FIX: SetEntriesInAcl() May Produce Undesired Results (168574)
The information in this article applies to:
- Microsoft Win32 Application Programming Interface (API), when used with:
- the operating system: Microsoft Windows NT 3.51
- the operating system: Microsoft Windows NT 4.0
This article was previously published under Q168574 SYMPTOMS
As described in the Win32 Programmer's Reference, the SetEntriesInAcl() function creates a new access-control list (ACL) by merging new access-control or audit-control information into an existing ACL.
When you perform this merge operation on a container object ACL,
SetEntriesInAcl() occasionally discards inheritance flags. You will notice
this by closely examining the object ACL before and after calling
SetEntriesInAcl().
CAUSE
When you merge like entries, SetEntriesInAcl() often ignores dissenting
inherit flags.
RESOLUTION
If an application needs to modify ACL information and needs to produce
reliable results on any version of Windows NT 4.0 prior to Service Pack 3,
you should use the APIs documented in the Win32 Programmer's Reference
under the section titled "Low-Level Access Control Functions".
STATUS
Microsoft has confirmed this to be a bug in the Microsoft products listed
at the beginning of this article.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type: | Major | Last Reviewed: | 4/12/2004 |
---|
Keywords: | kbACL kbAPI kbbug kbfix kbKernBase kbSecurity KB168574 |
---|
|