Access Control Lists Inadequately Documented .. Why Is That?

Question

Access Control Lists Inadequately Documented .. Why Is That?

MARK ROCKMAN 1

Late model Windows often present a file or directory that "needs" permission from Administrator or Everyone before File Explorer will perform a requested command. This is unaccountable behavior because I never apply access control lists to any of the involved files when I create them. The operating instructions for File Explorer do not go into detail about what the end user is supposed to do in order to make the operation work properly. I have studied the problem extensively and remain mystified. Even an elevated process that "owns" the offending file or directory does always succeed in performing the operation. So I ask why Microsoft has declined to write a detailed, peer reviewed paper on how to delete a "protected" file or directory in a process without fail.

Answer 1

Limitless Technology 38,771

Hi @MARK ROCKMAN

Maybe the below articles from Microsft might help you with the answers you are searching for in the process involved in the Access Control Lists and Getting Information from an ACL.

Access Control Lists
https://learn.microsoft.com/en-us/windows/win32/secauthz/access-control-lists

Getting Information from an ACL
https://learn.microsoft.com/en-us/windows/win32/secauthz/getting-information-from-an-acl

Hope this resolves your Query!!

--
--If the reply is helpful, please Upvote and Accept it as an answer–

MARK ROCKMAN 1 Reputation point

2022-04-06T22:37:29.577+00:00

iI thank you for your answer. It showed me just how complex the NTFS "file security" mechanism is. In fact, I speculate that your average Microsoft business customer never protects his files because he does not know how to do it. I am after an algorithm with which I can design and implement a computer program in C# that successfully deletes any directory regardless of tree depth, inheritance, ownership, and various permissions that may or may not be granted to various principals. Naturally the APIs that exist are not available in the .NET Framework. So one is presented with Win32, and possibly the Component Object Model, which is not my idea of simple and straightforward. So who am I to complain? Nobody. I worked for years on a mainframe that had a single bit in a process control structure that indicated "privileged" or "not privileged." A privileged process was granted permission to do as it pleased to any directory and any file. Too simple! Not up to government standards! Microsoft has never been a corporation that was dedicated to providing operating instructions. Most users get along knowing little and unwilling to know more, than they absolutely must, to get their jobs done. Like hamburgers, copies of Windows: Billions sold. (By the way I used File Explorer yesterday to delete all the directories and their various contents. It got confused. There was one set of empty directories remaining in the directory that I wanted to clear out. I went back in, selected those directories, and File Explorer deleted them. Wow.)

Access Control Lists Inadequately Documented .. Why Is That?

1 answer

Activity