>no,if I use comand cacls,it will pop up a dialog

That's why I pointed you to it's SOURCE CODE at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpcacls.asp
0
 

Author Comment

by:wenson
ID: 6357793
sorry,I didn't know well System NT.if you can give me a sample that can set Directory propertiy ,I will give you
500 points.Ok?thank you!
0
 
LVL 2

Expert Comment

by:vbk_bgm
ID: 6360104
You can refer to the article Q115948.
From MSDN,

The discretionary access control list (DACL) for a directory usually differs from that of a file. When assigning security to a directory, you are often specifying both the security for the directory and the security for any contained files and directories.

A directory's ACL will normally contain at least two access control entries (ACE):



An ACE for the directory itself and any subdirectories.


An ACE for any files in the directory.


If an ACE is to apply to object in the directory (subdirectories and files), the ACE is marked as an OBJECT_INHERIT_ACE and/or a CONTAINER_INHERIT_ACE. (In this article, a container means a directory.)

For example, when you use File Manager to set the security on a directory to "Change (RWXD)(RWXD)," the directory's DACL contains the following two ACEs:

   ACE1 (applies to files in the directory)
      ACE flags:   INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE
      Access Mask: DELETE | GENERIC_READ | GENERIC_WRITE |
                   GENERIC_EXECUTE

   ACE2 (applies to the directory and subdirectories)
      ACE flags:   CONTAINER_INHERIT_ACE
      Access Mask: DELETE | FILE_GENERIC_READ | FILE_GENERIC_WRITE |
                   FILE_GENERIC_EXECUTE

To add the ACE flags mentioned above, you need to use the AddAccessAllowedAceEx function (supported on Win2K only).
For Win NT  you can use

BOOL AddAccessAllowedAceEx( PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid )
{
     if ( !AddAccessAllowedAce( pAcl, dwAceRevision, AccessMask, pSid ) )
          return FALSE;
     ACL_SIZE_INFORMATION info;
     if ( !GetAclInformation( pAcl, &info, sizeof info, AclSizeInformation ) )
          return FALSE;
     ACE_HEADER* pace = 0;
     if ( !GetAce( pAcl, info.AceCount - 1, reinterpret_cast<void**>(&pace) ) )
          return FALSE;
     pace->AceFlags = static_cast<BYTE>(AceFlags);
     return TRUE;
}

I guess you want to modify the security attributes for the subdirectories as well as the files in the directory. But the above ACE flags have no effect on the existing files/subdirectories. They are ONLY INHERITED for the newly created files/directories within your target directory.


Hope this helps!
0
 
LVL 86

Expert Comment

by:jkr
ID: 10582761
IMHO, this Q is answered. 'CACLS' does what was reqested (and much more)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now