Archived Boards > Network Extenders

wntAccessGet error

<< < (2/4) > >>

In testing on my Windows 10 workstation the distinction between a directory and file has no merit.   The above simple example works equally well with either file or directory as would be expected when using only the group name. 

The problem is that you are using the fully qualified group name instead of simply using the group name as is the case in the simple example.  There is a well reported (although not acknowledged by MSFT) bug in the Win32 security API function used to lookup fully qualified names containing the APPLICATION PACKAGE AUTHORITY domain even though APPLICATION PACKAGE AUTHORITY has a well known SID.

So you have several choices; you can strip out the APPLICATION PACKAGE AUTHORITY domain from the group name before calling wntAccessGet or call wntAccessList with the flags parameter set to 0 so that the returned names do not have APPLICATION PACKAGE AUTHORITY domain prepended to them.   You may also want to consider using SIDs instead of names to identify your groups but I have not tested this to confirm that it works.

The various wntAccess*() and wntSecurity*() functions that work with ACEs in the DACL/SACL will take SID values in addition to the account name values when identifying a security principal for which an ACE is to be retrieved, removed or otherwise modified.  If the well-known SID values for these particular groups are specified, they'll work just fine.

Yes, it does work.  I prefer not to assert that something works unless I have tried it (it can otherwise be embarrassing).  In this case I took the time to test it and it works.  The two SIDs of interest are S-1-15-2-1 and S-1-15-2-2

As expected, reverse lookup works as well:

--- Code: Winbatch ---AddExtender("wwwnt34i.dll",0,"wwwnt64i.dll")

strAllPacks = wntAcctInfo( "", 'S-1-15-2-1', 2, 1)
strAllRestd = wntAcctInfo( "", 'S-1-15-2-2', 2, 1)

I felt comfortable making the assertion since the provenance of the code behind that functionality is well known to me :P


[0] Message Index

[#] Next page

[*] Previous page

Go to full version