C++ Classes For Manipulating NT Security
While the concepts behind NT's security are fairly simple, the variable size of the data structures makes management tedious at best and therefore is a prime target for encapsulation. The accompanying C++ classes (which should be self-explanatory) attempt to simplify the interface by providing a straighforward interface to the relevant objects.Example Applications
The WHOAMI Program
The simplest of the sample applications is WHOAMI, which finds the current user's SID and translates it into the related domain and account name through the use of theSecurityIdentifier
class.The ACCESS Program
The ACCESS program is useful for inspecting the security information of NTFS(1) files. Users familiar with the Security functionality of the NT File Manager will notice that ACCESS shows considerably more information about the security attributes of the file than is shown (or even possible to manipulate) using the File Manager. While the File Manager's security management is flexible, it actually supports only a small subset of the security functionality available in NT. ACCESS demonstrates the use of theSecurityDescriptor
, AccessControlList
, and AccessControlEntry
objects for querying the security information of a filesystem object.The RESTRICT Program
To demonstrate the modification of a file's discretionary ACL, the RESTRICT program builds an ACL that permits read-only access to the indicated files by all but the owner of the file. This is conceptually similar to the ATTRIB -R command found in MS-DOS, but shows the additional flexibility of NT's security subsystem. RESTRICT demonstrates the use of theAccessControlList
class to build a new ACL.The PROTECT Program
As mentioned at the beginning of this document, it's possible to harden your system against viruses through the use of security mechanisms. The PROTECT program, when run by an administrator, changes the owner and permissions of all executable files in such a way as to make it difficult or impossible for a virus to alter executables. Provided that users normally work without administrator privileges a system protected in this manner should be relatively invulnerable to infection.---------------
(1) NTFS is the only filesystem currently supported by NT which implements security.
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it!
ليست هناك تعليقات:
إرسال تعليق