Security Objects

The interface "ISecurityObject" implements the most important functionality you'll need when dealing with security objects. A security object is any object which can be secured like shares, files, printers, and more. A list of methods and properties is contained in the ISecurityObject Reference.

type ISecurityObject = interface (IBasic) ['{810A7100-4813-11D3-A52D-00005A180D69}'];

Getting a "ISecurityObject" instance is quite easy. Simply enter the name/path or the handle of the object. In win9x only printer and file security objects are supported. Furthermore in win9x the security stuff takes effect only when used in combination with Shares. Supported security objects in winNT/2000 are printers, files/folders, shares, registry keys, services, window objects and kernel objects (e.g. processes).

function PrinterSecurity      (nameOrUnc : wideString) : ISecurityObject; overload;
function PrinterSecurity      (handle    : cardinal  ) : ISecurityObject; overload;

function FileSecurity         (pathOrUnc : wideString) : ISecurityObject; overload;
function FileSecurity         (handle    : cardinal  ) : ISecurityObject; overload;

function ShareSecurity        (nameOrUnc : wideString) : ISecurityObject;

function RegistrySecurity     (pathOrUnc : wideString) : ISecurityObject; overload;
function RegistrySecurity     (key       : HKEY      ) : ISecurityObject; overload;

function ServiceSecurity      (nameOrUnc : wideString) : ISecurityObject; overload;
function ServiceSecurity      (handle    : cardinal  ) : ISecurityObject; overload;

function WindowObjectSecurity (nameOrUnc : wideString) : ISecurityObject; overload;
function WindowObjectSecurity (handle    : cardinal  ) : ISecurityObject; overload;

function KernelObjectSecurity (handle    : cardinal  ) : ISecurityObject;

// Example:
with FileSecurity(WinFolder) do ...

The following property returns the type of the security object:

type TSecurityObjectType = (seUnknown, seFile, seService, sePrinter, seRegistry,
                                       seShare, seKernelObject, seWindowObject);

property ISecurityObject.Type_ : TSecurityObjectType;

The properties "Name" and "Handle" return whatever you gave in to create the security object. Only the values you gave in are available. You can't enter a handle and expect "Name" to return anything.

property ISecurityObject.Name   : wideString;
property ISecurityObject.Handle : cardinal;

The following properties give you access to the security parameters of the current security object, which are the owner of the object, the primary group, to which the object belongs and the discretionary and system ACL of the object.

property ISecurityObject.Owner         : IAccount;
property ISecurityObject.Group         : IAccount;
property ISecurityObject.DAcl          : IAcl;
property ISecurityObject.SAcl          : IAcl;
property ISecurityObject.ProtectedDAcl : boolean;
property ISecurityObject.ProtectedSAcl : boolean;

// Examples:
FileSecurity(WinFolder).Owner := CurrentUser;  // set the owner of the Windows folder
RegistrySecurity(aRegKey).DAcl.Deallocate;     // grant access for everyone to a registry key