61 questions
0
votes
1
answer
346
views
Why can a user with WRITE_DAC permission not write a service DAC?
I have written a short demonstration program below. It does the following:
It updates the DACL on a service to give a user full access to the service (including WRITE_DAC).
Logs on as the user and ...
- 38
4
votes
1
answer
344
views
How to sort SDDL DACL aces in canonical order?
Based on this I use library https://github.com/Tirasa/ADSDDL for manipulating SDDL
implementation("net.tirasa:adsddl:1.9")
To enable flag user cannot change password I use following code ...
- 36.9k
0
votes
1
answer
131
views
How are NULL DACL and empty DACL treated?
I don't find any information about how are the special case NULL DACL and empty DACL treated in Windows.
I understand what they are but don't know how they are treated..
user18892031
0
votes
1
answer
514
views
C# WINAPI - Create a new DACL
I am trying to launch a process in a context of a user that I log on using LogonUserExW.
In order to do that, I need to modify DACL of Winstation "Winsta0" and Desktop "Default".
...
- 23
0
votes
0
answers
234
views
Question about DACL inheritance in multilevel directory structure
I have a directory structure like this:
dir1 -> dir2 -> dir3 -> dir4
dir2 is inside directory dir1, dir3 is inside directory dir2 etc.
'dir1' has its own set of DACL. They are explicit. ...
- 184
1
vote
0
answers
58
views
how to verify if the group is sucessfully added for a folder in python
I am using below to add a group name in security tab for a folder through and its getting added. However in python how I can verify if the group is added successfully.
dacl.AddAccessAllowedAce(...
- 337
0
votes
0
answers
761
views
Modify DACL to prevent everybody kill process without Debug Priveleges
I have some code which i have wrote. I need to modify DACL ( security descriptor) in Windows 10 to prevent kill process without Debug Privilege of user. How can i do this one? I learned at the ...
- 11
0
votes
1
answer
670
views
Making named pipe accessible only to the logon sid that starts the client process
I have the server that creates the client process and creates the named pipe. The client communicates to the server via the named pipe.
To prevent remote users or users on a different terminal ...
0
votes
1
answer
283
views
File access check on remote location
I am using a code similar to below to check the access to the folders/files. Source
bool CanAccessFolder( LPCTSTR folderName, DWORD genericAccessRights )
{
bool bRet = false;
DWORD length = 0;...
- 1,975
0
votes
0
answers
115
views
Windows Permissions code: confusing answers while fetching the ACEs
While implementing a piece code to fetch the ACE's for owner and group, I am using this code as an inspiration.
To test this code, I created a file in a folder.
In an elevated command prompt, I run ...
- 1,975
14
votes
2
answers
30k
views
What causes "The permissions on <folder> are incorrectly ordered"?
While debugging a particularly troublesome error involving SQLite and IIS, we encountered a permissions problem when accessing the App_Data properties
The permissions on App_Data are incorrectly ...
- 80.5k
0
votes
0
answers
388
views
Set access permission on an application as antivirus do
I am trying to set permission on an application as read/execute only, I can achieve this by using c++ windows SetSecurityDescriptorDacl() function.
But after that admin can change it by right ...
- 185
1
vote
3
answers
3k
views
Windows Create File Access that only allows Owner to access the file (Win32)
I'm trying to modify Windows access rights to a file in a way that only the owner (not even other Administrators) can access the file. Somewhat the equivalent of unix chmod 700 file.
I've played ...
- 427
0
votes
0
answers
42
views
What is the purpose of the ACE entry SYSTEM in a Windows DACL?
What is the purpose of the ACE entry SYSTEM, granting FULL CONTROL in a Windows DACL?
As far as I've seen it seems to always be there (is it?) but I've not found any explaination for its purpose.
- 1,151
5
votes
1
answer
440
views
Why is AccessCheck NOT applying GenericMapping to the DACL?
The AccessCheck function gets a GenericMapping parameter. What is this parameter used for? It is NOT used for the DesiredAccess parameter since MapGenericMask must be applied to DesiredAccess before.
...
- 108
1
vote
1
answer
2k
views
Why am I getting "Access denied" when I have effective read permission?
I can't read a particular file, even though as far as I can tell I have read rights on it. Here is what "Effective Access" shows:
Here is what Get-Acl is giving me.
PS ...> Get-Acl .\HelloWorld....
- 2,159
0
votes
1
answer
512
views
Creating an Access Token for a Process Specific Security Descriptor
Is it possible to create a custom Access Token to create Access Control Entries for a Discretionary Access Control List that will allow only certain processes to access a Global Mutex Object if they ...
- 185
6
votes
0
answers
469
views
Using a security descriptor's DACL to only allow certain processes/applications to access Mutex Object
I am creating a Security Descriptor for creating a mutex with CreateMutex(). It turns out that you cannot use the default descriptor that comes with the default discretionary access control list (DACL)...
- 185
1
vote
1
answer
924
views
How to turn off Named Pipe security?
I'm trying to create a named pipe between two Windows processes. The server process runs under a normal account, in a UI session. The client process runs in an unknown security context, apparently ...
- 182k
0
votes
0
answers
867
views
Giving Folder access to only LocalAccount & denying from Everyone
I have to create a folder or modify security attributes if folder already exist. I need to set permissions to folder so that only LocalAccount has full access and other user accounts should not ...
- 273
1
vote
0
answers
869
views
Read-only mode for logical disk with FAT32
How can I set in Windows 'read-only' mode for specific logical disk (like F:), which formatted by FAT32? I know about access permissions politic for removable storage in gpedit.msc, but they works for ...
1
vote
0
answers
2k
views
how to change file access in windows in python
My program processes a perticular file , if some condition is satisfied , then it has to block the access (READ n WRITE ) to that file , for all user even for the admin.
Later , when another function ...
- 25
6
votes
3
answers
4k
views
How do I create a NULL/empty DACL?
I need to grant access to everyone for a named pipe I'm creating. I understand the way to do it is to create a NULL/empty DACL and pass it to CreateNamedPipe.
How do I create a NULL DACL? I was told ...
- 80.5k
0
votes
1
answer
527
views
how to set multiple ACEs of a same trustee in an ACL of an object
I am trying to set two Entries to an object folder of a same group, with difference inheritance, (one NO_INHERITANCE for FILE_TRAVERSE, the other as SUB_CONTAINERS_AND_OBJECTS_INHERIT, for ...
1
vote
1
answer
1k
views
How does one get the DACL of a server's printer in Windows?
Context: Windows7 64bit, ActiveDirectory, Windows Server 2003
I'm trying to get the code given by Microsoft on their page GetSecurityDescriptor method of the Win32_Printer Class (Windows) to work. I'...
- 7,819