On 23/12/2009 00:47, Hongwei Sun wrote:
Matthieu,
Your summary is a good recap of what we have done on this topic. I have
one clarification for the point below.
* All ACE for allowed object are wipped out when "translating" AD ACL
to File ACL
When translating a ACL for
Matthieu,
Your summary is a good recap of what we have done on this topic. I have
one clarification for the point below.
* All ACE for allowed object are wipped out when "translating" AD ACL
to File ACL
When translating a ACL for DS object to a ACL for SYSVOL file object,
Hello Sebastian and Hongwei,
Sorry for being silent on this.
So if I try to sum up we agreed that:
* in order to allow modification of ACL on files sdeffectiverights must
have the flag DACL_SECURITY_INFORMATION set, and the ACL must have the
SE_DACL_PROTECTED set in the control flags.
* in o
Hi Matthieu,
With regards of the OI and CI flags, we always set those flags on if the ACE
type is any of the following 3 types:
ACCESS_ALLOWED_ACE_TYPE
ACCESS_DENIED_ACE_TYPE
SYSTEM_AUDIT_ACE_TYPE
This is hardcoded.
I'll provide you with the answer to your other question soon.
Thanks and rega
On 04/12/2009 23:00, Sebastian Canevari wrote:
Hi Matthieu,
Just a clarification to ask you for:
We are discussing with Hongwei and the PGs if it is that you are seeing GPMC "expect"
the inheritance to happen OR if it is that you are dumping the ACLs and "seeing" the
flags always.
What
Hi Matthieu,
We are still actively working on this and I do have the PG engaged.
Please accept my apologies if we are delaying a little longer than expected. I
guess we can say that the holidays affected the timing a little without trying
to use that as an excuse.
I'll keep you posted as soon
Hello sebastian
And last but not least question, it seems that GPMC whats to have OI and CI flags on every
ACL entries is it due to the presence of the "SDDL_AUTO_INHERITED">control in
the SDDL ?
Any news on this ?
More exactly my question is why this flag appear on each ACE ?
Also do you
Hi Matthieu,
I'll be working with you on these questions.
I will keep you updated.
Thanks!
Sebastian
Sebastian Canevari
Senior Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: seba...@microsoft.com
--
Matthieu,
I double checked the logic and your assumption is right. The return value
for SYSVOL access mask should be assigned to the input value first. For your
other questions, since I am out of office , Sebastian will work on them and
let you know.
Thanks!
Hongwei
-Original Mes
Hello Hongwei,
I've been working on the translation function, I am getting quite
similar ACL right now but I have some remarks and questions.
The pseudo code contains this:
DSAccessMask as Input;
SYSVOLAccessMask as Output;
SYSVOLAccessMask&= STANDARD_RIGHTS_ALL ;
I have impression that it
Hi Hongwei,
I received your answer and it looks very interesting. I have to correct
the implementation so that ACL on folder are correctly set.
I hope to be able to do it next week. Once it's done I'll tell you about
the results.
Regards.
Matthieu.
On 10/29/2009 05:31 AM, Hongwei Sun wrote:
11 matches
Mail list logo