While implementing a piece code to fetch the ACE's for owner and group, I am using this code as an inspiration.
To test this code, I created a file in a folder.
In an elevated command prompt, I run the app (exe created from above code) with file name as an input and see the output which is as below
C:\>C:\Users\user\Documents\VS2017\Project4\Debug\Project4.exe C:\Deny\file.txt
file:C:\Deny\file.txt
Owner: DOMAIN/user
Group: DOMAIN/user
::DACL::
GetAce Output : 1
SID: DOMAIN/user
ACE: mask:2032127 sidStart:1281 header type=1 header flags=0
DELETE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
::SECURITY_DESCRIPTOR_CONTROL::
SE_DACL_PRESENT
SE_DACL_PROTECTED
SE_SELF_RELATIVE
I right click the same file and in the security settings, I deny all the permissions to the file for the same user.
I again run the app on this file and I still get the same output
C:\>C:\Users\user\Documents\VS2017\Project4\Debug\Project4.exe C:\Deny\file.txt
file:C:\Deny\file.txt
Owner: DOMAIN/user
Group: DOMAIN/user
::DACL::
GetAce Output : 1
SID: DOMAIN/user
ACE: mask:2032127 sidStart:1281 header type=1 header flags=0
DELETE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
::SECURITY_DESCRIPTOR_CONTROL::
SE_DACL_PRESENT
SE_DACL_PROTECTED
SE_SELF_RELATIVE
Am I missing something ? I tried to understand this code and I could not figure out any obvious mistakes.