/// <summary> /// Create a SYSTEM_SCOPED_POLICY_ID_ACE with specified SID and optional ACE_FLAGS. /// </summary> /// <param name="sid">A SID that identifies a central access policy.</param> /// <param name="flags">An unsigned 8-bit integer that specifies a set of ACE type-specific control flags. </param> /// <returns>Return the ACE.</returns> public static _SYSTEM_SCOPED_POLICY_ID_ACE CreateSystemScopedPolicyIdAce(_SID sid, ACE_FLAGS flags = ACE_FLAGS.OBJECT_INHERIT_ACE | ACE_FLAGS.CONTAINER_INHERIT_ACE) { _ACE_HEADER aceHeader = new _ACE_HEADER { AceFlags = flags, AceType = ACE_TYPE.SYSTEM_SCOPED_POLICY_ID_ACE_TYPE, // Header (4 bytes) + Mask (4 bytes) + SID length; // For details, please refer to MS-DTYP. AceSize = (ushort)(4 + 4 + DtypUtility.SidLength(sid)), }; _SYSTEM_SCOPED_POLICY_ID_ACE ace = new _SYSTEM_SCOPED_POLICY_ID_ACE { Header = aceHeader, Mask = 0, // An ACCESS_MASK that MUST be set to zero. Sid = sid, }; return ace; }
/// <summary> /// Create an ACCESS_DENIED_ACE by using specific SID, access mask and optional ace flags. /// </summary> /// <param name="sid">The SID of the trustee.</param> /// <param name="mask">An ACCESS_MASK that specifies the user rights denied by this ACE.</param> /// <param name="flags">ACE type-specific control flags in the ACE header.</param> /// <returns>The constructed ACCESS_DENIED_ACE structure</returns> public static _ACCESS_DENIED_ACE CreateAccessDeniedAce(_SID sid, uint mask, ACE_FLAGS flags = ACE_FLAGS.None) { _ACE_HEADER aceHeader = new _ACE_HEADER { AceFlags = flags, AceType = ACE_TYPE.ACCESS_DENIED_ACE_TYPE, // Header (4 bytes) + Mask (4 bytes) + SID length; // For details, please refer to MS-DTYP. AceSize = (ushort)(4 + 4 + DtypUtility.SidLength(sid)), }; _ACCESS_DENIED_ACE ace = new _ACCESS_DENIED_ACE { Header = aceHeader, Mask = mask, Sid = sid, }; return ace; }