Microsoft KB Archive/194757

= HOWTO: Add an Access-Allowed ACE to a File Through Visual Basic =

Q194757

-

The information in this article applies to:


 * Microsoft Visual Basic Learning Edition for Windows, version 6.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000
 * Microsoft Visual Basic Professional Edition for Windows, version 6.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000
 * Microsoft Visual Basic Enterprise Edition for Windows, version 6.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000
 * Microsoft Visual Basic Control Creation Edition for Windows, version 5.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000
 * Microsoft Visual Basic Learning Edition for Windows, version 5.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000
 * Microsoft Visual Basic Professional Edition for Windows, version 5.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000
 * Microsoft Visual Basic Enterprise Edition for Windows, version 5.0, on platform(s):
 * the operating system: Microsoft Windows NT
 * the operating system: Microsoft Windows 2000

-

SUMMARY
The purpose of an Access-Allowed Access Control Entry (ACE) is to either permit or deny access to a specific file to a user or a group of users. This article contains a sample function that adds a new ACE to a text file each time the function is called.

MORE INFORMATION
WARNING: One or more of the following functions are discussed in this article; VarPtr, VarPtrArray, VarPtrStringArray, StrPtr, ObjPtr. These functions are not supported by Microsoft Technical Support. They are not documented in the Visual Basic documentation and are provided in this Knowledge Base article "as is." Microsoft does not guarantee that they will be available in future releases of Visual Basic.

NOTE: Access Controls Entries and Security Descriptors are very powerful,low-level objects, and should only be handled by programmers who have a thorough understanding of file security.

This sample only works on NT 4.0 or Windows 2000 machines with NTFS-formatted drives. Fat16-formatted drives do not offer the same security features.

The steps to create this example are below; the following APIs are used:

  GetComputerName GetUserName LookupAccountName InitializeSecurityDescriptor GetSecurityDescriptorDacl SetSecurityDescriptorDacl GetFileSecurity SetFileSecurity InitializeAcl GetAclInformation GetAce AddAce AddAccessAllowedAce GetLengthSid CopyMemory

Step-by-Step Example

 * 1) Create a Standard EXE project in Visual Basic. Form1 is created by default.
 * 2) Add a CommandButton to Form1.
 * 3) Paste the following code into Form1's code window:
 * 4) Add a standard module (Module1) to this project.
 * 5) In the standard module (Module1), paste the following code:
 * 6) Start NotePad, and create a new text file.
 * 7) Save the text file as "C:\Readme.Txt," and exit NotePad.
 * 8) In the Microsoft Visual Basic IDE, press the F5 key to run the project.
 * 9) Click the "Command1" button on the running form. This calls the routine that will add an ACE to the newly-created text file.
 * 10) Each time you click the "Command1" button, another ACE will be added, and the project will tell you how many ACEs there are for that file.