VB5, VB6Add the User ACE
Public Sub AddACEtoACL(ByVal xi_lngPtrCurrACL As Long, _
   ByVal xi_strFilePath As String, _
   ByVal xi_lngAccessMask As Long, _
   ByVal xi_enmAccessLevel As ACCESS_MODE, _
   ByRef xi_typNewSecurityDescr As SECURITY_DESCRIPTOR, _
   ByRef xi_abytNewACL() As Byte, _
   ByRef xi_abytUserSID() As Byte)
Dim p_typCurrentACE As ACCESS_ALLOWED_ACE
Dim p_typACL_Info As ACL_SIZE_INFORMATION
p_typACL_Info = _
   Get_AclInfo(xi_lngCurrentACL:=xi_lngPtrCurrACL)
p_lngNumAceEntries = p_typACL_Info.AceCount
If xi_enmAccessLevel = DENY_ACCESS Then
   Add_AccessDeniedAce xi_lngAccessMask:=COMMON_ALL, _
      xo_abytNewACL:=xi_abytNewACL, _
      xi_abytUserSID:=xi_abytUserSID
End If
If p_lngNumAceEntries > 0 Then
   For p_lngLoop = 0 To (p_lngNumAceEntries - 1)
      p_lngPtrCurrACE = _
         Get_Ace(xi_lngPtrCurrACL:=xi_lngPtrCurrACL, _
         xi_lngLoop:=p_lngLoop)
      CopyMem pTo:=p_typCurrentACE, _
         uFrom:=ByVal p_lngPtrCurrACE, _
         lSize:=LenB(p_typCurrentACE)
      Add_Ace xi_lngAceListLen:= _
         p_typCurrentACE.Header.AceSize, _
         xi_abytNewACL:=xi_abytNewACL, _
         xi_lngPtrCurrAce:=p_lngPtrCurrACE
   Next p_lngLoop
End If
If xi_enmAccessLevel = SET_ACCESS Then
   Add_AccessAllowedAce _
      xi_lngAccessMask:=xi_lngAccessMask, _
      xo_abytNewACL:=xi_abytNewACL, _
      xi_abytUserSID:=xi_abytUserSID
End If
Set_SecurityDescriptorDacl _
   xi_typNewSecDescr:=xi_typNewSecurityDescr, _
   xo_abytNewACL:=xi_abytNewACL
Set_FileSecurity xi_strFilePath:=xi_strFilePath, _
   xi_typSecurityType:=DACL_SECURITY_INFORMATION, _
   xo_typNewSecDescr:=xi_typNewSecurityDescr
End Sub
Listing 3 You can't add an ACE directly, so you must create a new DACL, add the current ACEs to that DACL, and add the new ACE to the end. If the ACE is a deny-access ACE, you must add it to the beginning of the DACL instead.