akhin

I want to make an enumration with all SIDs or account names in the system.

How can i enumerate permissions by accounts for a specific file/folder

I want to make an output like that :


File : c:\a.dat

ACL ACCESS
-----------------------------
user1 read write

user2 read

user3 write

Thank you very much.



Re: Visual C++ General How to enum access permissions and SIDs

Sdi

Before asking other people to write your program for you, you should at least type your key words into the MSDN search engine and look at the results.





Re: Visual C++ General How to enum access permissions and SIDs

akhin

I studied msdn and got some questions to ask :

I have made some functions like GetSid GetDACL GetSACL , you give parameter
for file/folder name. Also i am getting domain name using LookUpAccountName.

When i looked at MSDN , i noticed 32-bit structure ACCESS_MASK , i am able
to get ACL objects for a specific file/folder , is there a way to get this ACCESS_MASK
structure with ACL objects

And i looked at LsaEnumerateAccountRights , it has two "out" parameters :
PLSA_UNICODE_STRING* UserRights,
PULONG CountOfRights

How can i parse data in them





Re: Visual C++ General How to enum access permissions and SIDs

Simple Samples

Look at WMI. I used it to do something similar and I spent a lot of time figuring it out. After I did that, someone wrote an article describing how to do what I had spent a lot of time figuring out. If you can find that article and use it then that will save you a lot of time.






Re: Visual C++ General How to enum access permissions and SIDs

Sdi

I agree. One huge advantage for learning your way around WMI is that you can do it with WSH and JScript, then translate the pieces you need back to C++/COM.



Re: Visual C++ General How to enum access permissions and SIDs

akhin

Do you think that is WMI efficient

I have always heard that WMI queries are slow and they are used in simple codes only. I must do it in fastest way , unfortunately i couldnt find any sample about NTFS privilieges/permissions on platform sdk.





Re: Visual C++ General How to enum access permissions and SIDs

Sdi

Define "efficient". Are you going to be doing millions of these operations What does "must do it in fastest way" really mean People regularly think that "faster must be better" without considering that the difference between 3 microseconds and 30 microseconds is meaningless unless the action is performed at least a hundred thousand times. Look at the sample code for Finding the Owner of a File Object in C++, then write the same capability in JScript for WMI; you'll find that there's maybe 1/20th as much code. And this is a simple operation: a file has only 1 owner; for what you want, you have to parse all the ACLs on the file and map each one to a user ID and a permission.