SetEntriesInAcl (2, ea, NULL, & pACL); SetEntriesInAcl (1, ea, NULL, & pACL); - 1 . , SetEntriesInAcl.
:
EXPLICIT_ACCESS ea = {
STANDARD_RIGHTS_ALL,SET_ACCESS, NO_INHERITANCE, { 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_WELL_KNOWN_GROUP, (LPTSTR)pEveryoneSID }
};
PACL pACL;
if (SetEntriesInAcl(1, &ea, NULL, &pACL) == ERROR_SUCCESS)
{
}
access may also be denied based on integrity. you need to check the version of os, and if vista + install LowLabel in the security descriptor. and can use 0 DACL. (by default, the system assumes MediumLabelSid if it is not explicitly set, as a result of which LowIntegrity clients fail with an open channel, but for a conventional solution, it is not enough for client clients for @Remy Lebeau)
PSECURITY_DESCRIPTOR pSecurityDescriptor = (PSECURITY_DESCRIPTOR)alloca(SECURITY_DESCRIPTOR_MIN_LENGTH);
BOOL fOk = FALSE;
if (
InitializeSecurityDescriptor(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION)
&&
SetSecurityDescriptorDacl(pSecurityDescriptor, TRUE, 0, 0)
)
{
RTL_OSVERSIONINFOW rov = { sizeof (rov)};
if (0 <= RtlGetVersion(&rov))
{
if (rov.dwMajorVersion < 6)
{
fOk = TRUE;
}
else
{
PSID LowLabelSid = (PSID)alloca(64);
ULONG cbSid = 64;
if (CreateWellKnownSid(::WinLowLabelSid, 0, LowLabelSid, &cbSid))
{
::PACL LowLabelAcl = (::PACL)alloca(64+cbSid);
InitializeAcl(LowLabelAcl, 64+cbSid, ACL_REVISION);
if (AddMandatoryAce(LowLabelAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, LowLabelSid))
{
fOk = SetSecurityDescriptorSacl(pSecurityDescriptor, TRUE, LowLabelAcl, FALSE);
}
}
}
}
}