Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Create a ACL list for a file

1,147 views

Skip to first unread message

Valy Greavu

unread,

Jul 14, 2003, 1:55:21 AM7/14/03

Please send'me an example for creatinbg an ACL list for a
file or an folder.

Robert Cohen

unread,

Jul 14, 2003, 4:22:38 PM7/14/03

everytime I see this question asked in the newsgroups, the answer is always
the same, use cacls.exe

--
Sorry, I am no longer including my e-mail address as I am getting to much
spam. I really have no desire to enlarge "it" by three inches, that is even
if I get e-mailed 10 times a day from different e-mail addresses so I can't
block it.
Besides I finally came to believe what others have said, if you have a
question, you should ask the group as others might benefit from it. Anyone
on the group who I converse with off topic or on the side, can easily find
my e-mail address.

"Valy Greavu" <gre...@uaic.ro> wrote in message
news:045801c349cc$8335e810$a501...@phx.gbl...

Ron Rosenkoetter

unread,

Jul 15, 2003, 12:40:10 AM7/15/03

Just cutting and pasting old scripts. Test them before
using them on production networks.

On Error Resume Next

'Set Log File Name
LogFileName = "c:\ShowPermissions.log"

'Set File Constants
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

'Setting the Arguments
Set objArgs = Wscript.Arguments
If ObjArgs.Count > 0 Then
Arg1 = objArgs(0)
Else
wscript.echo "Please specify all required arguments.
Run this script again "
wscript.echo "with a /? as the first argument to see
the help file"
Wscript.Quit
End If

'Checking if Help file is needed
HELP = 0

If Arg1 = "help" Then HELP = 1
If Arg1 = "/?" Then HELP = 1
If Arg1 = "?" Then HELP = 1

' Doubles as Help document and Purpose of script REMARKS
If HELP = 1 then

wscript.echo " ******************************"
wscript.echo " * Script: ShowPermissions.vbs"
wscript.echo " * Creation Date: 2-3-2003"
wscript.echo " * Version: 1.0"
wscript.echo " * Author: Ron Rosenkoetter"
wscript.echo " * E-mail:
Ronald.Ro...@gentiva.com"
wscript.echo " *"
wscript.echo " * Description: This script will
display "
wscript.echo " * the permissions on the specified
file"
wscript.echo " * or folder. Note that you have to
use "
wscript.echo " * an UNC path. "
wscript.echo " *"
wscript.echo " * Usage: ShowPermissions.vbs
[options]"
wscript.echo " *"
wscript.echo " * /f: File or Folder Path (UNC) "
wscript.echo " * [required]"
wscript.echo " *"
wscript.echo " * Example: ShowPermissions.vbs
\\Server\data"
wscript.echo " *"
wscript.echo " ******************************"

Wscript.Quit
End If

'Make sure required options are specified
If NOT Wscript.Arguments.Named.Exists("f") Then
wscript.echo "Please specify all required arguments.
Run this script again "
wscript.echo "with a /? as the first argument to see
the help file"
Wscript.Quit
End If

'Set Option Variables
FolderPath = Wscript.Arguments.Named("f")

'Create the File System Object
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Open a log file for printing results
Wscript.Echo "Opening Log File"
Set LogFile = objFSO.OpenTextFile
(LogFileName,ForWriting,True)
If Err.Number <> 0 then
Wscript.Echo "Unable to open the " & LogFileName
Wscript.Quit
End If

'A WMI call needs a server name and an explicit path to
the folder.
'Split the FolderPath on the backslashes
Folders = split(FolderPath,"\")

'The first two elements of the Folders array are empty
(because of the leading
'two backslashes). The third element is the Server name,
and the fourth element is the Share name.
ServerName = Folders(2)
FileShareName = Folders(3)
Set objFileShare = GetObject("WinNT://" & ServerName
& "/LanmanServer/" & FileShareName)

'Get the path of the FileShare
ExplicitPath = objFileShare.Path

'Add the remaining subfolders back on to the Explicit Path
For i = 4 to UBound(Folders)
ExplicitPath = ExplicitPath & "\" & Folders(i)
Next

'Create an Security object
Set objSecurity = GetObject("winmgmts:\\" & ServerName
& "\root\cimv2:Win32_LogicalFileSecuritySetting='" &
ExplicitPath & "'")

'Get a Security Descriptor object
If objSecurity.GetSecurityDescriptor(objSD) = 0 Then

'Create an Owner object
Set objOwner = objSD.Owner
Message objSecurity.Path & " on " & ServerName & " is
owned by " & objOwner.Name & vbCrLF

'Loop through each ACE object inside the DACL
For Each objACE in objSD.DACL
Permissions = "--Special--"
If objAce.AccessMask = 2032127 Then Permissions
= "Full"
If objAce.AccessMask = 1245631 Then Permissions
= "Change"
If objAce.AccessMask = 1179817 Then Permissions
= "Read"

'Make the output pretty by standardizing the length by
adding spaces. Use
'IsNull to make sure an Trustee.Name exists for the ACE
If NOT IsNull(objACE.Trustee.Name) Then
LengthACEName = Len(objACE.Trustee.Name)
ACEName = objACE.Trustee.Name & Space(40 -
LengthACEName)
Message " " & ACEName & " " & Permissions
Else
Message " No name for SID <----"
End If

Next
End If

QuitProgram

'#############################

'Function CheckForErrorQuit

Function CheckForErrorQuit()
If Err.Number <> 0 then
Message "Error #" & Err.Number & " - " &
Err.Description
CheckForErrorQuit = Err.Description
QuitProgram
End If
End Function

'#############################

'Function CheckForErrorClear

Function CheckForErrorClear()
If Err.Number <> 0 then
Message "Error # " & Err.Number & " - " &
Err.Description
CheckForErrorClear = Err.Description
Err.Clear
End If
End Function

'#############################

'Subroutine Message

Sub Message (Text)
Wscript.Echo Text
LogFile.WriteLine Text
End Sub

'#############################

'Subroutine QuitProgram

Sub QuitProgram

LogFile.Close

Wscript.Echo " "

Wscript.Echo "********************************************
********"
Wscript.Echo "* Use notepad " & LogFileName & " to
see a log of these results"

Wscript.Echo "********************************************
********"

Wscript.Quit

End Sub

'############################

>.
>

Ron Rosenkoetter

unread,

Jul 15, 2003, 12:41:16 AM7/15/03

Just cutting and pasting old scripts. Test them before
using them on production networks.

'Function SetPermissions

'Variables
'DomainName
'ComputerName (use GetServerFromUNC function if
necessary)
'ExplicitPath (i.e. e:\data\folder - use
GetExplicitPathFromUNC function if necessary)
'UserOrGroupName
'Permission (Read,Modify,Full)

'Returns
'0 if successful
'1 if failed

Function SetPermissions
(DomainName,ComputerName,ExplicitPath,UserOrGroupName,Perm
ission)

Found = 0

'Create the security object. You have to invoke the
Security and Restore Priviledges in the
'script to make changes to ACEs

Set objSecurity = GetObject("winmgmts:

{(Security,Restore)}\\" & ComputerName & _

"\root\cimv2:Win32_LogicalFileSecuritySetting='"
& ExplicitPath & "'")

'Determine which Permission to be applied
If ucase(Permission) = "READ" Then PermissionBitMask
= 1179817
If ucase(Permission) = "MODIFY" Then
PermissionBitMask = 1245631
If ucase(Permission) = "FULL" Then PermissionBitMask
= 2032127

'Create the Security Descriptor object (objSD) and then
add, modify, or delete ACEs inside
'the DACL.

'Loop through every ACE in the DACL, and see if the User
or Group Name specified already
'has a ACE in the DACL. If so, alter the AccessMask and
set the FOUND Flag to 1

If objSecurity.GetSecurityDescriptor(objSD) = 0 Then

For Each objACE in objSD.DACL

If ucase(objACE.Trustee.Name) = ucase
(UserOrGroupName) Then
objACE.AccessMask = PermissionBitMask
Found = 1

End If
Next
End If

'If Found = 1, then the specified User or Group was
modified. Use SetSecurityDescriptor
'to save the changes.
If Found = 1 Then
If objSecurity.SetSecurityDescriptor(objSD) = 0 Then
SetPermissions = 0
Else
SetPermissions = 1
Err.Clear
End If
Else

'Specified User or Group was NOT found in the existing
DACL. Add a new ACE to the
'DACL

'(1) Get the SID of the user or group account.

'Create a WMI object on the local computer (Assuming the
local computer is in the
'same domain (or in a trusted domain) as the one specified
Set objWMI = GetObject("winmgmts:\\.\root\cimv2")

'Get a collection of Users objects, using ExecQuery
Set colUsers = objWMI.ExecQuery("SELECT * FROM
WIN32_ACCOUNT WHERE Domain = '" & _
DomainName & "' AND Name = '" & UserOrGroupName
& "'")

'The collection should only have one user in it. Loop
through the one user collection
'and create a user object
For Each UserName in colUsers
Set objUserName = UserName
Next

'Next, we need both the binary and string representation
of the user's SID to create a new
'Win32_Trustee. objUser.SID only returns the string
version. Create a Win32_SID object by
'referencing the objUser's SID
Set objSID = objWMI.Get("Win32_SID.SID='" &
objUserName.SID & "'")

'(2) Create a new blank Win32_Trustee object, and set
it's properties to the appropriate
' values

'Create a new blank Win32_Trustee object
Set objTrusteeClass = objWMI.Get("Win32_Trustee")
Set objTrustee = objTrusteeClass.SpawnInstance_()

'Set the properties
objTrustee.Domain = objSID.ReferencedDomainName
objTrustee.Name = objSID.AccountName
objTrustee.SID = objSID.BinaryRepresentation
objTrustee.SidLength = objSID.SidLength
objTrustee.SIDString = objSID.SID

'(3) Create a new blank Win32_ACE object, and set it's
properties to the appropriate
' values. The Trustee property should point to the
newly created Win32_Trustee

'Create a new blank Win32_ACE object
Set objACEClass = objWMI.Get("Win32_ACE")
Set objACE = objACEClass.SpawnInstance_()

'Set the properties
objACE.AccessMask = PermissionBitMask
objACE.Trustee = objTrustee
objACE.AceType = 0 'Allow
objACE.AceFlags = 3 'Inheritance to sub-folders and
files

'(4) Add the ACE to the DACL. This is the hard part,
because to keep the existing
' ACEs means we have to resize the array. The DACL
array is not a dynamic array, so
' the solution is to create a new array of the right
size, copy the explicit contents
' of the existing DACL (and the new ACE) into it, and
then replace the existing
' DACL with the new one.

'Create a Dictionary object (a hash). We're using a
dictionary object, because it
'can be dynamically resized
Set objDictionary = CreateObject
("Scripting.Dictionary")

'Loop through the DACL array and populate the Dictionary
object only with ACE objects
'that have EXPLICIT PERMISSIONS. This can be tested by
checking the AceFlags property.
'If the 5th bit (16) is set to 1 then, the permission is
inherited (See AceFlags
'description above.
'Doesn't matter what the Dictionary key is, The
corresponding item is all that matters,
'being the ACE of the existing DACL. We just use i as the
key here
For i = LBound(objSD.DACL) to UBound(objSD.DACL)
If NOT objSD.DACL(i).AceFlags AND 16 Then
objDictionary.Add i, objSD.DACL(i)
End If
Next

'Add the new ACE.
objDictionary.Add "Empty Key", objACE

'Use the items method to return a list of just the items,
and overwrite the existing
'DACL with the new list of ACEs
objSD.DACL = objDictionary.Items

'(5) Finally, write back the Security Descriptor
If objSecurity.SetSecurityDescriptor(objSD) = 0 Then
SetPermissions = 0
Else
SetPermissions = 1
Err.Clear
End If

End If

End Function

>.
>

Ron Rosenkoetter

unread,

Jul 15, 2003, 12:45:28 AM7/15/03

A cut and paste of general permissions notes I made while
figuring out how Windows 2000 permissions (the book WMI
by Matthew Lavy is the ONLY book I've found so far that
explains permissions pretty well)

'This file is for reference only
Wscript.Quit

'SecurityDescriptor for every folder, file, printer, etc.
'Contains the Owner property
'Contains a ControlFlags property (bitmask with
security settings like inheritance)
'Contains a DACL object and a SACL object
'Each DACL and SACL is made up of ACEs
'ACEs have several properties
'ACE.Trustee
'ACE.Acetype
'ACE.AccessMask
'ACE.AceFlags

'Create an Security object
Set objSecurity = GetObject

("winmgmts:\\ComputerName\root\cimv2:Win32_LogicalFileSecu
ritySetting='c:\testfolder'")

'You can't find out much about this object directly. One
property is path
objSecurity.Path 'returns c:\testfolder

'It does have a method (GetSecurityDescriptor) which will
return a new object with
'five sub objects of its own (Owner, Group, DACL, SACL,
and ControlFlags)

'Example

If objSecurity.GetSecurityDescriptor(objSD) = 0 Then

Set objOwner = objSD.Owner
Wscript.Echo objSecurity.Path & " is owned by " &
objOwner.Name
End If

'In the example above, we created an owner object using
objSD and then
'outputted the Name property of the new owner object.

'DACL (Discretionary Access Control List) is a list of
ACEs (Access Control Entries)
objSD.DACL 'returns an array of ACEs

'Win32_ACE.Trustee
'Group or User Name

If objSecurity.GetSecurityDescriptor(objSD) = 0 Then
For Each objACE in objSD.DACL

Wscript.Echo objACE.Trustee.Name 'returns a user or
group name
Next
End If

'Win32_ACE.AceType
'0 allow access
'1 deny access

If objSecurity.GetSecurityDescriptor(objSD) = 0 Then
For Each objACE in objSD.DACL

If objACE.AceType = 0 Then Wscript.Echo "Access
allowed"
If objAce.AceType = 1 Then Wscript.Echo "Access
denied"
Next
End If

'Win32_ACE.AccessMask

'Bitwise OR
Wscript.Echo 1 or 2 'Produces 3

'00000000000000000000000000000001 = 1
'00000000000000000000000000000010 = 2
'00000000000000000000000000000011 = 3

'Bitwise AND
1 and 2 'produces False because they share no bits
3 and 1 'produces True because they share the first bit

'Permissions (Folder / File)

'1 List Folder / Read Data
'2 Create Files / Write Data
'4 Create Folders / Append Data
'8 Read a file's extended attributes
'16 Write a file extended attributes
'32 Traverse Folder / Execute File
'64 Delete SubFolder and Files
'128 Reads standard file attributes
'256 Writes standard file attributes
'65536 Deletes a file
'131072 Read permissions
'262144 Change Permissions
'524288 Take Ownership
'1048576 Synchronizes (All permissions have this bit
on)

'Given a bitmask value, one can compare to the above and
determine
'which bits are set
If X AND 1 Then Wscript.Echo "List Folder / Read Data"
If X AND 2 Then Wscript.Echo "Create Files / Write Data"
If X AND 4 Then Wscript.Echo "Create Folders / Append
Data"

'Read and Execute Equivalent
'Traverse Folder \ Execute File
'List Folder \ Read Data
'Read Attributes
'Read Extended Attributes
'Read Permissions
'Synchronizes
'32 + 1 + 128 + 8 + 131072 + 1048576 = 1179817
(100100000000010101001 in binary)

'Change Equivalent
'Traverse Folder \ Execute File
'List Folder \ Read Data
'Read Attributes
'Read Extended Attributes
'Create Files / Write Data
'Create Folders / Append Data
'Write Attributes
'Write Extended Attributes
'Delete (a file)
'Read Permissions
'32 + 1 + 128 + 8 + 2 + 4 + 256 + 16 + 65536 + 131072 +
1048576
'= 1245631 (100110000000110111111 in binary)

'Full Equivalent
'All bits listed above are set to 1
'Total is 2032127 (111110000000111111111 in binary)

For Each objACE in objSD.DACL

Permissions = " "

If objAce.AccessMask = 2032127 Then Permissions
= "Full"
If objAce.AccessMask = 1245631 Then Permissions
= "Change"
If objAce.AccessMask = 1179817 Then Permissions
= "Read"

Wscript.Echo objACE.Trustee.Name & " " & Permissions

Next

'Win32_ACE.AceFlags (Inheritance)

'1 Child objects that are not themselves containers
(files but not directories)
' inherit these permissions. Child objectors that are
containers pass these
' permissions on to their children, but are not
themselves affected by them

'2 Child objects that are containers inherit these
permissions and pass them on
' to their children

'4 Child objects that inherit these permissions do not
pass them on to thier children
' This overrides 1 and 2

'8 The object is not affected by these permissions, but
it does pass them on to its
' children. This value is set for onjects that have
inherited permissions from a
' a parent whose inheritance includes 1

'16 Any object whose permissions have been inherited
has this value set

'Access these the same way. You can break them out using
the bitwise AND operator or
'just test for the totals

For Each objACE in objSD.DACL

Wscript.Echo objACE.AceFlags
If objACE.AceFlags AND 1 then Wscript.Echo "Non-
containers will inherit and pass on"
If objACE.AceFlags AND 2 then
Wscript.Echo "Containers will inherit and pass on"
If objACE.AceFlags = 3 then Wscript.Echo "Containers
AND Non-containers will inherit and pass on"
'etc
Next

'See ShowPermissions.vbs for a working script

'###########################################

'MODIFYING SECURITY DESCRIPTORS

'Create the security object. You have to invoke the
Security and Restore Priviledges in the
'script to make changes to ACEs
Set objSecurity = GetObject("winmgmts:
{(Security,Restore)}

\\ComputerName\root\cimv2:Win32_LogicalFileSecuritySetting
='c:\testfolder'")

'Create the Security Descriptor object (objSD) and then
add, modify, or delete ACEs inside
'the DACL.

'Modifying an existing ACE is easy. If you know the
Trustee name (group or user name), just
'loop through every ACE in the DACL, find the correct one
and set the value of the Access
'Mask.

If objSecurity.GetSecurityDescriptor(objSD) = 0 Then
For Each objACE in objSD.DACL

If ucase(objACE.Trustee.Name) = ucase("jlrosenk")
Then
objACE.AccessMask = 2032127 'Full

End If
Next
End If

'Use SetSecurityDescriptor to save the changes.
If objSecurity.SetSecurityDescriptor(objSD) = 0 Then
Wscript.Echo "Setting Security"
Else
Wscript.Echo "Unable to set Security"
End If

'To add a new ACE to a DACL takes a little more work. The
steps are as follows

'(1) Get the SID of the user account.

'Create a WMI object
Set objWMI = GetObject
("winmgmts:\\DomainController\root\cimv2")

'Get a collection of Users objects, using ExecQuery
Set colUsers = objWMI.ExecQuery("SELECT * FROM

WIN32_ACCOUNT WHERE Domain = 'gentiva' AND Name
= 'rontest1'")

'The collection should only have one user in it. Loop
through the one user collection
'and create a user object

For Each User in colUsers
Set objUser = User

Next

'Next, we need both the binary and string representation
of the user's SID to create a new
'Win32_Trustee. objUser.SID only returns the string
version. Create a Win32_SID object by
'referencing the objUser's SID

Set objSID = objWMI.Get("Win32_SID.SID='" & objUser.SID
& "'")

'(2) Create a new blank Win32_Trustee object, and set
it's properties to the appropriate
' values

'Create a new blank Win32_ACE object
Set objACEClass = objWMI.Get("Win32_ACE")
Set objACE = objACEClass.SpawnInstance_()

'Set the properties

objACE.AccessMask = 2032127 'Full

objACE.Trustee = objTrustee
objACE.AceType = 0 'Allow
objACE.AceFlags = 3 'Inheritance to sub-folders and
files

'Create a Dictionary object (a hash). We're using a
dictionary object, because it
'can be dynamically resized

Set objDictionary = CreateObject("Scripting.Dictionary")

'(5) Finally, write back the Security Descriptor
If objSecurity.SetSecurityDescriptor(objSD) = 0 Then

Wscript.Echo "Setting Security"
Else
Wscript.Echo "Unable to set Security"
End If

'To change an owner
Set objSD.Owner = objTrustee

'Control Flags for the Security Descriptor (Inheritance!)

'objSD.ControlFlags returns a bitmask value like the
ACE.AccessMask or ACE.AceFlags

'Checkbox that says
'Inherit from parent the permission entries that apply
to child objects (XP) or
'Allow inheritable permissions from parent to propgate
to this object (2000)

'Set by bit 4096 (1000000000000)
'Unchecked (Inheritance blocked) is with the bit on
'Checked (Inheritance passed down) is with the bit off

'Checking a normal folder, the following bits are
normally set (1000010000000100) = 33796
'100 (8) just indicates that the SD does have a DACL
'10000000000 (1024) indicates that the DACL is set up to
support automatic propagation (Inheritance)
'1000000000000000 (32768) indicates a SD in self-relative
format (Default)

'see http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/wmisdk/wmi/win32_securitydescriptor.asp

'Basically, set objSD.ControlFlags equal to 33796 to
allow inheritance, and 37892 to block it
'Or better, to NOT mess up any folders with a special
ControlFlags bitmask, just set or clear
'the 4096 bit to block and allow inheritance

'Allow Inheritance (unset the bit)
If objSD.ControlFlags AND 4096 Then
objSD.ControlFlags XOR 4096
End If

'Block Inheritance (Set the bit)
If NOT objSD.ControlFlags AND 4096 Then
objSD.ControlFlags OR 4096
End If

SE_OWNER_DEFAULTED
1
0x1 Indicates an SD with a default owner security
identifier (SID). You can use this bit to find all the
objects that have default owner permissions set.

SE_GROUP_DEFAULTED
2
0x2 Indicates an SD with a default group SID. You can use
this bit to find all the
objects that have default group permissions set.

SE_DACL_PRESENT
4
0x4 Indicates an SD that has a discretionary access
control list (DACL).
If this flag is not set, or if this flag is set and the
DACL is NULL, the SD allows
full access to everyone.

SE_DACL_DEFAULTED
8
0x8 Indicates an SD with a default DACL. For example, if
an object creator does not
specify a DACL, the object receives the default DACL from
the access token of the creator.
This flag can affect how the system treats the DACL, with
respect to access control entry
(ACE) inheritance. The system ignores this flag if the
SE_DACL_PRESENT flag is not set.

SE_SACL_PRESENT
16
0x10 Indicates an SD that has a system access control
list (SACL).

SE_SACL_DEFAULTED
32
0x20 Indicates an SD with a default SACL. For example, if
an object creator does not
specify a SACL, the object receives the default SACL from
the access token of the creator.
This flag can affect how the system treats the SACL, with
respect to ACE inheritance.
The system ignores this flag if the SE_SACL_PRESENT flag
is not set.

SE_DACL_AUTO_INHERIT_REQ
256
0x100 Requests that the provider for the object protected
by the SD automatically
propagate the DACL to existing child objects. If the
provider supports automatic
inheritance, it propagates the DACL to any existing child
objects, and sets the
SE_DACL_AUTO_INHERITED bit in the SDs of the object and
its child objects.

SE_SACL_AUTO_INHERIT_REQ
512
0x200 Requests that the provider for the object protected
by the SD automatically
propagate the SACL to existing child objects. If the
provider supports automatic
inheritance, it propagates the SACL to any existing child
objects, and sets the
SE_SACL_AUTO_INHERITED bit in the SDs of the object and
its child objects.

SE_DACL_AUTO_INHERITED
1024
0x400 Windows 2000 only. Indicates an SD in which the
DACL is set up to support
automatic propagation of inheritable ACEs to existing
child objects. The system
sets this bit when it performs the automatic inheritance
algorithm for the
object and its existing child objects. This bit is not
set in SDs for Windows
NT versions 4.0 and earlier, which do not support
automatic propagation of
inheritable ACEs.

SE_SACL_AUTO_INHERITED
2048
0x800 Windows 2000: Indicates an SD in which the SACL is
set up to support
automatic propagation of inheritable ACEs to existing
child objects. The
system sets this bit when it performs the automatic
inheritance algorithm
for the object and its existing child objects. This bit
is not set in SDs
for Windows NT versions 4.0 and earlier, which do not
support automatic propagation
of inheritable ACEs.

SE_DACL_PROTECTED
4096
0x1000 Windows 2000: Prevents the DACL of an SD from
being modified by inheritable ACEs.

SE_SACL_PROTECTED
8192
0x2000 Windows 2000: Prevents the SACL of an SD from
being modified by inheritable ACEs.

SE_SELF_RELATIVE
32768
0x8000 Indicates an SD in self-relative format with all
the security information in a
contiguous block of memory. If this flag is not set, the
SD is in absolute format.
For more information, see Absolute and Self-Relative
Security Descriptors.

>.
>

matt

unread,

Jul 17, 2003, 9:07:08 AM7/17/03

Fantastic.

>.
>

0 new messages