Office app question

Hi all,

I have a filter that runs on top of the smbmrx redirector. I am having a
problem with office apps in certain situations. Specifically, when I do a
save on a powerpoint file that I have newly created and then opened and
modified, the save fails. It is failing because powerpoint creates a tmp
file, sends an IRP_MJ_SET_SECURITY on it, and then can’t open it later,
because the security descriptor it sets has no ACEs that allow anything
(deduced from !sd). Thus the IRP_MJ_CREATE on the tmp file fails with

The same exact scenario on a file that my filter isn’t “interested in” works
fine, and the same IRP_MJ_SET_SECURITY sets an SD that has ACEs allowing

There appears to be no significant difference in the I/O sequence in both
cases (according to filemon), and I cannot figure out why powerpoint decides
to set a security descriptor with no ACEs.

Can anyone point me in any direction that could reveal this information, or
offer a theory as to why powerpoint decides to do this? Any help is