> In my scenario (while the token is elevated) how does one replace a DACL with
> a new one that I add an ACE granting my context full control without reading
> the
> security descriptor, or, with elevated state active, how can I also add
> read_control
> when I get write_dac so I can read the sd
> Just by way of a slightly cheeky plug, this is how you'd take ownership
> using Winsys [1] (from an elevated prompt for simplicity's sake):
Hardly cheeky,
That module is far more complete than I'd ever hope to accomplish, right now
I am stuck between Python 3 usage and an immediate need to get a
On 21/01/2014 15:36, Joseph L. Casale wrote:
I have a scenario where I have a directory owned by localhost\Administrators
with
that group and SYSTEM set to full control without inheritance propagated.
Under this, I have a folder owned by another account with only that account
granted
full cont
> I think I understand your setup, which I've simulated below: an
> "ownership" directory owned by Admins and with SYSTEM & Admins only
> having full control. No inheritance; no propagation. Then an
> "other-account" directory below it; again, no inheritance and owned by a
> different account which
On 21/01/2014 15:36, Joseph L. Casale wrote:
> I have a scenario where I have a directory owned by localhost\Administrators
> with
> that group and SYSTEM set to full control without inheritance propagated.
>
> Under this, I have a folder owned by another account with only that account
> granted
I have a scenario where I have a directory owned by localhost\Administrators
with
that group and SYSTEM set to full control without inheritance propagated.
Under this, I have a folder owned by another account with only that account
granted
full control.
If I elevate my token and run:
win32secu
