tags:

views:

34

answers:

3
+1  Q: 

How to reset an object's security descriptor to the default?

As part of a testing utility I am creating some registry keys and applying a specific security descriptor to them. Later on I want to reset it to the "default" security descriptor (i.e. inherited from the parent). What is the proper way to do this?

I can't save and restore the original security descriptor because this utility may be run multiple times before the tester will want to reset it. I guess I could save it to a temp file or registry value, but I would prefer a more elegant solution.

So, do I have to do something with the parent's security descriptor or what? I'm having a hard time figuring out what to do.

Almost forgot to mention I'm doing this in C.

UPDATE: I should have added that I'll also be doing this with files (and possibly other securable objects), so it would be nice if there were a generic way to work with security descriptors themselves instead of using object-specific things like RegSaveKey. I imagine it would require working with the security descriptor of the parent, so it would be great if I could do something like the following:

BOOL WINAPI GetDefaultChildSecurityDescriptorFromParent(LPSECURITY_DESCRIPTOR Parent, LPSECURITY_DESCRIPTOR* Child);

I'm just not sure how to do it programmatically. You can accomplish this in the security descriptor editor by using the check box to inherit entries from the parent, so obviously it is possible somehow.

A: 

I recommend saving keys to a file using RegSavekey. To restore the key use RegLoadKey.

Rook  2010-10-06 21:30:21
A: 

The easiest way I can think to do this would be to read in the structure that needs to be defaulted... then delete it and recreate it - passing NULL to force the defaults.

Chris Becke  2010-10-07 07:22:55
A: 

I hate to answer my own question, but I found a snippet of documentation on the matter (the DACL is really the only thing I am concerned with). Looks like I have to get the DACL of the parent and create a new DACL that includes all the inheritable ACEs in it. I was hoping it would be simpler than that, but it's not too bad.

Luke  2010-10-08 14:57:07

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS