I have written a VC++6.0 utility that scans files and folders for various reasons and I want to add the ability to check NTFS permissions. My reason is to check which of my project leaders have been granted Full Control rights to which files and/or folders and which users have been granted rights by the project leaders to other staff. Checking manually is not practical because we have so many folders and files and most are supposed to have access removed when a project is completed. I have some questions related to this. 1. Sometimes when I call LookupAccountSid() to get the account name of the access right holder, I get an error 1332 (ERROR_NONE_MAPPED). The documentation mentions it might be a network timeout (but I'm using only checking the local machine at the moment, I think) or a login SID. How can I find out which and what can I do to get the information? I am getting this error a lot. Could it be my account that is the login account? 2. Ideally, I'd like to look at only permissions that are not inherited from the folder above. How can I do this? I have looked at SE_DACL_AUTO_INHERIT_REQ and SE_DACL_AUTO_INHERITED in SECURITY_DESCRIPTOR_CONTROL but they are always set and I know it's not the case that all access rights are inherited and that none others exist. Anyway, the SECURITY_DESCRIPTOR_CONTROL is attached to the SECURITY_DESCRIPTOR and not the individual ACEs in the DACL so it could not say if the ACE was inherited or not. Or do I have to explicitly look at the parent object and subtract off it's ACEs from the object's ACE's to find which are not inherited. Are inherited ACE's copied into the object or must NT look all the way up the path to the root to determine the net access rights? Thanks...
