private static extern int GetAuditedPermissionsFromAcl(
			IntPtr pacl,
			ref TRUSTEE2 pTrustee,
			ref uint pSuccessfulAuditedRights,
			ref uint pFailedAuditedRights);
		private static extern int GetEffectiveRightsFromAcl(IntPtr pacl,
			ref TRUSTEE2 pTrustee,
			ref UInt32 pAccessRights);			
		private bool GetEffectiveSecurityAccessRights()
		{						
			try
			{
				bool daclPresent = false;
				bool defaulted = false;										
				int sidSize = 0;					
				SID_NAME_USE usage = SID_NAME_USE.SidTypeGroup;
				StringBuilder domain = new StringBuilder(80);
				int domainSize = 80;			

				// lookup the account name, first call gets the size
				LookupAccountName(IntPtr.Zero, _accountName, IntPtr.Zero, ref sidSize, domain, ref domainSize, ref usage);

				// allocate the memory for the SID
				_pSid = Marshal.AllocHGlobal(sidSize);

				// and calling again we get the sid
				domainSize = 80;
				LookupAccountName(IntPtr.Zero, _accountName, _pSid, ref sidSize, domain, ref domainSize, ref usage);

				// Create a the Trustee data structure.
				TRUSTEE2 trustee = new TRUSTEE2();
				trustee.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
				trustee.pMultipleTrustee = IntPtr.Zero;
				trustee.ptstrName = _pSid;
				trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID;
				trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_UNKNOWN;

				this.GetFileSecurityDescriptor(_path, SecurityInformation.DACL, out _pSecurityDescriptor);
				if (_pSecurityDescriptor == IntPtr.Zero)
				{
					System.Diagnostics.Trace.WriteLine("File security descriptor is null");
					return false;;
				}
														
				// get the dacl from the descriptor				
				GetSecurityDescriptorDacl(_pSecurityDescriptor, ref daclPresent, out _pDacl, ref defaulted);
																															   
				// if the dacl is null or one is not found then all access is allowed																					
				if (!daclPresent || _pDacl == IntPtr.Zero)
					return true;
									
				// get the rights for the dacl
				int result = GetEffectiveRightsFromAcl(_pDacl, ref trustee, ref _accessGranted);
//				int result = GetAuditedPermissionsFromAcl(_pDacl, ref trustee, ref _accessGranted, ref _accessDenied);

				if (result != ERROR_SUCCESS)
					throw new System.ComponentModel.Win32Exception(result);

				return true;							
			}
			catch(System.Exception systemException)
			{
				System.Diagnostics.Trace.WriteLine(systemException);
			}
			// by default fail on the side of good
			return true;
		}
 private static extern int GetAuditedPermissionsFromAcl(
     IntPtr pacl,
     ref TRUSTEE2 pTrustee,
     ref uint pSuccessfulAuditedRights,
     ref uint pFailedAuditedRights);
 private static extern int GetEffectiveRightsFromAcl(IntPtr pacl,
                                                     ref TRUSTEE2 pTrustee,
                                                     ref UInt32 pAccessRights);
        private bool GetEffectiveSecurityAccessRights()
        {
            try
            {
                bool          daclPresent = false;
                bool          defaulted   = false;
                int           sidSize     = 0;
                SID_NAME_USE  usage       = SID_NAME_USE.SidTypeGroup;
                StringBuilder domain      = new StringBuilder(80);
                int           domainSize  = 80;

                // lookup the account name, first call gets the size
                LookupAccountName(IntPtr.Zero, _accountName, IntPtr.Zero, ref sidSize, domain, ref domainSize, ref usage);

                // allocate the memory for the SID
                _pSid = Marshal.AllocHGlobal(sidSize);

                // and calling again we get the sid
                domainSize = 80;
                LookupAccountName(IntPtr.Zero, _accountName, _pSid, ref sidSize, domain, ref domainSize, ref usage);

                // Create a the Trustee data structure.
                TRUSTEE2 trustee = new TRUSTEE2();
                trustee.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
                trustee.pMultipleTrustee         = IntPtr.Zero;
                trustee.ptstrName   = _pSid;
                trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID;
                trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_UNKNOWN;

                this.GetFileSecurityDescriptor(_path, SecurityInformation.DACL, out _pSecurityDescriptor);
                if (_pSecurityDescriptor == IntPtr.Zero)
                {
                    System.Diagnostics.Trace.WriteLine("File security descriptor is null");
                    return(false);;
                }

                // get the dacl from the descriptor
                GetSecurityDescriptorDacl(_pSecurityDescriptor, ref daclPresent, out _pDacl, ref defaulted);

                // if the dacl is null or one is not found then all access is allowed
                if (!daclPresent || _pDacl == IntPtr.Zero)
                {
                    return(true);
                }

                // get the rights for the dacl
                int result = GetEffectiveRightsFromAcl(_pDacl, ref trustee, ref _accessGranted);
//				int result = GetAuditedPermissionsFromAcl(_pDacl, ref trustee, ref _accessGranted, ref _accessDenied);

                if (result != ERROR_SUCCESS)
                {
                    throw new System.ComponentModel.Win32Exception(result);
                }

                return(true);
            }
            catch (System.Exception systemException)
            {
                System.Diagnostics.Trace.WriteLine(systemException);
            }
            // by default fail on the side of good
            return(true);
        }