Microsoft KB Archive/254373

{|
 * width="100%"|

INFO: Inherited ACEs Are Not Propagated Through SetSecurityInfo to Existing Child Objects

 * }

Q254373

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), included with:
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Professional

-

SUMMARY
On Windows 2000, any Access Control Entries (ACEs) with inheritable AceFlags are propagated automatically to the children by the SetSecurityInfo function unless their Discretionary Access Control List (DACL) is protected. The SetSecurityInfo function may succeed, but fail to propagate any inheritable ACEs to the children.

MORE INFORMATION
The SetSecurityInfo function requires a handle to the object for which to set security information. When you obtain a handle to a folder object through the CreateFile function, the sharing mode for the folder must be specified. If the folder is opened for exclusive access, the operating system cannot obtain access to the subfolders or files. This will not allow the operating system to propagate inheritable ACEs to the children.

Additional query words:

Keywords : kbKernBase kbOSWin2000 kbDSupport kbGrpDSKernBase

Issue type : kbinfo

Technology : kbAudDeveloper kbWin32sSearch kbWin32API