def CreatePipeSecurityObject(self): # Create a security object giving World read/write access, # but only "Owner" modify access. sa = pywintypes.SECURITY_ATTRIBUTES() sidEveryone = pywintypes.SID() sidEveryone.Initialize(SECURITY_WORLD_SID_AUTHORITY, 1) sidEveryone.SetSubAuthority(0, SECURITY_WORLD_RID) #sidLocalAdministrator = pywintypes.SID() #sidLocalAdministrator.Initialize(SECURITY_NT_AUTHORITY,2) #sidLocalAdministrator.SetSubAuthority(0, SECURITY_BUILTIN_DOMAIN_RID) #sidLocalAdministrator.SetSubAuthority(1, DOMAIN_ALIAS_RID_ADMINS) sidCreator = pywintypes.SID() sidCreator.Initialize(SECURITY_CREATOR_SID_AUTHORITY, 1) sidCreator.SetSubAuthority(0, SECURITY_CREATOR_OWNER_RID) acl = pywintypes.ACL() acl.AddAccessAllowedAce(FILE_GENERIC_READ | FILE_GENERIC_WRITE, sidEveryone) #acl.AddAccessAllowedAce(FILE_GENERIC_READ|FILE_GENERIC_WRITE, sidLocalAdministrator) acl.AddAccessAllowedAce(FILE_ALL_ACCESS, sidCreator) sa.SetSecurityDescriptorDacl(1, acl, 0) return sa
def createEventSecurityObject(): # Create a security object giving World read/write access, # but only "Owner" modify access. sa = pywintypes.SECURITY_ATTRIBUTES() sidEveryone = pywintypes.SID() sidEveryone.Initialize(ntsecuritycon.SECURITY_WORLD_SID_AUTHORITY, 1) sidEveryone.SetSubAuthority(0, ntsecuritycon.SECURITY_WORLD_RID) sidCreator = pywintypes.SID() sidCreator.Initialize(ntsecuritycon.SECURITY_CREATOR_SID_AUTHORITY, 1) sidCreator.SetSubAuthority(0, ntsecuritycon.SECURITY_CREATOR_OWNER_RID) acl = pywintypes.ACL() acl.AddAccessAllowedAce(win32event.EVENT_MODIFY_STATE, sidEveryone) acl.AddAccessAllowedAce(ntsecuritycon.FILE_ALL_ACCESS, sidCreator) sa.SetSecurityDescriptorDacl(1, acl, 0) return sa
ntsecuritycon.SE_BACKUP_NAME), win32con.SE_PRIVILEGE_ENABLED), (win32security.LookupPrivilegeValue( '', ntsecuritycon.SE_RESTORE_NAME), win32con.SE_PRIVILEGE_ENABLED)) ph = win32api.GetCurrentProcess() th = win32security.OpenProcessToken( ph, win32security.TOKEN_ALL_ACCESS | win32con.TOKEN_ADJUST_PRIVILEGES) win32security.AdjustTokenPrivileges(th, 0, new_privs) my_sid = win32security.GetTokenInformation(th, ntsecuritycon.TokenUser)[0] hklm = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, None, 0, win32con.KEY_ALL_ACCESS) skey = win32api.RegOpenKey(hklm, 'SYSTEM', 0, win32con.KEY_ALL_ACCESS) sa = pywintypes.SECURITY_ATTRIBUTES() sd = pywintypes.SECURITY_DESCRIPTOR() sa.SECURITY_DESCRIPTOR = sd acl = pywintypes.ACL() pwr_sid = win32security.LookupAccountName('', 'Power Users')[0] acl.AddAccessAllowedAce( win32con.ACL_REVISION, win32con.GENERIC_READ | win32con.ACCESS_SYSTEM_SECURITY, my_sid) sd.SetSecurityDescriptorDacl(1, acl, 0) sd.SetSecurityDescriptorOwner(pwr_sid, 0) sa.bInheritHandle = 1 assert sa.SECURITY_DESCRIPTOR is sd win32api.RegSaveKey(skey, fname, sa)