README.TXT

Security Functions 
 
 
SUMMARY 
======= 
 
The SIDCLN sample demonstrates some of the security functions. It 
provides a sample utility that recovers on-disk resources that remain  
allocated to deleted user accounts. 
 
MORE INFORMATION 
================ 
 
The on-disk resources recovered are: 
 
 - Files that are still owned by accounts that have been deleted are 
   assigned ownership to the account logged on when this sample is run. 
 
 - ACEs for deleted accounts are deleted from the ACLs of files to which 
   the deleted accounts had been granted authorizations (such as Read 
   access). 
 
It may be that running this sample as a utility has no practical value in  
many environments, as the number of files belonging to deleted user accounts  
will often be quite small and the number of bytes recovered on disk by  
editing out ACEs for deleted accounts may not be worth the time it takes to  
run this sample. This time can be significant when processing an entire hard  
disk or partition. 
 
Note: This sample is not a supported utility. 
 
Usage 
----- 
 
You must log on using an account that has the privilege to take file 
ownership and edit ACLs, such as Administrator. 
 
The ACL editing part of this sample can only be exercised for files on an  
NTFS partition. 
 
Typical test scenario 
--------------------- 
 
Create a user account or two and log on as each of these accounts in turn.  
While logged on for each account, go to an NTFS partition and create a  
couple of files so the test accounts each own a few files. Use the File  
Manager or Windows Explorer to edit permissions for those files, so that  
each test user has some authorities (such as Read) explicitly granted for  
those files. Log on as Administrator and authorize each test user to a few  
Administrator-owned files. Delete the test accounts. Run the sample in the  
directories where you put the files that the test accounts own.