question

JiShirley-1989 avatar image
1 Vote"
JiShirley-1989 asked SongZhu-MSFT commented

Local Service application can't use GetNamedSecurityInfo when Win10 OS upgraded to Version 20H2

I wrote a service program running as a local service account.
This service used to use GetNamedSecurityInfo to obtain folder related access rights and it works fine. Recently, I upgraded to 20h2 version of win10 and found that there were some different return values in this interface.

I use the sample code https://docs.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-geteffectiverightsfromacla
to get folder C:\Users\Admin\Documents\NewFolder Local Service access permission.
NewFolder has no local service permission.
The previous version was win10 2004, I never get error from GetNamedSecurityInfo, and AuthzAccessCheck can get accessMask without error.

After win10 upgrade to 20H2, I get errorcode = 5 when call GetNamedSecurityInfo,

Any comments or something I don't know?

windows-apic++
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SongZhu-MSFT avatar image
0 Votes"
SongZhu-MSFT answered SongZhu-MSFT commented

I tested the sample, and GetNamedSecurityInfo can get folder C:\Users\Admin\Documents\NewFolder Local Service access permission. This may be related to the permissions in your system. Refer to: GetNamedSecurityInfo returns ERROR_ACCESS_DENIED(5) when writting owner of a remote Windows shared folder

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks ,its my system access right setting problem. I will close it.

0 Votes 0 ·
SongZhu-MSFT avatar image SongZhu-MSFT ShirleyShenghuaJi-0368 ·

Hi,if this answer did help to you, please feel free to mark it to help people with the same issue, and let me know if you have any problem.Thanks.

0 Votes 0 ·
ShirleyShenghuaJi-0368 avatar image
0 Votes"
ShirleyShenghuaJi-0368 answered

Thanks, I found that this is my machine configuration problem. If I don't have partial permissions under the users folder, calling GetNamedSecurityInfo will return 5,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.