> Eryk wrote: > This call will succeed even if one or more of the privileges wasn't > modified. In this case GetLastError() returns ERROR_NOT_ALL_ASSIGNED > (1300). This will be the case if you try to enable the take-ownership > and restore privileges for a UAC restricted token.
Thanks Eryk for responding. Yes it failed with 1300 and I'm running the code from another admin account. But I think it's not a restricted account. I could run any exe with Admin elevated privilege by right clicking and choosing the option from context menu. I tried with just Take ownership privilege for the current admin user. I've changed the SetFileSecurity API to SetNamedSecurityInfo as suggested. Below is the code I tried running. Getting (5, Access Denied) for SetNamedSecurityInfo. Am I missing something? def take_owner(path,account_name): owner_sid = win32security.LookupAccountName(None, account_name)[0] new_privs = ( (win32security.LookupPrivilegeValue( '', ntsecuritycon.SE_TAKE_OWNERSHIP_NAME), win32con.SE_PRIVILEGE_ENABLED),) flags = win32security.TOKEN_ALL_ACCESS\ | win32con.TOKEN_ADJUST_PRIVILEGES\ | win32con.TOKEN_IMPERSONATE try: thread = win32api.GetCurrentThread() handle = win32security.OpenThreadToken( thread, flags, False) except win32security.error as e: # if e.errno == 1008: handle = win32security.OpenProcessToken(win32api.GetCurrentProcess (), flags) win32security.AdjustTokenPrivileges(handle, 0, new_privs) lastError = win32api.GetLastError() print("last error=",lastError) # fs = win32security.GetNamedSecurityInfo(path, win32security.SE_FILE_OBJECT, win32security.OWNER_SECURITY_INFORMATION) # fs.SetSecurityDescriptorOwner(owner_sid, True) win32security.SetNamedSecurityInfo(path, win32security.SE_FILE_OBJECT, win32security.OWNER_SECURITY_INFORMATION, owner_sid, None, None, None) > Tim Wrote: > Admin1 can change the ACL to give Admin2 the right to change the ACL.? > In the file permission dialog, that's the "Change permissions" right.? > In code, it's the "WRITE_DAC" file permission. @Tim Thanks for the tip. Regards, Goku
_______________________________________________ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32