Unable to see client permissions in ESM tool!!

Hi All,

This is a question related to my last post 'PF Admin Tools & Administrative
Rights'

Using WebDav and Admin account, I am able to change client member roles and
rights. But after updating client members , If I try to see the client
permissions through ESM tool, I get empty list in the 'Client permission'
dialog box! I am NOT getting any error or anything... but when I get the
Security Descriptor(SD) through the code, I get the correct one what I set.

The code I used to get/set SD was working before when I use client account
to update the folder. Also I was able to see client permissions through ESM
when I update SD of folders using client account and client URL. There was no
change to the code and only change is rather than using Client URL, I used
admin URL. Also I used admin Permanant URL to update the folders.

Please help me on this.... If you need more information please ask.

Thanks

Rajesh

Hello,

can you see the correct permissions when you view them via Outlook?

Have you ordered your modified security descriptor correctly?

Best regards,
Henning Krause

----------------------------------------------------------------------------
Visit my website: http://www.infinitec.de
Exchange access library -
http://www.infinitec.de/software/net....exchange.aspx


"Raj" <Raj@discussions.microsoft.com> wrote in message
news:BB08336A-0BFB-4EBF-8609-522CA25DC369@microsoft.com...
> Hi All,
>
> This is a question related to my last post 'PF Admin Tools &
> Administrative
> Rights'
>
> Using WebDav and Admin account, I am able to change client member roles
> and
> rights. But after updating client members , If I try to see the client
> permissions through ESM tool, I get empty list in the 'Client permission'
> dialog box! I am NOT getting any error or anything... but when I get the
> Security Descriptor(SD) through the code, I get the correct one what I
> set.
>
> The code I used to get/set SD was working before when I use client account
> to update the folder. Also I was able to see client permissions through
> ESM
> when I update SD of folders using client account and client URL. There was
> no
> change to the code and only change is rather than using Client URL, I used
> admin URL. Also I used admin Permanant URL to update the folders.
>
> Please help me on this.... If you need more information please ask.
>
> Thanks
>
> Rajesh
>
>

Well,

That was working before with client account. Do i have to use different
ordering algorithm when I connect using Admin account.
Interesting thing is when I try to add a user i get a window handle
error!... I didnt change anything in the code except used admin URL to
get/set SD.

My colleque is trying to view using outlook.

please help

Thanks

Rajesh


"Henning Krause" wrote:

> Hello,
>
> can you see the correct permissions when you view them via Outlook?
>
> Have you ordered your modified security descriptor correctly?
>
> Best regards,
> Henning Krause
>
> ----------------------------------------------------------------------------
> Visit my website: http://www.infinitec.de
> Exchange access library -
> http://www.infinitec.de/software/net....exchange.aspx
>
>
> "Raj" <Raj@discussions.microsoft.com> wrote in message
> news:BB08336A-0BFB-4EBF-8609-522CA25DC369@microsoft.com...
> > Hi All,
> >
> > This is a question related to my last post 'PF Admin Tools &
> > Administrative
> > Rights'
> >
> > Using WebDav and Admin account, I am able to change client member roles
> > and
> > rights. But after updating client members , If I try to see the client
> > permissions through ESM tool, I get empty list in the 'Client permission'
> > dialog box! I am NOT getting any error or anything... but when I get the
> > Security Descriptor(SD) through the code, I get the correct one what I
> > set.
> >
> > The code I used to get/set SD was working before when I use client account
> > to update the folder. Also I was able to see client permissions through
> > ESM
> > when I update SD of folders using client account and client URL. There was
> > no
> > change to the code and only change is rather than using Client URL, I used
> > admin URL. Also I used admin Permanant URL to update the folders.
> >
> > Please help me on this.... If you need more information please ask.
> >
> > Thanks
> >
> > Rajesh
> >
> >
>
>

Hello,

no, the order is the same.

But if you get an invalid window handle error, then you have definitely
messed up your security descriptor.

If you are working with .NET 2.0, you could try my exchange package.. it
should handle Security descriptors correctly.

Best regards,
Henning Krause

----------------------------------------------------------------------------
Visit my website: http://www.infinitec.de
Exchange access library -
http://www.infinitec.de/software/net....exchange.aspx


"Raj" <Raj@discussions.microsoft.com> wrote in message
news:B2B416B0-3777-4251-9FC2-D748D383A9AD@microsoft.com...
> Well,
>
> That was working before with client account. Do i have to use different
> ordering algorithm when I connect using Admin account.
> Interesting thing is when I try to add a user i get a window handle
> error!... I didnt change anything in the code except used admin URL to
> get/set SD.
>
> My colleque is trying to view using outlook.
>
> please help
>
> Thanks
>
> Rajesh
>
>
> "Henning Krause" wrote:
>
>> Hello,
>>
>> can you see the correct permissions when you view them via Outlook?
>>
>> Have you ordered your modified security descriptor correctly?
>>
>> Best regards,
>> Henning Krause
>>
>> ----------------------------------------------------------------------------
>> Visit my website: http://www.infinitec.de
>> Exchange access library -
>> http://www.infinitec.de/software/net....exchange.aspx
>>
>>
>> "Raj" <Raj@discussions.microsoft.com> wrote in message
>> news:BB08336A-0BFB-4EBF-8609-522CA25DC369@microsoft.com...
>> > Hi All,
>> >
>> > This is a question related to my last post 'PF Admin Tools &
>> > Administrative
>> > Rights'
>> >
>> > Using WebDav and Admin account, I am able to change client member roles
>> > and
>> > rights. But after updating client members , If I try to see the client
>> > permissions through ESM tool, I get empty list in the 'Client
>> > permission'
>> > dialog box! I am NOT getting any error or anything... but when I get
>> > the
>> > Security Descriptor(SD) through the code, I get the correct one what I
>> > set.
>> >
>> > The code I used to get/set SD was working before when I use client
>> > account
>> > to update the folder. Also I was able to see client permissions through
>> > ESM
>> > when I update SD of folders using client account and client URL. There
>> > was
>> > no
>> > change to the code and only change is rather than using Client URL, I
>> > used
>> > admin URL. Also I used admin Permanant URL to update the folders.
>> >
>> > Please help me on this.... If you need more information please ask.
>> >
>> > Thanks
>> >
>> > Rajesh
>> >
>> >
>>
>>

Hi Henning,

This is happening only when I change the role of "\\EveryONe"(SID S-1-1-0)
- I can change all other users. DO you know the reason might be?

Regards

Rajesh

"Henning Krause" wrote:

> Hello,
>
> no, the order is the same.
>
> But if you get an invalid window handle error, then you have definitely
> messed up your security descriptor.
>
> If you are working with .NET 2.0, you could try my exchange package.. it
> should handle Security descriptors correctly.
>
> Best regards,
> Henning Krause
>
> ----------------------------------------------------------------------------
> Visit my website: http://www.infinitec.de
> Exchange access library -
> http://www.infinitec.de/software/net....exchange.aspx
>
>
> "Raj" <Raj@discussions.microsoft.com> wrote in message
> news:B2B416B0-3777-4251-9FC2-D748D383A9AD@microsoft.com...
> > Well,
> >
> > That was working before with client account. Do i have to use different
> > ordering algorithm when I connect using Admin account.
> > Interesting thing is when I try to add a user i get a window handle
> > error!... I didnt change anything in the code except used admin URL to
> > get/set SD.
> >
> > My colleque is trying to view using outlook.
> >
> > please help
> >
> > Thanks
> >
> > Rajesh
> >
> >
> > "Henning Krause" wrote:
> >
> >> Hello,
> >>
> >> can you see the correct permissions when you view them via Outlook?
> >>
> >> Have you ordered your modified security descriptor correctly?
> >>
> >> Best regards,
> >> Henning Krause
> >>
> >> ----------------------------------------------------------------------------
> >> Visit my website: http://www.infinitec.de
> >> Exchange access library -
> >> http://www.infinitec.de/software/net....exchange.aspx
> >>
> >>
> >> "Raj" <Raj@discussions.microsoft.com> wrote in message
> >> news:BB08336A-0BFB-4EBF-8609-522CA25DC369@microsoft.com...
> >> > Hi All,
> >> >
> >> > This is a question related to my last post 'PF Admin Tools &
> >> > Administrative
> >> > Rights'
> >> >
> >> > Using WebDav and Admin account, I am able to change client member roles
> >> > and
> >> > rights. But after updating client members , If I try to see the client
> >> > permissions through ESM tool, I get empty list in the 'Client
> >> > permission'
> >> > dialog box! I am NOT getting any error or anything... but when I get
> >> > the
> >> > Security Descriptor(SD) through the code, I get the correct one what I
> >> > set.
> >> >
> >> > The code I used to get/set SD was working before when I use client
> >> > account
> >> > to update the folder. Also I was able to see client permissions through
> >> > ESM
> >> > when I update SD of folders using client account and client URL. There
> >> > was
> >> > no
> >> > change to the code and only change is rather than using Client URL, I
> >> > used
> >> > admin URL. Also I used admin Permanant URL to update the folders.
> >> >
> >> > Please help me on this.... If you need more information please ask.
> >> >
> >> > Thanks
> >> >
> >> > Rajesh
> >> >
> >> >
> >>
> >>
>
>

Hi I am posting security descriptors here... I made it so simple so that only
one user and 'Everyone' the first one what i recved from Excahnge server and
the everone role was 'contributor'. The second one I set back to the excahnge
server and role of everyone is 'Owner'. Could you please check and tell me
where i am wrong.

<S:effective_aces>
<S:access_allowed_ace S:inherited="0">
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace S:inherited="0">
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace S:inherited="0">
<S:access_mask>1208ab</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:type>well_known_group</S:type>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
</S:sid>
</S:access_allowed_ace>
</S:effective_aces>
<S:subcontainer_inheritable_aces>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>1208ab</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:type>well_known_group</S:type>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
</S:sid>
</S:access_allowed_ace>
</S:subcontainer_inheritable_aces>
<S:subitem_inheritable_aces>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>1f0fbf</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>0</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:type>well_known_group</S:type>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
</S:sid>
</S:access_allowed_ace>
</S:subitem_inheritable_aces>





SD I set back to excahnge server

<S:effective_aces xmlns:S="http://schemas.microsoft.com/security/">
<S:access_allowed_ace>
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace>
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace>
<S:access_mask>1fc9bf</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:type>well_known_group</S:type>
<S:display_name>\\Everyone</S:display_name>
</S:sid>
</S:access_allowed_ace>
</S:effective_aces>
<S:subcontainer_inheritable_aces
xmlns:S="http://schemas.microsoft.com/security/">
<S:access_allowed_ace>
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace>
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace>
<S:access_mask>1fc9bf</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:type>well_known_group</S:type>
<S:display_name>\\Everyone</S:display_name>
</S:sid>
</S:access_allowed_ace>
</S:subcontainer_inheritable_aces>
<S:subitem_inheritable_aces xmlns:S="http://schemas.microsoft.com/security/">
<S:access_allowed_ace><S:access_mask>1f0fbf</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_allowed_ace>
<S:access_mask>1f0fbf</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:type>well_known_group</S:type>
<S:display_name>\\Everyone</S:display_name>
</S:sid>
</S:access_allowed_ace>
</S:subitem_inheritable_aces>

Thanks

Rajesh

"Raj" wrote:

> Hi Henning,
>
> This is happening only when I change the role of "\\EveryONe"(SID S-1-1-0)
> - I can change all other users. DO you know the reason might be?
>
> Regards
>
> Rajesh
>
> "Henning Krause" wrote:
>
> > Hello,
> >
> > no, the order is the same.
> >
> > But if you get an invalid window handle error, then you have definitely
> > messed up your security descriptor.
> >
> > If you are working with .NET 2.0, you could try my exchange package.. it
> > should handle Security descriptors correctly.
> >
> > Best regards,
> > Henning Krause
> >
> > ----------------------------------------------------------------------------
> > Visit my website: http://www.infinitec.de
> > Exchange access library -
> > http://www.infinitec.de/software/net....exchange.aspx
> >
> >
> > "Raj" <Raj@discussions.microsoft.com> wrote in message
> > news:B2B416B0-3777-4251-9FC2-D748D383A9AD@microsoft.com...
> > > Well,
> > >
> > > That was working before with client account. Do i have to use different
> > > ordering algorithm when I connect using Admin account.
> > > Interesting thing is when I try to add a user i get a window handle
> > > error!... I didnt change anything in the code except used admin URL to
> > > get/set SD.
> > >
> > > My colleque is trying to view using outlook.
> > >
> > > please help
> > >
> > > Thanks
> > >
> > > Rajesh
> > >
> > >
> > > "Henning Krause" wrote:
> > >
> > >> Hello,
> > >>
> > >> can you see the correct permissions when you view them via Outlook?
> > >>
> > >> Have you ordered your modified security descriptor correctly?
> > >>
> > >> Best regards,
> > >> Henning Krause
> > >>
> > >> ----------------------------------------------------------------------------
> > >> Visit my website: http://www.infinitec.de
> > >> Exchange access library -
> > >> http://www.infinitec.de/software/net....exchange.aspx
> > >>
> > >>
> > >> "Raj" <Raj@discussions.microsoft.com> wrote in message
> > >> news:BB08336A-0BFB-4EBF-8609-522CA25DC369@microsoft.com...
> > >> > Hi All,
> > >> >
> > >> > This is a question related to my last post 'PF Admin Tools &
> > >> > Administrative
> > >> > Rights'
> > >> >
> > >> > Using WebDav and Admin account, I am able to change client member roles
> > >> > and
> > >> > rights. But after updating client members , If I try to see the client
> > >> > permissions through ESM tool, I get empty list in the 'Client
> > >> > permission'
> > >> > dialog box! I am NOT getting any error or anything... but when I get
> > >> > the
> > >> > Security Descriptor(SD) through the code, I get the correct one what I
> > >> > set.
> > >> >
> > >> > The code I used to get/set SD was working before when I use client
> > >> > account
> > >> > to update the folder. Also I was able to see client permissions through
> > >> > ESM
> > >> > when I update SD of folders using client account and client URL. There
> > >> > was
> > >> > no
> > >> > change to the code and only change is rather than using Client URL, I
> > >> > used
> > >> > admin URL. Also I used admin Permanant URL to update the folders.
> > >> >
> > >> > Please help me on this.... If you need more information please ask.
> > >> >
> > >> > Thanks
> > >> >
> > >> > Rajesh
> > >> >
> > >> >
> > >>
> > >>
> >
> >

Eureka!!!....

I was not cleaning 1.3 and 5 th bit of everyone!!!!

Regards

Rajesh

"Raj" wrote:

> Hi I am posting security descriptors here... I made it so simple so that only
> one user and 'Everyone' the first one what i recved from Excahnge server and
> the everone role was 'contributor'. The second one I set back to the excahnge
> server and role of everyone is 'Owner'. Could you please check and tell me
> where i am wrong.
>
> <S:effective_aces>
> <S:access_allowed_ace S:inherited="0">
> <S:access_mask>1208af</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:type>user</S:type>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> <S:access_denied_ace S:inherited="0">
> <S:access_mask>dc910</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:type>user</S:type>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_denied_ace>
> <S:access_allowed_ace S:inherited="0">
> <S:access_mask>1208ab</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-1-0</S:string_sid>
> <S:type>well_known_group</S:type>
> <S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
> <S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
> </S:sid>
> </S:access_allowed_ace>
> </S:effective_aces>
> <S:subcontainer_inheritable_aces>
> <S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
> <S:access_mask>1208af</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:type>user</S:type>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> <S:access_denied_ace S:inherited="0" S:no_propagate_inherit="0">
> <S:access_mask>dc910</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:type>user</S:type>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_denied_ace>
> <S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
> <S:access_mask>1208ab</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-1-0</S:string_sid>
> <S:type>well_known_group</S:type>
> <S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
> <S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
> </S:sid>
> </S:access_allowed_ace>
> </S:subcontainer_inheritable_aces>
> <S:subitem_inheritable_aces>
> <S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
> <S:access_mask>1f0fbf</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:type>user</S:type>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> <S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
> <S:access_mask>0</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-1-0</S:string_sid>
> <S:type>well_known_group</S:type>
> <S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
> <S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
> </S:sid>
> </S:access_allowed_ace>
> </S:subitem_inheritable_aces>
>
>
>
>
>
> SD I set back to excahnge server
>
> <S:effective_aces xmlns:S="http://schemas.microsoft.com/security/">
> <S:access_allowed_ace>
> <S:access_mask>1208af</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:type>user</S:type>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> <S:access_denied_ace>
> <S:access_mask>dc910</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:type>user</S:type>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_denied_ace>
> <S:access_allowed_ace>
> <S:access_mask>1fc9bf</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-1-0</S:string_sid>
> <S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
> <S:type>well_known_group</S:type>
> <S:display_name>\\Everyone</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> </S:effective_aces>
> <S:subcontainer_inheritable_aces
> xmlns:S="http://schemas.microsoft.com/security/">
> <S:access_allowed_ace>
> <S:access_mask>1208af</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:type>user</S:type>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> <S:access_denied_ace>
> <S:access_mask>dc910</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:type>user</S:type>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_denied_ace>
> <S:access_allowed_ace>
> <S:access_mask>1fc9bf</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-1-0</S:string_sid>
> <S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
> <S:type>well_known_group</S:type>
> <S:display_name>\\Everyone</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> </S:subcontainer_inheritable_aces>
> <S:subitem_inheritable_aces xmlns:S="http://schemas.microsoft.com/security/">
> <S:access_allowed_ace><S:access_mask>1f0fbf</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
> <S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
> <S:type>user</S:type>
> <S:display_name>Rajesh</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> <S:access_allowed_ace>
> <S:access_mask>1f0fbf</S:access_mask>
> <S:sid>
> <S:string_sid>S-1-1-0</S:string_sid>
> <S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
> <S:type>well_known_group</S:type>
> <S:display_name>\\Everyone</S:display_name>
> </S:sid>
> </S:access_allowed_ace>
> </S:subitem_inheritable_aces>
>
> Thanks
>
> Rajesh
>
> "Raj" wrote:
>
> > Hi Henning,
> >
> > This is happening only when I change the role of "\\EveryONe"(SID S-1-1-0)
> > - I can change all other users. DO you know the reason might be?
> >
> > Regards
> >
> > Rajesh
> >
> > "Henning Krause" wrote:
> >
> > > Hello,
> > >
> > > no, the order is the same.
> > >
> > > But if you get an invalid window handle error, then you have definitely
> > > messed up your security descriptor.
> > >
> > > If you are working with .NET 2.0, you could try my exchange package.. it
> > > should handle Security descriptors correctly.
> > >
> > > Best regards,
> > > Henning Krause
> > >
> > > ----------------------------------------------------------------------------
> > > Visit my website: http://www.infinitec.de
> > > Exchange access library -
> > > http://www.infinitec.de/software/net....exchange.aspx
> > >
> > >
> > > "Raj" <Raj@discussions.microsoft.com> wrote in message
> > > news:B2B416B0-3777-4251-9FC2-D748D383A9AD@microsoft.com...
> > > > Well,
> > > >
> > > > That was working before with client account. Do i have to use different
> > > > ordering algorithm when I connect using Admin account.
> > > > Interesting thing is when I try to add a user i get a window handle
> > > > error!... I didnt change anything in the code except used admin URL to
> > > > get/set SD.
> > > >
> > > > My colleque is trying to view using outlook.
> > > >
> > > > please help
> > > >
> > > > Thanks
> > > >
> > > > Rajesh
> > > >
> > > >
> > > > "Henning Krause" wrote:
> > > >
> > > >> Hello,
> > > >>
> > > >> can you see the correct permissions when you view them via Outlook?
> > > >>
> > > >> Have you ordered your modified security descriptor correctly?
> > > >>
> > > >> Best regards,
> > > >> Henning Krause
> > > >>
> > > >> ----------------------------------------------------------------------------
> > > >> Visit my website: http://www.infinitec.de
> > > >> Exchange access library -
> > > >> http://www.infinitec.de/software/net....exchange.aspx
> > > >>
> > > >>
> > > >> "Raj" <Raj@discussions.microsoft.com> wrote in message
> > > >> news:BB08336A-0BFB-4EBF-8609-522CA25DC369@microsoft.com...
> > > >> > Hi All,
> > > >> >
> > > >> > This is a question related to my last post 'PF Admin Tools &
> > > >> > Administrative
> > > >> > Rights'
> > > >> >
> > > >> > Using WebDav and Admin account, I am able to change client member roles
> > > >> > and
> > > >> > rights. But after updating client members , If I try to see the client
> > > >> > permissions through ESM tool, I get empty list in the 'Client
> > > >> > permission'
> > > >> > dialog box! I am NOT getting any error or anything... but when I get
> > > >> > the
> > > >> > Security Descriptor(SD) through the code, I get the correct one what I
> > > >> > set.
> > > >> >
> > > >> > The code I used to get/set SD was working before when I use client
> > > >> > account
> > > >> > to update the folder. Also I was able to see client permissions through
> > > >> > ESM
> > > >> > when I update SD of folders using client account and client URL. There
> > > >> > was
> > > >> > no
> > > >> > change to the code and only change is rather than using Client URL, I
> > > >> > used
> > > >> > admin URL. Also I used admin Permanant URL to update the folders.
> > > >> >
> > > >> > Please help me on this.... If you need more information please ask.
> > > >> >
> > > >> > Thanks
> > > >> >
> > > >> > Rajesh
> > > >> >
> > > >> >
> > > >>
> > > >>
> > >
> > >