> When I try to install/start the Windows service normally, neither of these
> two functions work. Specifically, I get a 'Permission denied' error when
> creating / writing the file to disk and no data is seen on the web socket
> receiving server.
Don't start it with an interactive account, try
> In my scenario (while the token is elevated) how does one replace a DACL with
> a new one that I add an ACE granting my context full control without reading
> the
> security descriptor, or, with elevated state active, how can I also add
> read_control
> when I get write_dac so I can read the sd
> Just by way of a slightly cheeky plug, this is how you'd take ownership
> using Winsys [1] (from an elevated prompt for simplicity's sake):
Hardly cheeky,
That module is far more complete than I'd ever hope to accomplish, right now
I am stuck between Python 3 usage and an immediate need to get a
> I think I understand your setup, which I've simulated below: an
> "ownership" directory owned by Admins and with SYSTEM & Admins only
> having full control. No inheritance; no propagation. Then an
> "other-account" directory below it; again, no inheritance and owned by a
> different account which
I have a scenario where I have a directory owned by localhost\Administrators
with
that group and SYSTEM set to full control without inheritance propagated.
Under this, I have a folder owned by another account with only that account
granted
full control.
If I elevate my token and run:
win32secu
> You can call win32security.SetNamedSecurityInfo with
> PROTECTED_DACL_SECURITY_INFORMATION
> to prevent inheritance.
Thanks Roger.
jlc
___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32
How does one accomplish the effect of the SetAccessRuleProtection call? I am
trying to
take an existing DACL and remove inheritance so parent changes are not
inherited unless
the child objects are reset.
I can iterate a dacl and remove an inherited ace which is in my opinion
technically invalid
> See function _ReorderACL in PyACL.cpp:
>
> http://pywin32.hg.sourceforge.net/hgweb/pywin32/pywin32/file/90d1d37b2444/win32/src/PyACL.cpp
Thanks Roger,
jlc
___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/p
> You should be able to just adjust privs once, instead of doing it in each
> call for every file.
I blame the holiday distractions for not arriving there myself, thanks Roger.
jlc
___
python-win32 mailing list
python-win32@python.org
https://mail.pyth
I can't seem to find any info on the PyACL methods that modify an ACL as to
whether or not they enforce canonical ordering, I hate assume but given the
role of some of the methods it does look it would need to?
Thanks,
jlc
___
python-win32 mailing list
p
I have a situation where I need to remove large directories and in doing so I
must take ownership.
I get a stack trace about the logon I impersonate generating to many security
ids as I recursively
iterate and take ownership.
What workarounds have you guys utilized in this scenario?
I suspect t
11 matches
Mail list logo
