Asp Forum - Geting Security Permisions for a folder - microsoft.public.vb.general.discussion

Leo

3/9/2011 10:06:00 AM

I am looking to get the permisions for a specified user for a folder
either on the network or local HDD. Is
http://msdn.microsoft.com/en-us/librar...(v=VS.85).aspx the
right place to start looking, or will I need to look up APIs for geting
SIDs as well as File System APIs?

--
ClassicVB Users Regroup! comp.lang.basic.visual.misc
Free usenet access at http://www.eternal-sep...

4 Answers

mm

3/9/2011 11:08:00 AM

El 09/03/2011 07:05 a.m., Leo escribió:
> I am looking to get the permisions for a specified user for a folder
> either on the network or local HDD. Is
> http://msdn.microsoft.com/en-us/librar...(v=VS.85).aspx the right
> place to start looking, or will I need to look up APIs for geting SIDs
> as well as File System APIs?

http://groups.google.com/group/microsoft.public.vb.general.discussion/msg/9d2eb299d317...

(nobody)

3/9/2011 11:18:00 AM

"Leo" <ttdhead@gmail.com> wrote in message
news:il7jda$jo5$1@news.eternal-september.org...
>I am looking to get the permisions for a specified user for a folder either
>on the network or local HDD. Is
>http://msdn.microsoft.com/en-us/librar...(v=VS.85).aspx the right
>place to start looking, or will I need to look up APIs for geting SIDs as
>well as File System APIs?

What's the reason that you are trying to get the permissions, just in case
there is different way? And is this for the user running your program, or
any user?

You can use GetFileSecurity/GetEffectiveRightsFromAcl for users other than
the logged on user, however, it has limitations. See this article for
details:

INFO Limitations of the GetEffectiveRightsFromAcl API
http://support.microsoft.com...

A more reliable approach if you want to see if your program can access
certain things before actually accessing them is to use AccessCheck()
function, but I personally prefer to just access the file, and trap the
error. If you want the API route, these articles have declarations of some
security API functions:

How to use low-level access control APIs from Visual Basic
http://support.microsoft.com...

How To Obtain the Owner of a File on Windows NT
http://support.microsoft.com...

Leo

3/9/2011 12:02:00 PM

Nobody laid this down on his screen :
> "Leo" <ttdhead@gmail.com> wrote in message
> news:il7jda$jo5$1@news.eternal-september.org...
>>I am looking to get the permisions for a specified user for a folder either
>> on the network or local HDD. Is
>> http://msdn.microsoft.com/en-us/librar...(v=VS.85).aspx the right
>> place to start looking, or will I need to look up APIs for geting SIDs as
>> well as File System APIs?
>
> What's the reason that you are trying to get the permissions, just in case
> there is different way? And is this for the user running your program, or any
> user?
>
> You can use GetFileSecurity/GetEffectiveRightsFromAcl for users other than
> the logged on user, however, it has limitations. See this article for
> details:
>
> INFO Limitations of the GetEffectiveRightsFromAcl API
> http://support.microsoft.com...
>
> A more reliable approach if you want to see if your program can access
> certain things before actually accessing them is to use AccessCheck()
> function, but I personally prefer to just access the file, and trap the
> error. If you want the API route, these articles have declarations of some
> security API functions:
>
> How to use low-level access control APIs from Visual Basic
> http://support.microsoft.com...
>
> How To Obtain the Owner of a File on Windows NT
> http://support.microsoft.com...

Any User. I think I found what I want, GetNamedSecurityInfo() . I found
a link on how to use it from your links.
http://support.microsoft.com...

--
ClassicVB Users Regroup! comp.lang.basic.visual.misc
Free usenet access at http://www.eternal-sep...

Mayayana

3/9/2011 2:48:00 PM

I have a small class here:

http://www.jsware.net/jsware/vbcode....

I wrote it when I wanted my installers to be
able to remove restrictions on program folders
and Registry keys. (It is restrictions, after all,
not permissions. Just as DRM does not control
"rights" but restrictions or limitations.)

Nobody raises an interesting point that my code
doesn't address. I was looking at it from the point
of view of checking restrictions from a process used
by the current user, and checking the status for that
user, for admins, or for all users. I didn't get into
anything about dealing with remote PCs, etc. And
I never tested in lackey mode, as a normal user.
I don't know whether Mr. Lackey has authority to
discover exactly what Mr. Admin can do. (That would
be a bit like allowing the proles to peek into the
executive bathroom. It might be considered bad
for morale.)
Since my code was for use in installers I was
assuming an Admin process.

Frankly, I find the restrictions stuff to be such
a complicated mess that I sort of have to figure
it out new each time I deal with it. There are a
number of API routes that one can take. Each is
more convoluted than the last. It's hard to see
why the extreme complexity is necessary. I assume
that it just isn't.

What I came up
with seemed to be the simplest method, despite
it's still being complex. (And bizarre. One has to
look up the actual string for something like
"Administrators" rather than just use a constant.
If you want to accomodate non-English then you
can't hard-code that. It requires a whole other
set of functions to get the string!)

If you need to set permissions then also see the
second topic on the linked page:

http://www.jsware.net/jsware/vbcode....2

When working with Win7, doing general file system
operations, I discovered that my method of assigning
permissions, while fine for my installers where I have
created the folders/files/keys in question, was not
adequate for the debacle of Vista/7 restrictions.
Even as Admin of a standalone PC I didn't have the power
to remove restrictions on most of the files and folders.
After a lot of research I finally came up with the magical
incantation:
I had to request the "privilege" to apply for ownership,
then take ownership, then set permissions, then return
the "borrowed privilege". The resulting code is a convoluted
tour of absurdity -- doing my taxes probably would have
been simpler -- but it can remove all restrictions for all
Admins, from all files and folders on the system, when run
by an Admin.

| Any User. I think I found what I want, GetNamedSecurityInfo() . I found
| a link on how to use it from your links.
| http://support.microsoft.com...
|

microsoft.public.vb.general.discussion

Geting Security Permisions for a folder

Leo

mm

(nobody)

Leo

Mayayana

x Login to ForumsZone