Click here to Skip to main content
12,897,431 members (50,729 online)
Click here to Skip to main content
Add your own
alternative version


36 bookmarked
Posted 3 Apr 2003

CNTFS - A simple lib for managing NTFS permissions and audit settings.

, 22 Oct 2003
Rate this:
Please Sign up or sign in to vote.
CNTFS is a simple lib for setting NTFS permissions and audit settings.

Sample Image - ACLEditor.jpg


CNTFS lib is a simple C++ wrapper for many of the Microsoft security calls such as: GetNamedSecurityInfo, GetAclInformation, AddAccessAllowedAceEx and many others. CNTFS is used to set NTFS permissions and audit settings on files and folders. It's a programmatic alternative to using utilities such as xcacls.exe.


The following methods are supported in the lib:

int DeleteDACL(CString & I_objPath, BOOL I_removeInheritance)

int DeleteSACL(CString & I_objPath, BOOL I_removeInheritance)

int RemoveInheritance(CString & I_objPath)

int TakeOwnership(CString & I_objPath, CString & I_newOwner)

int AddACEToDACL(CString & I_objPath, 
                 CString & I_securityPrincipal, 
                 DWORD I_objPermission)

int AddACEToSACL(CString & I_objPath, 
                 CString & I_securityPrincipal, 
                 DWORD I_objPermission,
                 BOOL I_auditSuccess,
                 BOOL I_auditFailure)


ACLEditor is a test application for the CNTFS lib. One of the more tricky aspects of CNTFS is the use of access mask flags. Winnt.h defines access mask flags that can be OR'd together. For example, the Modify permission consists of: FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE | DELETE. Among other things, ACLEditor demonstrates the use of access masks in setting NTFS permissions.


Be sure to have the Microsoft Platform SDK in c:\program files\Microsoft SDK. The project settings will reference the include files directory. I've run the lib through Rational Purify so all the mem leaks should be gone.

Any comments or suggestions are welcome.


Version History

  • Version 1.1 - (Oct 23, 2003) Added support for modifying DACLs and SACLs on registry keys. Consolidated RemoveDACLInheritance and RemoveSACLInheritance into RemoveInheritance method by adding aclType enum.
  • Version 1.0 - (Apr 4, 2003) Initial Release.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Kevin Hilscher
Web Developer
Canada Canada
No Biography provided

You may also be interested in...

Comments and Discussions

GeneralPerfect Pin
Steve Schaneville21-Oct-03 7:22
memberSteve Schaneville21-Oct-03 7:22 
Hey, this really saved me tons of time, as understanding the DACL structures is a pain in the neck. Thanks for your contribution.

BTW, I think you've gotten WAY too much slack about the Platform SDK thing. CLEARLY if a developer doesn't have the correct SDK to compile a project, it is THEIR job to update to the correct version, not your job to give them all the new #defines that are in it, especially since you specified that they would need to upgrade to compile the project! Anyway, thanks again for your great code.

GeneralRe: Perfect Pin
Alex Evans28-Oct-04 23:43
memberAlex Evans28-Oct-04 23:43 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.170424.1 | Last Updated 23 Oct 2003
Article Copyright 2003 by Kevin Hilscher
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid