The Win32 Access Control List (ACL) APIs Programming








Note: Some code sample may need to be tested in the domain-based, active directory environment, private or public in order to see the 'real' output samples. Ask your lab's instructor to use the appropriate lab. This tutorial exposes some part of the Windows 'security' implementation.

What do we have in this session?

  1. Introduction

  2. Access Control

  3. Access Control Model

  4. Access Control Components

  5. Access Rights for Access-Token Objects

  6. Security Descriptors

  7. Securable Objects

  8. Access Control Lists (ACLs)

  9. Access Control Entries (ACEs)

  10. Object-specific ACEs

  11. Trustees

  12. Access Rights and Access Masks

  13. ACCESS_MASK Data Type

  14. Access Mask format

  15. Generic Access Rights

  16. Standard Access Rights

  17. SACL Access Right

  18. Directory Services Access Rights

  19. How Security Descriptors are Set on New Directory Objects

  20. Default Security Descriptor

  21. Security Identifiers (SID)

  22. Interaction Between Threads and Securable Objects

  23. DACLs and ACEs

  24. How DACLs Control Access to an Object

  25. Order of ACEs in a DACL

  26. ACEs to Control Access to an Object's Properties

  27. Requesting Access Rights to an Object

  28. Null DACLs and Empty DACLs

  29. Allowing Anonymous Access

  30. Security Descriptor Definition Language (SDDL)

  31. Security Descriptor String Format

  32. Security Descriptor String Examples

  33. String 1 example

  34. String 2 example

  35. The ACE Strings

  36. The ACE String Description

  37. ACE Inheritance Rules

  38. More on SID Strings

  39. More on SID Components

  40. Well-known SIDs

  41. Windows Privileges




  1. Running with Special Privileges

  2. Running with Administrator Privileges

  3. Asking the User for Credentials

  4. Acquiring user credentials

  5. Changing Privileges in a Token

  6. Enabling and Disabling Privileges

  7. Authorization Constants

  8. Privilege Constants

  9. Audit Generation

  10. SACL Access Right

  11. Auditing Access To Private Objects

  12. Low-level Access Control

  13. Low-level Security Descriptor Functions

  14. Low-level Security Descriptor Creation

  15. Absolute and Self-Relative Security Descriptors

  16. Low-level ACL and ACE Functions

  17. How Security Groups are Used in Access Control

  18. Impersonation

  19. Access Tokens for Impersonation

  20. Client Impersonation

  21. Impersonation Levels

  22. Setting the Impersonation Level

  23. Registry Key Security and Access Rights

  24. Creating a DACL From a Scratch Program Example

  25. Creating DACL and SACL with the Privilege Program Example

  26. Empty DACL program example: Nobody Can  Access

  27. The NULL DACL Program Example: Everyone get Full Control

  28. Modifying Existing DACLs of an Object Program Example

  29. Modifying the SACL and Privilege Program Example

  30. Another New DACL Which Does Not Inherit Program Example

  31. Enabling and Disabling Privileges Code Snippet Example

  32. Privilege and SACL Program Example

  33. Searching for a SID in an Access Token Program Example 1

  34. Searching for a SID in an Access Token Program Example 2

  35. Getting the Logon (Session) SID in C++

  36. Finding the Owner of a File Object Program Example

  37. Taking Object Ownership Program Example

  38. SID conversion: String-to-Binary-to-String Program Example

  39. Log on a user to a machine Program Example

  40. A Simple Impersonation Program Example

  41. Creating a Security Descriptor from Scratch for a New Object, a Registry key Code Example

  42. Validate User Credentials on Microsoft Operating Systems Program Example

  43. Creating A Well Known SID Program Example

  44. Retrieving current user and domain names on Windows NT, Windows 2000, or Windows XP Code Example


< Win32 Network Management APIs | Win32 Programming | Win32 Access Control List (ACL) 1 >