INFO: Extracting the SID from an ACE (102101)


The information in this article applies to:

  • Microsoft Win32 Application Programming Interface (API), when used with:
    • the operating system: Microsoft Windows NT 3.1
    • the operating system: Microsoft Windows NT 3.5
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows XP
This article was previously published under Q102101

SUMMARY

To access the security identifier (SID) contained in an access control entry (ACE), the following syntax can be used: 
   PSID pSID;

   if((((PACE_HEADER)pTempAce)->AceType) == ACCESS_ALLOWED_ACE_TYPE)
   {
      pSID=(PSID)&((PACCESS_ALLOWED_ACE)pTempAce)->SidStart;
   }

MORE INFORMATION

The "if" statement checks the type of ACE, which is one of the following values: 
   ACCESS_ALLOWED_ACE_TYPE
   ACCESS_DENIED_ACE_TYPE
   SYSTEM_AUDIT_ACE_TYPE
The conditional statement casts pTempAce (the pointer to the ACE) to a PACCESS_ALLOWED_ACE structure. The address of the SidStart member is then cast to a PSID and assigned to the pSID variable. pSID can now be used with any Win32 Security application programming interface (API) that takes a PSID as a parameter.
Modification Type:MajorLast Reviewed:3/29/2004
Keywords:kbACL kbinfo kbKernBase kbSecurity KB102101 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.