Click here to Skip to main content
15,868,164 members
Articles / Desktop Programming / MFC
Article

Modifying the owner of an NT security descriptor

Rate me:
Please Sign up or sign in to vote.
5.00/5 (2 votes)
15 Oct 2002Ms-PL1 min read 47.6K   1.2K   13   3
Helper class to set the owner of an NT security descriptor

Introduction

Time ago I wrote this pretty straightforward helper class to set the owner of an NT security descriptor. While there is a sample on the MSDN which allows setting the owner to Administrator, it fails when it comes to setting the owner to any other user. I've wrapped a working function in a simple class called CSecOwner. It supports setting the owner on a file/directory.

I am not giving a introduction into NT security or SD's, ACL's nor any other Windows security specific topics. This is way out of the scope. Just dig into MSDN and look for security.

Usage

CSecOwner exposes two functions:

BOOL CSecOwner::SetFileOwner(LPSTR UserName, LPSTR pFileName);
BOOL CSecOwner::SetFileOwnerSID(LPBYTE UserSID, LPSTR pFileName);
The first is used when you have a qualified username and a filename, the second when you already have a valid SID and the filename. Both functions return TRUE on success and will pop up a messagebox in case of an error.

Be aware that you need certain privileges to successfully change the owner of a SD. While the class itself tries to enable the SE_RESTORE_NAME privilege, it will fail if you are not administrator or at least backup operator. The class does not replace the ACL but modifies it.

Demoproject

The included demo project allows selecting a file from a explorer like tree and sets the owner to any user of the current domain. The demo project uses the CDirTreeCtl class from Nicola Delfino.

Compatibility

CSecOwner is not unicode enabled. It is written and tested with VC6, but will compile under VC7 too. The sample uses MFC. And, NO, it does NOT run under Win9x/ME. This is strictly NT/W2k/XP (XP with simple file sharing disabled).

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


Written By
Software Developer (Senior)
Portugal Portugal
Software Smith, Blacksmith, Repeat Founder, Austrian, Asgardian.

Comments and Discussions

 
GeneralReplace Owner Subfolders Pin
Usman Jamil7-Jul-09 22:29
Usman Jamil7-Jul-09 22:29 
Generalthank you for this solution, it's great Pin
geniushk22-May-09 1:17
geniushk22-May-09 1:17 
GeneralThanks for posting this solution Pin
lbeck377-Jun-07 5:20
lbeck377-Jun-07 5:20 
I've spent the last couple of days trying to use C++ to set directory security and had not had much success until I found this example. Since I've been able to successfully compile the project (actually became a Solution in Visual Studio 8) and change the owner of a file, I think I can leverage the example to add a user with permissions to adirectory (looks like I go through the same procedures). I had been trying to use an MSDN example, "Creating a Security Descriptor for a New Object in C++", and it wasn't quite working. It might have been that it was doing a Security Descriptor for a Regiatry Entry or maybe it wasn't code that actually worked, but it didn't work for me. I appreciated the example here for being complete to point of being able to produce a working executable. I did have problem with program not populating the username list with names from my domain (maybe because the domain is a corporate domain and huge?) but I hardcoded a name into the code and it worked and I was able to single step through and see exactly the syntax for variables and parameters, which I think may have been my problem before. Once again, thanks for posting this! I didn't see how long ago this was posted, but eventually it did help someone out!

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.