I tested the sample, and GetNamedSecurityInfo
can get folder C:\Users\Admin\Documents\NewFolder
Local Service access permission. This may be related to the permissions in your system. Refer to: GetNamedSecurityInfo returns ERROR_ACCESS_DENIED(5) when writting owner of a remote Windows shared folder
Local Service application can't use GetNamedSecurityInfo when Win10 OS upgraded to Version 20H2
I wrote a service program running as a local service account.
This service used to use GetNamedSecurityInfo to obtain folder related access rights and it works fine. Recently, I upgraded to 20h2 version of win10 and found that there were some different return values in this interface.
I use the sample code https://learn.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-geteffectiverightsfromacla
to get folder C:\Users\Admin\Documents\NewFolder Local Service access permission.
NewFolder has no local service permission.
The previous version was win10 2004, I never get error from GetNamedSecurityInfo, and AuthzAccessCheck can get accessMask without error.
After win10 upgrade to 20H2, I get errorcode = 5 when call GetNamedSecurityInfo,
Any comments or something I don't know?
2 answers
Sort by: Most helpful
-
Song Zhu - MSFT 906 Reputation points
2021-05-31T08:17:29.9+00:00 -
Aspire 81 Reputation points
2021-06-01T05:34:14.937+00:00 Thanks, I found that this is my machine configuration problem. If I don't have partial permissions under the users folder, calling GetNamedSecurityInfo will return 5,