This simple code excerpt can only be run under SYSTEM account (say in a service). It retrieves the token from the logged on user – especially the user at the physical console. Or in other words the user data of the person that sits in front of the computer. The main code which does the [...]

This is just an index of available units of the JEDI Windows Security Code Library. Find out more about these units in the corresponding help documentation by clicking on it. The help is also available from the JWSCL doc site. And if you seek an offline version with search function, download it directly from [...]

A NULL-DACL (or nil if you wish) defines a none existing discretionary access control list. If the system encounters such a nil pointer, it automatically grants access to all principals including foreigners who are not authenticated.

WinAPI receives a nil pointer and checks for a flag like SE_DACL_PRESENT (security descriptor flag) or DACL_SECURITY_INFORMATION (functions like [...]

The order of access control elements in an access control list is the following:

explicit Deny elements
explicit Allow elements
inherited Deny elements
inherited Deny elements

It is also called the canonical order.

In Windows XP there is a simple way to obtain the image you can see on the logon desktop right next to the username. All images are located in one folder and named after the user’s name.
“C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\User Account Pictures\<username>.bmp”

I am using a german translation, so you dont just copy the path into [...]

Because exceptions are more likely to be noticed.
Nearly all Windows API functions use boolean return values in combination with GetLastError. However a programmer is not binded to check for a return value or use GetLastError. In contrast to return values, exceptions are more shattering. You have to catch them or otherwise the following code will [...]

It is used for debugging purposes only.
Define DEBUG in compiler directives in your project settings to enable it. You can get information about the SID and display them in the watch window or use the mouse hoover feature.

There are many error messages in a Windows System. Actually a MSDN article describes them – or better: part of them. However they weren’t enough for me, so I decided to get all of them.

Our sample codes are often not complete as they were posted.
Here are the reasons:

We are lazy
Samples are called samples because they aren’t whole projects. Neither are examples.
Long lines of code are boring to read
Readers should not expect from us to do their work
It is more fun to create your own code
Readers should start thinking instead [...]

This discussion continues How to use a SecurityAttribute structure.
Last time we used the SecurityAttribute parameter in CreateFile to change the security descriptor of the newly created file. However this approach did not add inherited access control elements from the parent folder. We are about to change that.
Filesystem and Registry-key inheritance is implemented since Windows 2000 [...]