On 18/03/2011 10:33 PM, Randy Syring wrote:
Ok, I read up on my accronyms. Is there anything in the windows python
landscape that implements SD<=> SDDL or would be a building block to
doing so?
See my slightly later post for an example.
[Tim Golden]
The additional complication with ACLs (especially when it comes
to restoring them) is coping with the levels of inheritance and
override.
Dully noted. Any advice or code examples that might help with this?
Not much:
* Use Backup (for reading) and Restore (for writing) privileges
to get/set the permissions. They're intended for your very
use case.
* The standard SetSecurityInfo handles the inheritance for you IIRC
but also -- helpfully -- ignores it when you try to set a permission
which is already inherited. I haven't looked at this recently but
I'm fairly sure that's what I remember. This means that you might
just be able to run down the tree restoring files and applying
security willy-nilly and get away with it.
One obvious issue is mapping SIDs, if you're restoring onto a system
which wasn't the originator, or if accounts have been removed since
then...
TJG
_______________________________________________
python-win32 mailing list
python-win32@python.org
http://mail.python.org/mailman/listinfo/python-win32
