ÿþ<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=unicode" /> <meta http-equiv="Content-Language" content="en-us" /> <title>The Windows system security programming using the Win32 Access Control List (ACL) API</title> <meta name="keywords" content="Windows security, kernel security, access control list (ACL), hardening, technology, servers, services, tools, framework, applications, attack, counter measure" /> <meta name="description" content="A complete Windows system security programming and hacking using the Win32 Access Control List (ACL) library with program examples and code samples" /> </head> <body topmargin="20" leftmargin="20" rightmargin="20" bottommargin="20"> <table border="0" width="100%"> <tr> <td colspan="2"> <h1 align="center" style="margin-top:0; margin-bottom:0"> <span style="font-weight: 400"><font face="Batang">The Win32 Access Control List (ACL) APIs</font></span><font face="Batang"><span style="font-weight: 400"> Programming</span></font></h1> </td> </tr> <tr> <td colspan="2"> <p align="center"> <script type="text/javascript"><!-- google_ad_client = "pub-8089415323104206"; google_ad_slot = "2156170134"; google_ad_width = 728; google_ad_height = 15; //--> </script> &nbsp;<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script></p> </td> </tr> <tr> <td width="7%" align="center"> <h3> <font face="Byington"><span style="font-weight: 400"> <a title="The Win32 programming tutorial using Visual Studio, C and C++ languages" target="_top" href="index.html"> HOME</a></span></font></h3> <p>&nbsp;</p> <p>&nbsp;</p> <p>&nbsp;</p> <div align="center"> <script src="http://tag.contextweb.com/TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=160X600&cwpid=527221&cwwidth=160&cwheight=600&cwpnet=1&cwtagid=82739"></script> </div> <p>&nbsp;</p> <p> <script type="text/javascript"><!-- google_ad_client = "pub-8089415323104206"; google_ad_slot = "3614899554"; google_ad_width = 160; google_ad_height = 600; //--> </script> &nbsp;<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script></p> </td> <td width="92%"><font face="Arial">Note: Some code sample may need to be tested in the domain-based, active directory environment, private or public in order to see the &#39;real&#39; output samples. Ask your lab&#39;s instructor to use the appropriate lab. This tutorial exposes some part of the Windows &#39;security&#39; implementation.</font><h1 style="margin-bottom:0mm;margin-bottom:.0001pt"> <font size="5" face="Times New Roman"> <span style="line-height:115%; font-family:&quot;Arial&quot;; font-weight:400">What do we have in this session?</span></font></h1> <span lang="EN"> <ol> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl1.html"> Introduction</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Access Control</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Access Control Model</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Access Control Components</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl1_1.html">Access Rights for Access-Token Objects</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Security Descriptors</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Securable Objects</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl2.html"> Access Control Lists (ACLs)</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Access Control Entries (ACEs)</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Object-specific ACEs</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Trustees</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl2_1.html">Access Rights and Access Masks</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">ACCESS_MASK Data Type</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Access Mask format</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Generic Access Rights</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Standard Access Rights</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">SACL Access Right</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Directory Services Access Rights</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">How Security Descriptors are Set on New Directory Objects</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Default Security Descriptor</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl3.html"> Security Identifiers (SID)</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Interaction Between Threads and Securable Objects</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">DACLs and ACEs</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">How DACLs Control Access to an Object</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Order of ACEs in a DACL</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">ACEs to Control Access to an Object&#39;s Properties</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl3_1.html">Requesting Access Rights to an Object</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Null DACLs and Empty DACLs</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Allowing Anonymous Access</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Security Descriptor Definition Language (SDDL)</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Security Descriptor String Format</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Security Descriptor String Examples</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">String 1 example</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">String 2 example</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl4.html"> The ACE Strings</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">The ACE String Description</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl4_1.html">ACE Inheritance Rules</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl5.html"> More on SID Strings</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">More on SID Components</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl5_1.html">Well-known SIDs</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl6.html"> Windows Privileges</a></span></font></h3> </li> </ol> <p style="margin-top: 0; margin-bottom: 0">&nbsp;</p> <p style="margin-top: 0; margin-bottom: 0">&nbsp;</p> <div align="center"> <script src="http://tag.contextweb.com/TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=527221&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=82740"></script> </div> <p></p> <p style="margin-top: 0; margin-bottom: 0">&nbsp;</p> <ol start="42"> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Running with Special Privileges</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Running with Administrator Privileges</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Asking the User for Credentials</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Acquiring user credentials</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Changing Privileges in a Token</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Enabling and Disabling Privileges</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl6_1.html">Authorization Constants</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Privilege Constants</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"><a href="accesscontrollistacl7.html"> Audit Generation</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">SACL Access Right</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Auditing Access To Private Objects</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Low-level Access Control</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Low-level Security Descriptor Functions</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Low-level Security Descriptor Creation</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Absolute and Self-Relative Security Descriptors</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Low-level ACL and ACE Functions</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistacl7_1.html">How Security Groups are Used in Access Control</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Impersonation</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Access Tokens for Impersonation</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Client Impersonation</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Impersonation Levels</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Setting the Impersonation Level</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400">Registry Key Security and Access Rights</span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample1.html">Creating a DACL From a Scratch Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample1a.html">Creating DACL and SACL with the Privilege Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample2.html">Empty DACL program example: Nobody Can&nbsp; Access</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample2_1.html">The NULL DACL Program Example: Everyone get Full Control</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample2_2.html">Modifying Existing DACLs of an Object Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample2_3.html">Modifying the SACL and Privilege Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample2_4.html">Another New DACL Which Does Not Inherit Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample3.html">Enabling and Disabling Privileges Code Snippet Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample3_1.html">Privilege and SACL Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample3_2.html">Searching for a SID in an Access Token Program Example 1</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample3_3.html">Searching for a SID in an Access Token Program Example 2</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample3_4.html">Getting the Logon (Session) SID in C++</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample4.html">Finding the Owner of a File Object Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample4_1.html">Taking Object Ownership Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample5.html">SID conversion: String-to-Binary-to-String Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample6.html">Log on a user to a machine Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample6_1.html">A Simple Impersonation Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample6_2.html">Creating a Security Descriptor from Scratch for a New Object, a Registry key Code Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample6_3.html">Validate User Credentials on Microsoft Operating Systems Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample6_4.html">Creating A Well Known SID Program Example</a></span></font></h3> </li> <li> <h3 style="margin-top: 0; margin-bottom: 0"><font face="Byington"> <span style="font-weight: 400"> <a href="accesscontrollistaclexample6_5.html">Retrieving current user and domain names on Windows NT, Windows 2000, or Windows XP Code Example</a></span></font></h3> </li> </ol> </span></td> </tr> <tr> <td colspan="2"> <p align="center"> <script type="text/javascript"><!-- google_ad_client = "pub-8089415323104206"; google_ad_slot = "0761177910"; google_ad_width = 728; google_ad_height = 90; //--> </script> &nbsp;<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script></p> </td> </tr> <tr> <td colspan="2"> <h3 align="center" style="margin-top: 0; margin-bottom: 0"> <font face="Byington"><span style="font-weight: 400">&lt; <a title="The Windows Win32 network management API programming tutorial with code example and program samples" style="color: blue; text-decoration: underline" href="networkmanagementapis16index.html"> Win32 Network Management APIs</a> | <a title="The Win32 programming tutorial using Visual Studio, C and C++ languages" style="color: blue; text-decoration: underline" href="index.html"> Win32 Programming</a> | <a title="An introduction to the Windows Access Control List programming - ACL components, DACL, SACL, ACL etc." style="color: blue; text-decoration: underline" href="accesscontrollistacl1.html"> Win32 Access Control List (ACL) 1</a> &gt;</span></font></h3> </td> </tr> </table> </body> </html>