Microsoft KB Archive/254373

From BetaArchive Wiki

INFO: Inherited ACEs Are Not Propagated Through SetSecurityInfo() to Existing Child Objects


The information in this article applies to:

  • Microsoft Win32 Application Programming Interface (API), included with:
    • Microsoft Windows 2000 Server
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional


On Windows 2000, any Access Control Entries (ACEs) with inheritable AceFlags are propagated automatically to the children by the SetSecurityInfo function unless their Discretionary Access Control List (DACL) is protected. The SetSecurityInfo function may succeed, but fail to propagate any inheritable ACEs to the children.


The SetSecurityInfo function requires a handle to the object for which to set security information. When you obtain a handle to a folder object through the CreateFile function, the sharing mode for the folder must be specified. If the folder is opened for exclusive access, the operating system cannot obtain access to the subfolders or files. This will not allow the operating system to propagate inheritable ACEs to the children.

Additional query words:

Keywords : kbKernBase kbOSWin2000 kbDSupport kbGrpDSKernBase
Issue type : kbinfo
Technology : kbAudDeveloper kbWin32sSearch kbWin32API

Last Reviewed: November 18, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.