/// <summary>
/// Create a SYSTEM_SCOPED_POLICY_ID_ACE with specified SID and optional ACE_FLAGS.
/// </summary>
/// <param name="sid">A SID that identifies a central access policy.</param>
/// <param name="flags">An unsigned 8-bit integer that specifies a set of ACE type-specific control flags. </param>
/// <returns>Return the ACE.</returns>
public static _SYSTEM_SCOPED_POLICY_ID_ACE CreateSystemScopedPolicyIdAce(_SID sid,
ACE_FLAGS flags = ACE_FLAGS.OBJECT_INHERIT_ACE | ACE_FLAGS.CONTAINER_INHERIT_ACE)
{
_ACE_HEADER aceHeader = new _ACE_HEADER
{
AceFlags = flags,
AceType = ACE_TYPE.SYSTEM_SCOPED_POLICY_ID_ACE_TYPE,
// Header (4 bytes) + Mask (4 bytes) + SID length;
// For details, please refer to MS-DTYP.
AceSize = (ushort)(4 + 4 + DtypUtility.SidLength(sid)),
};
_SYSTEM_SCOPED_POLICY_ID_ACE ace = new _SYSTEM_SCOPED_POLICY_ID_ACE
{
Header = aceHeader,
Mask = 0, // An ACCESS_MASK that MUST be set to zero.
Sid = sid,
};
return ace;
}
/// <summary>
/// Create an ACCESS_DENIED_ACE by using specific SID, access mask and optional ace flags.
/// </summary>
/// <param name="sid">The SID of the trustee.</param>
/// <param name="mask">An ACCESS_MASK that specifies the user rights denied by this ACE.</param>
/// <param name="flags">ACE type-specific control flags in the ACE header.</param>
/// <returns>The constructed ACCESS_DENIED_ACE structure</returns>
public static _ACCESS_DENIED_ACE CreateAccessDeniedAce(_SID sid, uint mask, ACE_FLAGS flags = ACE_FLAGS.None)
{
_ACE_HEADER aceHeader = new _ACE_HEADER
{
AceFlags = flags,
AceType = ACE_TYPE.ACCESS_DENIED_ACE_TYPE,
// Header (4 bytes) + Mask (4 bytes) + SID length;
// For details, please refer to MS-DTYP.
AceSize = (ushort)(4 + 4 + DtypUtility.SidLength(sid)),
};
_ACCESS_DENIED_ACE ace = new _ACCESS_DENIED_ACE
{
Header = aceHeader,
Mask = mask,
Sid = sid,
};
return ace;
}
