Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Modifying the owner of an NT security descriptor

15 Oct 2002 1  
Helper class to set the owner of an NT security descriptor

Introduction

Time ago I wrote this pretty straightforward helper class to set the owner of an NT security descriptor. While there is a sample on the MSDN which allows setting the owner to Administrator, it fails when it comes to setting the owner to any other user. I've wrapped a working function in a simple class called CSecOwner. It supports setting the owner on a file/directory.

I am not giving a introduction into NT security or SD's, ACL's nor any other Windows security specific topics. This is way out of the scope. Just dig into MSDN and look for security.

Usage

CSecOwner exposes two functions:

BOOL CSecOwner::SetFileOwner(LPSTR UserName, LPSTR pFileName);
BOOL CSecOwner::SetFileOwnerSID(LPBYTE UserSID, LPSTR pFileName);
The first is used when you have a qualified username and a filename, the second when you already have a valid SID and the filename. Both functions return TRUE on success and will pop up a messagebox in case of an error.

Be aware that you need certain privileges to successfully change the owner of a SD. While the class itself tries to enable the SE_RESTORE_NAME privilege, it will fail if you are not administrator or at least backup operator. The class does not replace the ACL but modifies it.

Demoproject

The included demo project allows selecting a file from a explorer like tree and sets the owner to any user of the current domain. The demo project uses the CDirTreeCtl class from Nicola Delfino.

Compatibility

CSecOwner is not unicode enabled. It is written and tested with VC6, but will compile under VC7 too. The sample uses MFC. And, NO, it does NOT run under Win9x/ME. This is strictly NT/W2k/XP (XP with simple file sharing disabled).

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here