The function sets full file / folder permissions for the specified user or group.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
uses Winapi.AclAPI, Winapi.AccCtrl; ... var path: string; userName: string; begin path:= 'C:\Program Files'; userName:= 'Администраторы'; SetNTFSRules(path, userName); end; |
Options
path - path to file or folder
userName - username or group name
In order not to specify the group name explicitly, since it depends on the system language, you can use the function: Find out the name of a user or group by SID.
Result
True - on success, False - on failure
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
function SetNTFSRules(FileName, UserName: string) : Boolean; var dwSize, dwError : DWord; bDaclPresent : Bool; bDaclDefaulted : Bool; ea : EXPLICIT_ACCESS; OldAcl : PACL; NewAcl : PACL; psd : PSECURITY_DESCRIPTOR; sd : SECURITY_DESCRIPTOR; begin Result:= False; psd := nil; NewAcl := nil; if not GetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION, Pointer(1), 0, dwSize) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) then try psd := HeapAlloc(GetProcessHeap, 8, dwSize); if psd <> nil then begin BuildExplicitAccessWithName(@ea, PChar(UserName), FILE_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT); Result := GetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION, psd, dwSize, dwSize) and GetSecurityDescriptorDacl(psd, bDaclPresent, OldAcl, bDaclDefaulted) and (SetEntriesInAcl(1, @ea, OldAcl, NewAcl) = ERROR_SUCCESS) and InitializeSecurityDescriptor(@sd, SECURITY_DESCRIPTOR_REVISION) and SetSecurityDescriptorDacl(@sd, True, NewAcl, False) and SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION, @sd); end finally dwError := GetLastError; if NewAcl <> nil then LocalFree(HLocal(NewAcl)); if psd <> nil then HeapFree(GetProcessHeap, 0, psd); SetLastError(dwError); end end; |