views:

429

answers:

2

How does one create an administrative network share [1] with read-only permissions from C/C++ or Python under Windows XP?

[1] Necessary in order to access C:\Program Files over the share.

A: 

Take a look at NetShareAdd() for C/C++ (the MSDN includes an example program at the end of the page).

GRB
NetShareAdd() won't let you set permissions. The example uses no permissions.
Gili
The example chooses not to, but you can. Check the info page on the SHARE_INFO_2 structure, there's a permissions member which can be set to ACCESS_READ. http://msdn.microsoft.com/en-us/library/bb525408(VS.85).aspx
GRB
We tried that. If you look at the documentation for the "shi2_permissions" field it reads "Note that Windows does not support share-level security". Maybe it's possible to do this with SHARE_INFO_502 instead? Any idea how to create read-only security descriptors for it?
Gili
Check this Experts-Exchange question, in the end the guy was able to make his shared folder read-only using SHARE_INFO_2 and ACCESS_READ (the problem he has is probably different from yours, but in the end ACCESS_READ still seems to work) http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_20148288.html
GRB
(sorry, I guess directly linking to experts-exchange hides the answers... search google for "sharing a folder programmatically" and it's the third/fourth option from the top -- "Programmatically sharing a folder !")
GRB
A: 

First create the share with NetShareAdd(). This will share the directory with a null ACL, which is equavalent to allowing everyone full access. It is not possible to configure permissions with NetShareAdd on Windows.

Once the share has been created, get the security descriptor for the share by calling GetNamedSecurityInfoW() passing in the share name, SE_LMSHARE as the ObjectType, and DACL_SECURITY_INFORMATION as the SecurityInfo. Once you have the descriptor, use the normal Windows security calls to configure the ACL.

glob