Solved

How can I set security  properity to a directory?

Posted on 2001-08-05
19
251 Views
Last Modified: 2013-12-03
I set security propertiy a directroy,but it shows propertiy as "all(*)(not sure)"
0
Comment
Question by:wenson
  • 9
  • 6
19 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 6353613
0
 

Author Comment

by:wenson
ID: 6354312
sorry,your anwser is not what i want .I set successfuly the security properity to a file with VC++. But I didn't correctly set the security properity to a directory.
0
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 6354348
>>I set successfuly the security properity to a file with
>>VC++.

That's actually the same...
0
 
LVL 86

Expert Comment

by:jkr
ID: 6354380
Well, IOW - the terms 'directory' and 'file' are interchangeable in this context, as - from the point of view of the API - it IS the same...
0
 

Author Comment

by:wenson
ID: 6354382
no,it works well to a file ,but didn't work well to a directory? if you have time ,we may discuss it throught email,my email is :wangah@ggw.com.cn
thanks!
0
 

Author Comment

by:wenson
ID: 6354390
you are right.but the directroy security have two items,
one term is directory permittion,another is directory access permission.then use SetFileSecurity() only can set directroy permittion ,not diretory access permission.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6354402
Well, Cacls e.g is supposed to cope with all of that - MS ships it in the NT Resource Kit...
0
 

Author Comment

by:wenson
ID: 6354413
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:wenson
ID: 6354417
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354419
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354421
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354815
no,if I use comand cacls,it will pop up a dialog .if I set lots of directorys ,it will be too bad.so I must do it by programing.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6355693
>>no,if I use comand cacls,it will pop up a dialog

That's why I pointed you to it's SOURCE CODE at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpcacls.asp 
0
 

Author Comment

by:wenson
ID: 6357793
sorry,I didn't know well System NT.if you can give me a sample that can set Directory propertiy ,I will give you
500 points.Ok?thank you!
0
 
LVL 2

Expert Comment

by:vbk_bgm
ID: 6360104
You can refer to the article Q115948.
From MSDN,

The discretionary access control list (DACL) for a directory usually differs from that of a file. When assigning security to a directory, you are often specifying both the security for the directory and the security for any contained files and directories.

A directory's ACL will normally contain at least two access control entries (ACE):



An ACE for the directory itself and any subdirectories.


An ACE for any files in the directory.


If an ACE is to apply to object in the directory (subdirectories and files), the ACE is marked as an OBJECT_INHERIT_ACE and/or a CONTAINER_INHERIT_ACE. (In this article, a container means a directory.)

For example, when you use File Manager to set the security on a directory to "Change (RWXD)(RWXD)," the directory's DACL contains the following two ACEs:

   ACE1 (applies to files in the directory)
      ACE flags:   INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE
      Access Mask: DELETE | GENERIC_READ | GENERIC_WRITE |
                   GENERIC_EXECUTE

   ACE2 (applies to the directory and subdirectories)
      ACE flags:   CONTAINER_INHERIT_ACE
      Access Mask: DELETE | FILE_GENERIC_READ | FILE_GENERIC_WRITE |
                   FILE_GENERIC_EXECUTE

To add the ACE flags mentioned above, you need to use the AddAccessAllowedAceEx function (supported on Win2K only).
For Win NT  you can use

BOOL AddAccessAllowedAceEx( PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid )
{
     if ( !AddAccessAllowedAce( pAcl, dwAceRevision, AccessMask, pSid ) )
          return FALSE;
     ACL_SIZE_INFORMATION info;
     if ( !GetAclInformation( pAcl, &info, sizeof info, AclSizeInformation ) )
          return FALSE;
     ACE_HEADER* pace = 0;
     if ( !GetAce( pAcl, info.AceCount - 1, reinterpret_cast<void**>(&pace) ) )
          return FALSE;
     pace->AceFlags = static_cast<BYTE>(AceFlags);
     return TRUE;
}

I guess you want to modify the security attributes for the subdirectories as well as the files in the directory. But the above ACE flags have no effect on the existing files/subdirectories. They are ONLY INHERITED for the newly created files/directories within your target directory.


Hope this helps!
0
 
LVL 86

Expert Comment

by:jkr
ID: 10582761
IMHO, this Q is answered. 'CACLS' does what was reqested (and much more)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now