C# Signature:
[DllImport("advapi32.dll", SetLastError=true)]
static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(
string StringSecurityDescriptor,
uint StringSDRevision,
out IntPtr SecurityDescriptor,
out UIntPtr SecurityDescriptorSize
);
VB.Net Signature:
<DllImport("advapi32.dll", SetLastError:=True)>
Public Shared Function ConvertStringSecurityDescriptorToSecurityDescriptor(
ByVal StringSecurityDescriptor As String,
ByVal StringSDRevision As UInteger,
ByRef SecurityDescriptor As IntPtr,
ByRef SecurityDescriptorSize As UIntPtr)
End Function
VB Signature:
Declare Function ConvertStringSecurityDescriptorToSecurityDescriptor Lib "advapi32.dll" (TODO) As TODO
User-Defined Types:
None.
Alternative Managed API:
Do you know one? Please contribute it!
Notes:
None.
Tips & Tricks:
Please add some!
Sample Code:
Set DACL from SDDL:
public class SomeClass
{
[DllImport("Advapi32.dll", SetLastError = true)]
static extern void SetFileSecurity(string path, int type_of_sd, IntPtr sd);
[DllImport("Advapi32.dll", SetLastError = true)]
static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string StringSecurityDescriptor, uint StringSDRevision, out IntPtr SecurityDescriptor, out UIntPtr SecurityDescriptorSize);
private static void Main()
{
string path = @"C:\Some\path\to\file";
string sddl = "D:AI(A;ID;FA;;;S-1-1-0)"; // set only one ACE: inherited full access to Everyone
uint sd_revision = 1; // the only revision of SECURITY_DESCRIPTOR
int DACL_SECURITY_INFORMATION = 4; // can be changed to change other properties, not DACL, relying on SECURITY_DESCRIPTOR_CONTROL parameters https://msdn.microsoft.com/ru-ru/library/windows/desktop/aa379566%28v=vs.85%29.aspx
IntPtr sd_ptr = new IntPtr();
UIntPtr sd_size_ptr = new UIntPtr();
ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, sd_revision, out sd_ptr, out sd_size_ptr);
SetFileSecurity(path, DACL_SECURITY_INFORMATION, sd_ptr);
}
}
