The Win32 Access Control List (ACL) APIs Programming

 

 

 

HOME

 

 

 Note: Some code sample may need to be tested in the domain-based, active directory environment, private or public in order to see the 'real' output samples. Ask your lab's instructor to use the appropriate lab. This tutorial exposes some part of the Windows 'security' implementation.

What do we have in this session?

  1. Introduction

    2. Access Control

    Access Control Model

    Access Control Components

  2. Access Rights for Access-Token Objects

    3. Security Descriptors

    Securable Objects

  3. Access Control Lists (ACLs)

    4. Access Control Entries (ACEs)

    Object-specific ACEs

    Trustees

  4. Access Rights and Access Masks

    5. ACCESS_MASK Data Type

    Access Mask format

    Generic Access Rights

    Standard Access Rights

    SACL Access Right

    Directory Services Access Rights

    How Security Descriptors are Set on New Directory Objects

    Default Security Descriptor

  5. Security Identifiers (SID)

    6. Interaction Between Threads and Securable Objects

    DACLs and ACEs

    How DACLs Control Access to an Object

    Order of ACEs in a DACL

    ACEs to Control Access to an Object's Properties

  6. Requesting Access Rights to an Object

    7. Null DACLs and Empty DACLs

    Allowing Anonymous Access

    Security Descriptor Definition Language (SDDL)

    Security Descriptor String Format

    Security Descriptor String Examples

    String 1 example

    String 2 example

  7. The ACE Strings

    8. The ACE String Description

  8. ACE Inheritance Rules

  9. More on SID Strings

    10. More on SID Components

  10. Well-known SIDs

  11. Windows Privileges

 

 

 

    Running with Special Privileges

    Running with Administrator Privileges

    Asking the User for Credentials

    Acquiring user credentials

    Changing Privileges in a Token

    Enabling and Disabling Privileges

  1. Authorization Constants

    2. Privilege Constants

  2. Audit Generation

    3. SACL Access Right

    Auditing Access To Private Objects

    Low-level Access Control

    Low-level Security Descriptor Functions

    Low-level Security Descriptor Creation

    Absolute and Self-Relative Security Descriptors

    Low-level ACL and ACE Functions

  3. How Security Groups are Used in Access Control

    4. Impersonation

    Access Tokens for Impersonation

    Client Impersonation

    Impersonation Levels

    Setting the Impersonation Level

    Registry Key Security and Access Rights

  4. Creating a DACL From a Scratch Program Example

  5. Creating DACL and SACL with the Privilege Program Example

  6. Empty DACL program example: Nobody Can  Access

  7. The NULL DACL Program Example: Everyone get Full Control

  8. Modifying Existing DACLs of an Object Program Example

  9. Modifying the SACL and Privilege Program Example

  10. Another New DACL Which Does Not Inherit Program Example

  11. Enabling and Disabling Privileges Code Snippet Example

  12. Privilege and SACL Program Example

  13. Searching for a SID in an Access Token Program Example 1

  14. Searching for a SID in an Access Token Program Example 2

  15. Getting the Logon (Session) SID in C++

  16. Finding the Owner of a File Object Program Example

  17. Taking Object Ownership Program Example

  18. SID conversion: String-to-Binary-to-String Program Example

  19. Log on a user to a machine Program Example

  20. A Simple Impersonation Program Example

  21. Creating a Security Descriptor from Scratch for a New Object, a Registry key Code Example

  22. Validate User Credentials on Microsoft Operating Systems Program Example

  23. Creating A Well Known SID Program Example

  24. Retrieving current user and domain names on Windows NT, Windows 2000, or Windows XP Code Example

< Win32 Network Management APIs | Win32 Programming | Win32 Access Control List (ACL) 1 >