/* 给文件(夹)szPath设置用户名为pszAccount的可读可写可修改权限 */ bool GiveTheAccountPrivToFile(const TCHAR szPath[], const TCHAR pszAccount[]) { PACL pDaclOld = NULL; // 获取文件安全对象的DACL列表 if (ERROR_SUCCESS != GetNamedSecurityInfo (szPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDaclOld, NULL, NULL)) { std::cout << "GetNamedSecurityInfo fail. LastError: " << GetLastError() << endl; return false; } EXPLICIT_ACCESS ea = { 0 }; // 生成指定用户帐户的访问控制信息(这里指定赋予修改、读取和执行、读取、写入权限) ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT); // 生成指定用户帐户的访问控制信息(这里指定赋予所有权限) // ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT); BOOL bSuccess = TRUE; PACL pDaclNew = NULL; do { // 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息) if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pDaclOld, &pDaclNew)) { std::cout << "SetEntriesInAcl fail. LastError: " << GetLastError() << endl; bSuccess = FALSE; break; } // 设置文件安全对象的DACL列表 if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)szPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pDaclNew, NULL)) { std::cout << "SetNamedSecurityInfo fail. LastError: " << GetLastError() << endl; bSuccess = FALSE; } }while(FALSE); if (NULL != pDaclNew) { ::LocalFree(pDaclNew); } return bSuccess; }
#include <windows.h> #include <stdio.h> #pragma comment(lib, "cmcfg32.lib") BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege // to enable or disable privilege ) { TOKEN_PRIVILEGES tp; LUID luid; if (FALSE == LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid)) // receives LUID of privilege { printf("LookupPrivilegeValue fail. gle: 0x%08x\n", GetLastError()); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. if (FALSE == AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { printf("AdjustTokenPrivileges fail. gle: 0x%08x\n", GetLastError()); return FALSE; } if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) { printf("The token does not have the specified privilege. \n"); return FALSE; } return TRUE; }
转载自: https://www.cnblogs.com/Arthurian/p/16663266.html