Microsoft KB Archive/254373

From BetaArchive Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

INFO: Inherited ACEs Are Not Propagated Through SetSecurityInfo() to Existing Child Objects

Q254373


The information in this article applies to:


  • Microsoft Win32 Application Programming Interface (API), included with:
    • Microsoft Windows 2000 Server
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional




SUMMARY

On Windows 2000, any Access Control Entries (ACEs) with inheritable AceFlags are propagated automatically to the children by the SetSecurityInfo function unless their Discretionary Access Control List (DACL) is protected. The SetSecurityInfo function may succeed, but fail to propagate any inheritable ACEs to the children.



MORE INFORMATION

The SetSecurityInfo function requires a handle to the object for which to set security information. When you obtain a handle to a folder object through the CreateFile function, the sharing mode for the folder must be specified. If the folder is opened for exclusive access, the operating system cannot obtain access to the subfolders or files. This will not allow the operating system to propagate inheritable ACEs to the children.

Additional query words:

Keywords : kbKernBase kbOSWin2000 kbDSupport kbGrpDSKernBase
Issue type : kbinfo
Technology : kbAudDeveloper kbWin32sSearch kbWin32API


Last Reviewed: November 18, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.

Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/254373&oldid=35683
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki