You are currently offline, waiting for your internet to reconnect

FIX: SetEntriesInAcl() May Produce Undesired Results

This article was previously published under Q168574
This article has been archived. It is offered "as is" and will no longer be updated.
As described in the Win32 Programmer's Reference, the SetEntriesInAcl() function creates a new access-control list (ACL) by merging new access-control or audit-control information into an existing ACL.

When you perform this merge operation on a container object ACL,SetEntriesInAcl() occasionally discards inheritance flags. You will noticethis by closely examining the object ACL before and after callingSetEntriesInAcl().
When you merge like entries, SetEntriesInAcl() often ignores dissentinginherit flags.
If an application needs to modify ACL information and needs to producereliable results on any version of Windows NT 4.0 prior to Service Pack 3,you should use the APIs documented in the Win32 Programmer's Referenceunder the section titled "Low-Level Access Control Functions".
Microsoft has confirmed this to be a bug in the Microsoft products listedat the beginning of this article.Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Article ID: 168574 - Last Review: 02/24/2014 08:28:33 - Revision: 3.1

Microsoft Win32 Application Programming Interface

  • kbnosurvey kbarchive kbacl kbapi kbbug kbfix kbkernbase kbsecurity KB168574