Questions tagged [dacl]

For questions about DACLs (Discretionary Access Control List), which is one of the most popular access control list types.

It allows or denies trustees access to computer and network resources.

It identifies group permissions and determines whether to allow access a securable object or process.

If a Windows object does not have a discretionary access control list (DACL), the system allows everyone full access to it.

If an object has a DACL, the system allows only the access that is explicitly allowed by the access control entries (ACEs) in the DACL. If there are no ACEs in the DACL, the system does not allow access to anyone.

Similarly, if a DACL has ACEs that allow access to a limited set of users or groups, the system implicitly denies access to all trustees not included in the ACEs.

Read more

57 questions

votes

2 answers

What causes "The permissions on are incorrectly ordered"?

While debugging a particularly troublesome error involving SQLite and IIS, we encountered a permissions problem when accessing the App_Data properties The permissions on App_Data are incorrectly ordered, which may cause some entries to be…

windows dacl

asked Nov 27 '17 at 08:07

sashoalm

75,001
122
434
781

votes

0 answers

Using a security descriptor's DACL to only allow certain processes/applications to access Mutex Object

I am creating a Security Descriptor for creating a mutex with CreateMutex(). It turns out that you cannot use the default descriptor that comes with the default discretionary access control list (DACL) when the creating process is within a service…

c++ winapi mutex acl dacl

asked Feb 22 '16 at 20:25

Frank Palmasani

votes

1 answer

Is there a way to modify a process DACL in C#

I have legacy C++ code that changes a process DACL and am trying to use the managed code classes in .NET 3.5. I found code on the web where someone created a SetAclOnServices class that extends the NativeObjectSecurity class for services. I thought…

c# security dacl

asked Dec 15 '09 at 17:35

Marcy Black

votes

3 answers

How do I create a NULL/empty DACL?

I need to grant access to everyone for a named pipe I'm creating. I understand the way to do it is to create a NULL/empty DACL and pass it to CreateNamedPipe. How do I create a NULL DACL? I was told that it is not the same as passing a NULL pointer…

c++ security winapi dacl

asked Jan 24 '13 at 13:26

sashoalm

75,001
122
434
781

votes

2 answers

What lifetime is required of lpSecurityAttributes in CreateNamedPipe()?

How soon can I destroy the structure pointed to by lpSecurityAttributes passed to CreateNamedPipe()? Do I need a separate one for each pipe instance? The MSDN documentation for CreateNamedPipe() says: lpSecurityAttributes [in, optional] A pointer…

windows security named-pipes dacl

asked Nov 01 '11 at 10:03

Ian Goldby

5,609
1
45
81

votes

1 answer

Why is AccessCheck NOT applying GenericMapping to the DACL?

The AccessCheck function gets a GenericMapping parameter. What is this parameter used for? It is NOT used for the DesiredAccess parameter since MapGenericMask must be applied to DesiredAccess before. It is also not applied to the DACL contained in…

winapi permissions dacl

asked Nov 30 '16 at 23:29

dannyM

votes

1 answer

How to add synchronisation right in a SDDL string for CreateEvent

My Windows service creates 2 Events with CreateEvent for communication with a user app. The service and the user app are not running under the same user account. The user app opens the event and set it to signaled without error. But the event is…

windows service acl dacl

asked Sep 27 '13 at 11:17

Olivier

votes

3 answers

WiX Permissions, how do I express 'Modify' in terms of DACL flags

I'm attempting to apply custom rights to a folder as part of a WiX 3.0.4318.0 installer. In terms of the Security properties UI in explorer, I want to add Modify to the rights for BUILTIN\Users. Obviously it needs to be resilient against…

permissions wix create-directory dacl

asked Aug 19 '09 at 17:41

Ruben Bartelink

59,778
26
187
249

votes

1 answer

How can I prevent a process I spawn from spawning child processes?

My Windows XP/7 program launches a child process using the Windows API CreateProcess() function as part of its operations. I want to be able to "sandbox" the application in one but only one particular way. I do not want to let the child process…

winapi process access-control createprocess dacl

asked Jan 22 '12 at 01:49

Robert Oschler

14,153
18
94
227

votes

1 answer

Win32 API: Creating file public for current user but private for everyone else

I am testing the following code in C using Win32 API, which is intended to create a new file that is accessible for the current user but private (not accessible) for everyone else. For this this a deny all permissions for everyone SID, then for…

c++ winapi visual-c++ sid dacl

asked Oct 17 '16 at 02:34

Fernando Gonzalez Sanchez

3,315
4
32
45

votes

1 answer

Active Directory. Work with DACL

I'm trying to make my own static class to work with AD. I wrote a static method: public static void AddReadingAceForGroup(DirectoryEntry dirEntry, string groupName) { dirEntry.RefreshCache(); DirectoryEntry root = new…

c# active-directory dacl

asked Jan 31 '12 at 13:24

Jonik

1,208
2
12
20

votes

0 answers

How to modify ACL of an object from kernel mode in Windows OS?

Is there a way to add an ACE to the DACL of a file/directory from kernel mode in windows? I'm found a reference about ZwQuerySecurityObject/ZwSetSecurityObject routines, but it is not defined in WINDDK headers. I would appreciate any information of…

windows acl kernel-mode dacl

asked Jan 24 '12 at 08:07

Feo

votes

1 answer

Is there a tool to view named pipe security DACL?

I tried using pipeacl and process explorer from sysinternals. pipeacl gave me an error, and sysinternals does not seem to support security for named pipes.

windows named-pipes dacl

asked Mar 24 '11 at 21:16

Alex

votes

2 answers

Am I using SetNamedSecurityInfo incorrectly? The ACL of my file doesn't seem to be being modified properly

I'm trying to enable and disable certain access privileges on a file. I figured out that to do this, you have to mess with DACLs. I'm using the following code to modify the file's DACL: void set_DACL_for_object(const char *object, SE_OBJECT_TYPE…

security permissions file-permissions dacl

asked Jul 08 '09 at 01:44

ZZZzzz

votes

1 answer

In CreateFile() what is the quickest way to assign Read-Only permissions to the standard user Everybody. And no permissions to anyone else

In Windows, I have an application that needs to set the access control to the user/group 'Everybody' only. And sets permissions to Read-Only. Under Linux a Simple open() call with octal 004 permissions is sufficient. On Windows, how do I accomplish…

winapi acl ntfs dacl

asked Sep 22 '11 at 01:55

unixman83

9,421
10
68
102

2 3 4 Next