Reordering a DACL
Reordering a DACL
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
The following example reorders a discretionary access control list (DACL).
Visual Basic
'////////////////////////////////////////////////////////////////////// ' ' Function: ReorderACL(objDACL) ' ' Purpose: Reorders a DACL properly. ' Input: objDACL- Discretionary Access Control List (Object) ' ' Output: Object- Reordered DACL ' ' Note: In order for this example to function correctly, it may be necessary to include ' references to the following libraries: Active DS Type Library, Microsoft CDO for ' Exchange Management Library, Microsoft Cluster Service Automation Classes, ' Microsoft CDO for Windows 2000 Library. '////////////////////////////////////////////////////////////////////// Function ReorderACL(objDacl) ' Dim Objects. Dim ImpDenyDacl As AccessControlList Dim ImpDenyObjectDacl As AccessControlList Dim ImpAllowDacl As AccessControlList Dim ImpAllowObjectDacl As AccessControlList Dim objSD As SecurityDescriptor Dim newDACL As AccessControlList ' Dim Other Variables. Dim ace As AccessControlEntry ' Set Constants. Const ADS_ACETYPE_ACCESS_DENIED = &H1 Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const ADS_ACETYPE_ACCESS_ALLOWED = &H0 Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 Const ADS_ACEFLAG_INHERITED_ACE = &H10 ' Create the New DACL. Set objSD = CreateObject("SecurityDescriptor") ' Create the ACL Objects. Set newDACL = CreateObject("AccessControlList") Set ImpDenyDacl = CreateObject("AccessControlList") Set ImpDenyObjectDacl = CreateObject("AccessControlList") Set ImpAllowDacl = CreateObject("AccessControlList") Set ImpAllowObjectDacl = CreateObject("AccessControlList") For Each ace In objDacl Select Case ace.AceType Case ADS_ACETYPE_ACCESS_DENIED ImpDenyDacl.AddAce ace Case ADS_ACETYPE_ACCESS_DENIED_OBJECT ImpDenyObjectDacl.AddAce ace Case ADS_ACETYPE_ACCESS_ALLOWED ImpAllowDacl.AddAce ace Case ADS_ACETYPE_ACCESS_ALLOWED_OBJECT ImpAllowObjectDacl.AddAce ace Case Else 'bad ace, bad bad ace.. End Select Next ' ' Combine the ACEs in the Proper Order ' Implicit Deny ' Implicit Deny Object ' Implicit Allow ' Implicit Allow Object ' ' Implicit Deny. For Each ace In ImpDenyDacl newDACL.AddAce ace Next ' Implicit Deny Object. For Each ace In ImpDenyObjectDacl newDACL.AddAce ace Next ' Implicit Allow. For Each ace In ImpAllowDacl newDACL.AddAce ace Next ' Implicit Allow Object. For Each ace In ImpAllowObjectDacl newDACL.AddAce ace Next 'Set the Appropriate revision level for the DACL. newDACL.AclRevision = objDacl.AclRevision ' Return Properly Ordered DACL. Set ReorderACL = newDACL ' Clean up. Set newDACL = Nothing Set ImpAllowObjectDacl = Nothing Set ImpAllowDacl = Nothing Set ImpDenyObjectDacl = Nothing Set ImpDenyDacl = Nothing Set objSD = Nothing End Function
Send us your feedback about the Microsoft Exchange Server 2003 SDK.
Build: June 2007 (2007.618.1)
© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.