Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (27)

CNTFS - A simple lib for managing NTFS permissions and audit settings.

By , 22 Oct 2003
 

Sample Image - ACLEditor.jpg

Introduction

CNTFS lib is a simple C++ wrapper for many of the Microsoft security calls such as: GetNamedSecurityInfo, GetAclInformation, AddAccessAllowedAceEx and many others. CNTFS is used to set NTFS permissions and audit settings on files and folders. It's a programmatic alternative to using utilities such as xcacls.exe.

Interface

The following methods are supported in the lib: 

int DeleteDACL(CString & I_objPath, BOOL I_removeInheritance)

int DeleteSACL(CString & I_objPath, BOOL I_removeInheritance)

int RemoveInheritance(CString & I_objPath)

int TakeOwnership(CString & I_objPath, CString & I_newOwner)

int AddACEToDACL(CString & I_objPath, 
                 CString & I_securityPrincipal, 
                 DWORD I_objPermission)

int AddACEToSACL(CString & I_objPath, 
                 CString & I_securityPrincipal, 
                 DWORD I_objPermission,
                 BOOL I_auditSuccess,
                 BOOL I_auditFailure)

ACLEditor

ACLEditor is a test application for the CNTFS lib. One of the more tricky aspects of CNTFS is the use of access mask flags. Winnt.h defines access mask flags that can be OR'd together. For example, the Modify permission consists of: FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE | DELETE. Among other things, ACLEditor demonstrates the use of access masks in setting NTFS permissions.

Building

Be sure to have the Microsoft Platform SDK in c:\program files\Microsoft SDK. The project settings will reference the include files directory. I've run the lib through Rational Purify so all the mem leaks should be gone.

Any comments or suggestions are welcome.

Enjoy!

Version History

  • Version 1.1 - (Oct 23, 2003) Added support for modifying DACLs and SACLs on registry keys. Consolidated RemoveDACLInheritance and RemoveSACLInheritance into RemoveInheritance method by adding aclType enum.
  • Version 1.0 - (Apr 4, 2003) Initial Release.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

 Kevin Hilscher
Web Developer
Canada Canada
Member
No Biography provided

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First PrevNext
BugDoes not work on Windows 7memberrhythm16 May '12 - 7:37 
AddACEToDACL() function does not work on Windows 7.
Can't add ACE.
Sign In·View Thread·Permalink
GeneralBug in ResolveSIDmemberbrianbacon15 Jan '11 - 6:26 
Thank you for posting this article, I found it very helpful.
 
int CNTFS::ResolveSID(CString & I_securityPrincipal, PSID O_pSID, BOOL O_isUser)
 
Should be
 
BOOL& O_isUser
 
?
Sign In·View Thread·Permalink
Generalsome wrong on 2t disk simulatormembernhchmg15 Dec '10 - 22:54 
I test on 2T Disk,a tool, 2T Disk Simulator,it simulate a 2TB disk,1024,2048,4096 bytes/secotr,this app can not work.I found this tool on http://www.2tdisk.com
Sign In·View Thread·Permalink
GeneralMy vote of 4 :)memberKushagra Tiwari3 Nov '09 - 22:57 
You did a gr8 job with code but some things were missing as explaination ..
 
Kushagra Smile | :)
Sign In·View Thread·Permalink
QuestionDelete accountmemberJack6910487121 Oct '08 - 2:53 
Hi, I have a problem, if i press delete DACL, then program will delete all account of the file, how can I delete a appoint account with me, for example: I want to delete administrators account , but when I press delete DACL, that will delete all account with this file, so, how can I change the delete methed? Thank you!Confused | :confused:
 
BYE BYE
Sign In·View Thread·Permalink
GeneralCrash on FAT file systemmemberMember 36743904 Aug '08 - 2:07 
When trying to set the permissions on a FAT file system a null pointer is followed, leading to a crash.
It can be solved by checking the value of the DACL after GetNamedSecurityInfo();
if( pOldDACL == NULL ){
	// probably FAT file system.
	returnCode = ERROR_NOT_SUPPORTED;
}
 
see: http://msdn.microsoft.com/en-us/library/aa446648(VS.85).aspx on the bottom for more information.
Sign In·View Thread·Permalink
QuestionCNTFS Java Example ?memberbelaie_maqsood27 Apr '06 - 11:02 
Hi buddy!
 
its nice stuff!.
 
can you please provide me a Java code sameple for CNTFS for adding permission for a user on a folder, if possible?
 
tx!
 
Max.
Sign In·View Thread·Permalink
Generalhelp !! it's not working in this casesussAnonymous26 Aug '05 - 16:26 
your code is very good!!
 
but it's not working in this case
 
Enviroment : Windows XP Pro
 
step1. Longon / Account Name "ABC" (Account Name is Example)
Step2. Set Folder Option : Set Everyone have a one permission
Step3. Set Folder make a Private Folder
Step4. Logoff and Logon / Account Name "KKK" (Account Name is Example)
Step5. use CNTFS (Set Owner to Administrators)
Step6. Set Folder Option : Set Everyone Have a One Permission to Disable
Step7. Check Folder's Owner : it not working
 
hu!... it too hard to write English (i don't know english ... T.T;;;)
 
Please help/...
Sign In·View Thread·Permalink
QuestionWhat about NetFileEnum()memberAlex Evans28 Oct '04 - 23:40 
Hello
 
This looks good, but can this help me with NetFileEnum() - this function is only available to users that are an Administrator onthe Server - and have access to the root of the drive.
 
Any idea?
 
Thanks
Alex
alex.evans@iinet.net.au
Sign In·View Thread·Permalink
GeneralPerfectmemberSteve Schaneville21 Oct '03 - 7:22 
Hey, this really saved me tons of time, as understanding the DACL structures is a pain in the neck. Thanks for your contribution.
 
BTW, I think you've gotten WAY too much slack about the Platform SDK thing. CLEARLY if a developer doesn't have the correct SDK to compile a project, it is THEIR job to update to the correct version, not your job to give them all the new #defines that are in it, especially since you specified that they would need to upgrade to compile the project! Anyway, thanks again for your great code.
 
~Steve
Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 24 May '13 - 13:48Refresh123 Next »

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
CNTFS is a simple lib for setting NTFS permissions and audit settings.
Type Article
Licence 
First Posted 3 Apr 2003
Views 84,839
Bookmarked 33 times
Top News

Old Japanese Man Creates Amazing Art Using Excel (Wait, Excel?)

Get the Insider News free each morning.
Related Videos
MVC 3: Authorization Action Filters Part 2
MVC 3: Authorization Action Filters Part 1
An NTFS Parser Lib
Undelete a file in NTFS
Internet Configuration Manager
Auditing - A Built-in Feature of SharePoint
Re use Windows Accounts for Applications Access Control with Visual Guard .Net
NT Security Classes for .NET
Audit Trail Generator for Microsoft SQL
Query the New Windows Audit Policies Programmatically
Audits on MS SQL Server 2008
Features of the nHydrate DAL and Entity Framework generators: Part 1 - Auditing
File Server Audit
Record Versioning with SQL Server
Allow your ASP.NET to Access your Resources
Implementing Audit Trail using Entity Framework Part -1
Secure Your .NET Applications and Integrate Them with Active Directory
The Windows Access Control Model Part 1
The Windows Access Control Model Part 4
Getting the most out of Event Viewer
Implementing Audit Trail using Trigger
Implementing audit / history tracking using the Prototype pattern
Permalink | Advertise | Privacy | Mobile
Web03 | 2.6.130523.1 | Last Updated 23 Oct 2003
Article Copyright 2003 by Kevin Hilscher
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid