Solved

How can I set security  properity to a directory?

Posted on 2001-08-05
19
257 Views
Last Modified: 2013-12-03
I set security propertiy a directroy,but it shows propertiy as "all(*)(not sure)"
0
Comment
Question by:wenson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
19 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 6353613
0
 

Author Comment

by:wenson
ID: 6354312
sorry,your anwser is not what i want .I set successfuly the security properity to a file with VC++. But I didn't correctly set the security properity to a directory.
0
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 6354348
>>I set successfuly the security properity to a file with
>>VC++.

That's actually the same...
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 86

Expert Comment

by:jkr
ID: 6354380
Well, IOW - the terms 'directory' and 'file' are interchangeable in this context, as - from the point of view of the API - it IS the same...
0
 

Author Comment

by:wenson
ID: 6354382
no,it works well to a file ,but didn't work well to a directory? if you have time ,we may discuss it throught email,my email is :wangah@ggw.com.cn
thanks!
0
 

Author Comment

by:wenson
ID: 6354390
you are right.but the directroy security have two items,
one term is directory permittion,another is directory access permission.then use SetFileSecurity() only can set directroy permittion ,not diretory access permission.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6354402
Well, Cacls e.g is supposed to cope with all of that - MS ships it in the NT Resource Kit...
0
 

Author Comment

by:wenson
ID: 6354413
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354417
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354419
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354421
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 

Author Comment

by:wenson
ID: 6354815
no,if I use comand cacls,it will pop up a dialog .if I set lots of directorys ,it will be too bad.so I must do it by programing.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6355693
>>no,if I use comand cacls,it will pop up a dialog

That's why I pointed you to it's SOURCE CODE at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpcacls.asp 
0
 

Author Comment

by:wenson
ID: 6357793
sorry,I didn't know well System NT.if you can give me a sample that can set Directory propertiy ,I will give you
500 points.Ok?thank you!
0
 
LVL 2

Expert Comment

by:vbk_bgm
ID: 6360104
You can refer to the article Q115948.
From MSDN,

The discretionary access control list (DACL) for a directory usually differs from that of a file. When assigning security to a directory, you are often specifying both the security for the directory and the security for any contained files and directories.

A directory's ACL will normally contain at least two access control entries (ACE):



An ACE for the directory itself and any subdirectories.


An ACE for any files in the directory.


If an ACE is to apply to object in the directory (subdirectories and files), the ACE is marked as an OBJECT_INHERIT_ACE and/or a CONTAINER_INHERIT_ACE. (In this article, a container means a directory.)

For example, when you use File Manager to set the security on a directory to "Change (RWXD)(RWXD)," the directory's DACL contains the following two ACEs:

   ACE1 (applies to files in the directory)
      ACE flags:   INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE
      Access Mask: DELETE | GENERIC_READ | GENERIC_WRITE |
                   GENERIC_EXECUTE

   ACE2 (applies to the directory and subdirectories)
      ACE flags:   CONTAINER_INHERIT_ACE
      Access Mask: DELETE | FILE_GENERIC_READ | FILE_GENERIC_WRITE |
                   FILE_GENERIC_EXECUTE

To add the ACE flags mentioned above, you need to use the AddAccessAllowedAceEx function (supported on Win2K only).
For Win NT  you can use

BOOL AddAccessAllowedAceEx( PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid )
{
     if ( !AddAccessAllowedAce( pAcl, dwAceRevision, AccessMask, pSid ) )
          return FALSE;
     ACL_SIZE_INFORMATION info;
     if ( !GetAclInformation( pAcl, &info, sizeof info, AclSizeInformation ) )
          return FALSE;
     ACE_HEADER* pace = 0;
     if ( !GetAce( pAcl, info.AceCount - 1, reinterpret_cast<void**>(&pace) ) )
          return FALSE;
     pace->AceFlags = static_cast<BYTE>(AceFlags);
     return TRUE;
}

I guess you want to modify the security attributes for the subdirectories as well as the files in the directory. But the above ACE flags have no effect on the existing files/subdirectories. They are ONLY INHERITED for the newly created files/directories within your target directory.


Hope this helps!
0
 
LVL 86

Expert Comment

by:jkr
ID: 10582761
IMHO, this Q is answered. 'CACLS' does what was reqested (and much more)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to have excel show file name on the title bar 4 67
Query performance - SQL Server 20 85
Windows 10 Scheduled Tasks 11 111
Shared files and folders migration 2 66
What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question