wntSecurityGet

Returns security information about an object.

Syntax:

wntSecurityGet(server-name, resource, object-type, request, flags)

Parameters:

(s) server-name: the UNC name of the server on which the function will execute (e.g., "\\MYSERVER"), or ("") for the local computer.

(s) resource: for object type 300, a file or folder specified with either a drive letter specification or a UNC specification. for object type 400, a registry handle that points to an open registry key.

(i) object type: 300  file [either a drive letter or a UNC spec] 400  registry key handle [for a local registry key]

(i) request: See below.

(i) flags: This is a bit masked integer value. The effects caused by having various bits set or cleared varies with the particular request # that has been specified. Refer to the documentation of the various request #'s in order to determine which flags values are valid in any particular situation.

Returns:

(i) value depends on request.

 

Request

1

For Win2K, return @TRUE if the specified object has the protected [D|S]ACL flag set. Please note that top level registry keys and root folders on NTFS volumes will generally have this flag enabled, but their children will have this flag disabled. A protected DACL or SACL means that ACEs may not be inherited from the object's parent.

 

If flags is zero then the permission [e.g. DACL] protected flag value will be queried.

 

If flags is one then the audit [e.g. SACL] protected flag value will be queried.

 

For WinNT this function will always return @FALSE since ACL inheritance is not implemented on WinNT and thus the concept of a protected DACL/SACL does not exist on WinNT.

 

2

For Win2K, return @TRUE if the specified object has a [D|S]ACL that is marked as having been auto-inherited from the object's parent.

 

If flags is zero then the permission [e.g. DACL] auto-inherited flag value will be queried.

 

If flags is one then the audit [e.g. SACL] auto-inherited flag value will be queried.

 

For WinNT this function will always return @FALSE since ACL inheritance is not implemented on WinNT and thus the concept of an auto-inherited DACL/SACL does not exist on WinNT.

 

3

For both WinNT and Win2K, return @TRUE if the specified object has a [D|S]ACL present.

 

If flags is zero then the permission [e.g. DACL] presence flag value will be queried.

 

If flags is one then the audit [e.g. SACL] presence flag value will be queried.

 

4

For both WinNT and Win2K, return @TRUE if the specified object has a default [D|S]ACL.

 

If flags is zero then the permission [e.g. DACL] defaulted flag value will be queried.

 

If flags is one then the audit [e.g. SACL] defaulted flag value will be queried.

 

5

For both WinNT and Win2K, return the number of ACEs present in the [D|S]ACL. If there is no [D|S]ACL present then zero (0) will be returned.

 

If flags is zero then the # of ACEs in the permission list [e.g. DACL] will be returned.

 

If flags is one then the # of ACEs in the audit list [e.g. SACL] will be returned.

 

6

For both WinNT and Win2K, return the number of bytes that are free in the [D|S]ACL. If there is no [D|S]ACL present then zero (0) will be returned.

 

If flags is zero then the # of free bytes in the permission list [e.g. DACL] will be returned.

 

If flags is one then the # of free bytes in the audit list [e.g. SACL] will be returned.

 

7

For both WinNT and Win2K, return the number of bytes that are used in the [D|S]ACL. If there is no [D|S]ACL present then the value that will be returned will be the # of bytes that are required to store an ACL structure with zero ACEs in it.

 

If flags is zero then the # of used bytes in the permission list [e.g. DACL] will be returned.

If flags is one then the # of used bytes in the audit list [e.g. SACL] will be returned.

 

8

For both WinNT and Win2K, return @TRUE if the group SID value associated with the ownership of the object has been supplied through some default mechanism instead of having been directly assigned to the object.

The flags mask value is ignored for this request number.

 

9

For both WinNT and Win2K, return @TRUE if the owner SID value associated with the ownership of the object has been supplied through some default mechanism instead of having been directly assigned to the object.

 

The flags mask value is ignored for this request number.

 

 

Example:
; Load Appropriate Extender
AddExtender('wwwnt34i.dll',0,'wwwnt64i.dll')

;check if the specified folder has a permission that is marked ;as having been auto-inherited from the object's parent. ret = wntSecurityGet("", "\\server\share\folder", 300, 2, 0) If ret == @TRUE    Message("wntSecurityGet","Permission is auto-inherited from parent") Else    Message("wntSecurityGet","Permission is NOT auto-inherited from parent") EndIf Exit