Original link: http://www.cppblog.com/wrhwww/archive/2011/08/23/154117.html
The System files (folders) under General Windows only allow the limited account to read and not write and modify. If you want to turn on write permissions, you will need to manually modify the user account security permissions for the file (folder) (This will of course be performed under the Administrator account). The following program encapsulates the operation:
Let's start with an API version:
//
Enable all operation permissions for a file (folder) for an account
Pszpath: File (clip) path
Pszaccount: Account Name
//
BOOL Enablefileaccountprivilege (pctstr pszpath, Pctstr pszaccount)
{
BOOL bsuccess = TRUE;
PACL Pnewdacl = null, POLDDACL = NULL;
Explicit_access EA;
Do
{
Gets the DACL list of the file (clip) securable object
if (error_success! =:: GetNamedSecurityInfo ((LPTSTR) Pszpath, se_file_object, dacl_security_information, NULL, NULL, & AMP;POLDDACL, NULL, NULL))
{
bsuccess = FALSE;
Break
}
You cannot use the AddAccessAllowedAce function directly here because the existing DACL length is fixed and a DACL object must be recreated
Generates access control information for the specified user account (specified here to give full access rights)
:: Buildexplicitaccesswithname (&ea, (LPTSTR) Pszaccount, Generic_all, grant_access, Sub_containers_and_objects_ INHERIT);
Creating a new ACL object (merging existing ACL objects and newly generated user account access control information)
if (error_success! =:: SetEntriesInAcl (1, &ea, Polddacl, &pnewdacl))
{
bsuccess = FALSE;
Break
}
Set file (clip) DACL List of securable objects
if (error_success! =:: SetNamedSecurityInfo ((LPTSTR) Pszpath, se_file_object, dacl_security_information, NULL, NULL, Pnewdacl, NULL))
{
bsuccess = FALSE;
}
} while (FALSE);
Freeing resources
if (pnewdacl! = NULL)
:: LocalFree (PNEWDACL);
return bsuccess;
}
ATL encapsulates the security operation function, which is much simpler to write in ATL:
//
Enable all operations permissions for a file (folder) for an account (ATL version)
Pszpath: File (clip) path
Pszaccount: Account Name
//
BOOL Atlenablefileaccountprivilege (pctstr pszpath, Pctstr pszaccount)
{
CDacl DACL;
CSid SID;
Get user account identifier
if (!sid. Loadaccount (Pszaccount))
{
return FALSE;
}
Gets the DACL of the file (clip)
if (! Atlgetdacl (Pszpath, Se_file_object, &dacl))
{
return FALSE;
}
To add a new ACE entry in a DACL
Dacl. Addallowedace (SID, Generic_all);
Setting a DACL for a file (clip)
Return Atlsetdacl (Pszpath, Se_file_object, DACL)? True:false;
}
Program code to modify the user access permissions for a file (folder)