README.TXT

Security Functions 


SUMMARY
=======

The SIDCLN sample demonstrates some of the security functions. It
provides a sample utility that recovers on-disk resources that remain
allocated to deleted user accounts.

MORE INFORMATION
================

The on-disk resources recovered are:

- Files that are still owned by accounts that have been deleted are
assigned ownership to the account logged on when this sample is run.

- ACEs for deleted accounts are deleted from the ACLs of files to which
the deleted accounts had been granted authorizations (such as Read
access).

It may be that running this sample as a utility has no practical value in
many environments, as the number of files belonging to deleted user accounts
will often be quite small and the number of bytes recovered on disk by
editing out ACEs for deleted accounts may not be worth the time it takes to
run this sample. This time can be significant when processing an entire hard
disk or partition.

Note: This sample is not a supported utility.

Usage
-----

You must log on using an account that has the privilege to take file
ownership and edit ACLs, such as Administrator.

The ACL editing part of this sample can only be exercised for files on an
NTFS partition.

Typical test scenario
---------------------

Create a user account or two and log on as each of these accounts in turn.
While logged on for each account, go to an NTFS partition and create a
couple of files so the test accounts each own a few files. Use the File
Manager or Windows Explorer to edit permissions for those files, so that
each test user has some authorities (such as Read) explicitly granted for
those files. Log on as Administrator and authorize each test user to a few
Administrator-owned files. Delete the test accounts. Run the sample in the
directories where you put the files that the test accounts own.