FIX: SetEntriesInAcl() May Produce Undesired Results

 Last reviewed: October 29, 1997
Article ID: Q168574
The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API) included with: - Microsoft Windows NT versions 3.51, 4.0

SYMPTOMS

As described in the Win32 Programmer's Reference, the SetEntriesInAcl() function creates a new access-control list (ACL) by merging new access- control or audit-control information into an existing ACL.

When you perform this merge operation on a container object ACL, SetEntriesInAcl() occasionally discards inheritance flags. You will notice this by closely examining the object ACL before and after calling SetEntriesInAcl().

CAUSE

When you merge like entries, SetEntriesInAcl() often ignores dissenting inherit flags.

RESOLUTION

If an application needs to modify ACL information and needs to produce reliable results on any version of Windows NT 4.0 prior to Service Pack 3, you should use the APIs documented in the Win32 Programmer's Reference under the section titled "Low-Level Access Control Functions".

STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article. This problem has been fixed in Service Pack 3 for Windows NT 4.0.

Additional query words: winnt
Keywords : BseSecurity kbprg kbbuglist kbfixlist
Version : 3.51 4.0
Platform : NT WINDOWS
Issue type : kbbug
Solution Type : kbfix

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: October 29, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.