Hello guys,
I haven't seen much questions (any actually) about Microsoft Provisioning System SDK, but who knows, maybe there is someone that was dealing with same issue.
We are using MPS SDK v4.5, works just fine for most of the things. But, there is a problem when it comes to removing ACE on directory for a trustee. In File Share Provider documentation http://technet.microsoft.com/en-us/library/dd278614.aspx it is written how it should be done:
set Mode tag to REVOKE_ACCESS: An input flag that removes matching access-control information for the trustee. When modifying an existing DACL or SACL, specify REVOKE_ACCESS to remove any existing ACEs for the specified trustee. However, note that the operating system typically converts generic permissions to specific ones. Use File System Provider::GetDirectoryAttributes to generate a list of all specific permissions, then SetDirectoryAttributes to revoke individual permissions.
Unfortunately it does not work as it is specified: When I send request with MODE set to REVOKE_ACCESS result is, instead of removing GRANT_ACCESS with same permissions, one more ACE with DENY_ACCESS mode is added. Also, if I want to remove ACE with DENY_ACCESS mode it does nothing.
However, mine question would be how to remove ace for a trustee on directory using File Share Provider.
p.s. I haven't put xml requests that I've used but if someone thinks it could be helpful I will do that as well.
Regards