mk:@MSITStore:C:\MSDN98\98VS\2052\winbase.chm::/devdoc/live/pdwbase/accctrl_2hf0.htm
Access Control
The security provisions of Microsoft® Windows NT® are automatically available to Win32-based applications. Every application running on the system is subject to the security imposed by the particular configuration of the local Windows NT implementation. Windows NT is the only platform that supports Win32 security.
The impact of Windows NT security on most Win32 functions is minimal, and a Win32-based application not requiring security functionality usually does not need to incorporate any special code. However, you can use the security features of Windows NT to provide a number of services to a Win32-based application.
This overview describes the Windows NT security model for controlling access to Win32 objects such as files, and for controlling access to administrative functions such as setting the system time or auditing user actions. The Access-Control Model topic provides a high-level description of the access control components and how they interact with each other. Following this description are topics that discuss the access-control components:
Access Tokens
Security Descriptors
Access-Control Lists (ACLs)
Access-Control Entries (ACEs)
Access Rights and Access Masks
Security Identifiers (SIDs)
The following topics discuss common access-control tasks:
Modifying an Object's Security Descriptor
Checking a Thread's Access to an Object
Controlling Child Object Creation
Controlling Access to an Object's Properties
Requesting Access Rights to an Object
The following topics provide sample code for access-control tasks:
Modifying an Object's ACLs
Creating a Security Descriptor for a New Object
Enabling and Disabling Privileges
Searching for a SID in an Access Token
Taking Object Ownership
Converting a Binary SID to String Format
CreateDirectory
The CreateDirectory function creates a new directory. If the underlying file system supports security on files and directories, the function applies a specified security descriptor to the new directory. Note that CreateDirectory does not have a template parameter, while CreateDirectoryEx does.
BOOL CreateDirectory(
LPCTSTR lpPathName, // pointer to directory path string
LPSECURITY_ATTRIBUTES lpSecurityAttributes // pointer to security descriptor
);
Parameters
lpPathName
Pointer to a null-terminated string that specifies the path of the directory to be created.
There is a default string size limit for paths of MAX_PATH characters. This limit is related to how the CreateDirectory function parses paths.
Windows NT: An application can transcend this limit and send in paths longer than MAX_PATH characters by calling the wide (W) version of CreateDirectory and prepending "\\?\" to the path. The "\\?\" tells the function to turn off path parsing; it lets paths longer than MAX_PATH be used with CreateDirectoryW. However, each component in the path cannot be more than MAX_PATH characters long. This also works with UNC names. The "\\?\" is ignored as part of the path. For example, "\\?\C:\myworld\private" is seen as "C:\myworld\private", and "\\?\UNC\bill_g_1\hotstuff\coolapps" is seen as "\\bill_g_1\hotstuff\coolapps".
lpSecurityAttributes
Windows NT: Pointer to a SECURITY_ATTRIBUTES structure. The lpSecurityDescriptor member of the structure specifies a security descriptor for the new directory. If lpSecurityAttributes is NULL, the directory gets a default security descriptor. The target file system must support security on files and directories for this parameter to have an effect.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.