var
ISecObj: ISecurityObject;
DirPath: string;
begin
DirPath:='C:\SomeDir\';
ISecObj:=FileSecurity(DirPath);
ISecObj.Owner := CurrentUser;
ShowMessage(ISecObj.LastErrorStr);
end;
If i browse to C:\ and open the security settings for the directory "somedir" i can take ownership of the folder. But the above codes fails with access denied....any clues?
Try running the following code before you execute the madSecurity code. The code will simply enable all privileges your current user has. By default not all privileges are enabled, although you have them.
procedure EnableAllPrivileges;
type TTokenPrivileges = record
PrivilegeCount : dword;
Privileges : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
end;
var c1, c2 : dword;
i1 : integer;
ptp : ^TTokenPrivileges;
backup, restore : int64;
begin
if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
try
c2 := 0;
GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
if c2 <> 0 then begin
ptp := pointer(LocalAlloc(LPTR, c2 * 2));
if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
// enabling backup/restore privileges breaks Explorer's Samba support
if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeBackupPrivilege )), backup ) then backup := 0;
if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeRestorePrivilege)), restore) then restore := 0;
for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
if (ptp^.Privileges[i1].Luid <> backup ) and
(ptp^.Privileges[i1].Luid <> restore) then
ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
end;
LocalFree(dword(ptp));
end;
finally CloseHandle(c1) end;
end;
madshi wrote:Try running the following code before you execute the madSecurity code. The code will simply enable all privileges your current user has. By default not all privileges are enabled, although you have them.
procedure EnableAllPrivileges;
type TTokenPrivileges = record
PrivilegeCount : dword;
Privileges : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
end;
var c1, c2 : dword;
i1 : integer;
ptp : ^TTokenPrivileges;
backup, restore : int64;
begin
if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
try
c2 := 0;
GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
if c2 <> 0 then begin
ptp := pointer(LocalAlloc(LPTR, c2 * 2));
if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
// enabling backup/restore privileges breaks Explorer's Samba support
if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeBackupPrivilege )), backup ) then backup := 0;
if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeRestorePrivilege)), restore) then restore := 0;
for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
if (ptp^.Privileges[i1].Luid <> backup ) and
(ptp^.Privileges[i1].Luid <> restore) then
ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
end;
LocalFree(dword(ptp));
end;
finally CloseHandle(c1) end;
end;
If i change the code to the following where i removed the "DecryptStr()" and replaced the CSe* with a string of almost the same name(found the name in winnt.h)...:
procedure EnableAllPrivileges;
type TTokenPrivileges = record
PrivilegeCount : dword;
Privileges : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
end;
var c1, c2 : dword;
i1 : integer;
ptp : ^TTokenPrivileges;
backup, restore : int64;
begin
if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
try
c2 := 0;
GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
if c2 <> 0 then begin
ptp := pointer(LocalAlloc(LPTR, c2 * 2));
if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
// enabling backup/restore privileges breaks Explorer's Samba support
if not LookupPrivilegeValue(nil, pchar('SeBackupPrivilege'), backup ) then backup := 0;
if not LookupPrivilegeValue(nil, pchar('SeRestorePrivilege'), restore) then restore := 0;
for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
if (ptp^.Privileges[i1].Luid <> backup ) and
(ptp^.Privileges[i1].Luid <> restore) then
ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
end;
LocalFree(dword(ptp));
end;
finally CloseHandle(c1) end;
end;