Software security policy

I am working on Software security policy and would like to know how to apply security policies on particular file.

Are there and APIs available. ?

Thanks,
Jayashree

A particular file contained in a particular filesystem? The filesystem
itself provides security policies through standard Windows APIs. Perhaps I
am misunderstanding your question?

=====================
Mark Roddy
Windows .NET/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jayashree Thite
Sent: Tuesday, March 08, 2005 6:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Software security policy

I am working on Software security policy and would like to know how to apply
security policies on particular file.

Are there and APIs available. ?

Thanks,
Jayashree

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi,
HANDLE CreateFile(

LPCTSTR lpFileName, // file name

DWORD dwDesiredAccess, // access mode

DWORD dwShareMode, // share mode

LPSECURITY_ATTRIBUTES lpSecurityAttributes, // SD

DWORD dwCreationDisposition, // how to create

DWORD dwFlagsAndAttributes, // file attributes

HANDLE hTemplateFile // handle to template file

);
Security Attributes parameter is used to apply security policies on a
particular file.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jayashree Thite
Sent: Wednesday, March 09, 2005 5:12 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Software security policy

I am working on Software security policy and would like to know how to
apply security policies on particular file.

Are there and APIs available. ?

Thanks,
Jayashree

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

xxxxx@wipro.com wrote:

*HANDLE CreateFile(
LPCTSTR*/ lpFileName/*, *// file name
* DWORD*/ dwDesiredAccess/*, *// access mode
*DWORD* /dwShareMode/*,* * * // share mode
* LPSECURITY_ATTRIBUTES*/ lpSecurityAttributes/*,* // SD
* DWORD*/ dwCreationDisposition/*, *// how to create
* DWORD*/ dwFlagsAndAttributes/*, *// file attributes
* HANDLE*/ hTemplateFile/ * * // handle to template file
*);*

Security Attributes parameter is used to apply security policies on a particular file.

The comment says: It’s an SD *.

WHAT is it that you’re trying to accomplish? What, specifically, do you
mean by “apply security policies on a particular file.” Do you mean:

a) How do I create a security descriptor

b) How do I interpret the meaning of a security descriptor?

c) How do I associate an already created security descriptor with a file
on a specific file system, such as NTFS, that implements security?

d) How do I create a driver that sits above file systems that do not
implement security, such as all the MS supplied file systems OTHER THAN
NTFS, that implement security policies for a particular file?

C’mon… at the very least give us a freakin’ clue about what you’re asking.

Peter
OSR

I am working on windows XP. And i want to apply software security policies(SAFER) on a particular file which is present on the file system for example notepad.exe .

Are there any APIs to do the same.

Thanks
----- Original Message -----
From: Mark Roddy
To: Windows System Software Devs Interest List
Sent: Tuesday, March 08, 2005 4:45 PM
Subject: RE: [ntdev] Software security policy

A particular file contained in a particular filesystem? The filesystem itself provides security policies through standard Windows APIs. Perhaps I am misunderstanding your question?

=====================
Mark Roddy
Windows .NET/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com


From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jayashree Thite
Sent: Tuesday, March 08, 2005 6:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Software security policy

I am working on Software security policy and would like to know how to apply security policies on particular file.

Are there and APIs available. ?

Thanks,
Jayashree

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

I am working on windows XP. And i want to apply software security
policies(SAFER) on a particular file which is present on the file system for
example notepad.exe .

Are there any APIs to do the same.?

Thanks
----- Original Message -----
From: “Peter Viscarola (OSR)”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, March 09, 2005 7:09 AM
Subject: Re:[ntdev] Software security policy

> xxxxx@wipro.com wrote:
>>
>> HANDLE CreateFile(
>> LPCTSTR
/ lpFileName/, // file name
>> * DWORD
/ dwDesiredAccess/
, // access mode
>> DWORD /dwShareMode/
,* * * // share mode
>> * LPSECURITY_ATTRIBUTES*/ lpSecurityAttributes/, // SD
>> * DWORD*/ dwCreationDisposition/, // how to create
>> * DWORD
/ dwFlagsAndAttributes/
, // file attributes
>> * HANDLE
/ hTemplateFile/ * * // handle to template
>> file
>> );
>>
>> Security Attributes parameter is used to apply security policies on a
>> particular file.
>>
>
> The comment says: It’s an SD *.
>
> WHAT is it that you’re trying to accomplish? What, specifically, do you
> mean by “apply security policies on a particular file.” Do you mean:
>
> a) How do I create a security descriptor
>
> b) How do I interpret the meaning of a security descriptor?
>
> c) How do I associate an already created security descriptor with a file
> on a specific file system, such as NTFS, that implements security?
>
> d) How do I create a driver that sits above file systems that do not
> implement security, such as all the MS supplied file systems OTHER THAN
> NTFS, that implement security policies for a particular file?
>
>
> C’mon… at the very least give us a freakin’ clue about what you’re
> asking.
>
> Peter
> OSR
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@solidcore.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Jayashree Thite wrote:

I am working on windows XP. And i want to apply software security
policies(SAFER) on a particular file which is present on the file
system for example notepad.exe .

Are there any APIs to do the same.

What do you mean by “software security policy”? If you are talking
about adjusting the permissions at a user/group level, there are
certainly APIs to do that. Look for APIs like InitializeACL,
AddAccessAllowedAce, AddAccessDeniedAce, SetAclInformation. There are
even samples in the SDK. However, this is an extremely complicated
topic, with its own custom vocabulary and a large set of acronyms. Be
prepared to spend some study time.

I think Jayashree is refering to “Software Restriction Policies”, but I’m
not sure.
You can read about it in:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

Jayashree, if you are refering to Software Restriction Policies, they are
controlled by the GPO.
GPO integration is very well documented. If you like, you can contact me off
list and I’ll send you some API’s you can use.
Anyways, I’m not sure this is related to this mailing list…

Shahar

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Wednesday, March 09, 2005 8:24 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Software security policy

Jayashree Thite wrote:

I am working on windows XP. And i want to apply software security
policies(SAFER) on a particular file which is present on the file
system for example notepad.exe .

Are there any APIs to do the same.

What do you mean by “software security policy”? If you are talking about
adjusting the permissions at a user/group level, there are certainly APIs to
do that. Look for APIs like InitializeACL, AddAccessAllowedAce,
AddAccessDeniedAce, SetAclInformation. There are even samples in the SDK.
However, this is an extremely complicated topic, with its own custom
vocabulary and a large set of acronyms. Be prepared to spend some study
time.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@safend.com
To unsubscribe send a blank email to xxxxx@lists.osr.com