SetNamedSecurityInfo() returns : Error: (1307)

Accepted answer

RLWA32 45,476 Reputation points

2024-07-03T09:14:40.02+00:00
To set the owner SID in a security descriptor to a SID that is not in your own token you need to

Run as Administrator

Enable the SE_RESTORE_NAME privilege in your token

From Privilege Constants documentation for SE_RESTORE_NAME - - "This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file."
Please sign in to rate this answer.

2 people found this answer helpful.
Jean-Pierre Ribeauville 80 Reputation points

2024-07-03T09:28:06.43+00:00

Hi,
Thx for infos.
Is it possible to start my chown.exe without being Administrator and elevated the created process within the code of this process ?
Hope my question in understandable ..
Thx.

RLWA32 45,476 Reputation points

2024-07-03T10:20:16.3266667+00:00

A process created by a standard user account (i.e., non-Administrator) cannot elevate itself. A process created by an account that is a member of the Administrators group will ordinarily run with the filtered token created by UAC without elevated privileges.

A process can use ShellExecute(Ex) with the "runas" verb to request the system to start a new process with elevated privileges. When this is done by a process running under a standard user account UAC will issue a credential prompt to obtain the credentials of an Administrator. If valid credentials are supplied then the new process will be started with elevated privileges running under the Administrator account, not the account of the standard user. If the process calling ShellExecute(Ex) is running with a UAC filtered token for a member of the Administrators group then UAC issues a consent prompt instead.

In both cases a new process is started. You cannot elevate a process that is running without elevated privileges under a standard user account.

Jean-Pierre Ribeauville 80 Reputation points

2024-07-03T12:05:02.5233333+00:00

Many thanks for all these infos.
J.P.

RLWA32 45,476 Reputation points

2024-07-03T12:44:05.2266667+00:00

@Jean-Pierre Ribeauville You're welcome. If your question about SetNamedSecurityInfo has been resolved you could accept the Answer to close the question.

With respect to running with Administrator privileges you might find the following to be of interest - Developing Applications that Require Administrator Privilege
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

SetNamedSecurityInfo() returns : Error: (1307)

0 additional answers

Your answer