in reply to Re^4: Private temporal files on Windows
in thread Private temporal files on Windows

how to construct a security descriptor.

The simplest way (I know of) is to use ConvertStringSecurityDescriptorToSecurityDescriptor()

You start with a string something like:

O:S-1-5-21-3383984691-152274320-3948966431-1000 D:PAI(A;;FA;;;S-1-5-21-3383984691-152274320-3948966431-1000)(D;;FA;;;W +D)

But that contains a hard-coded SID, and I couldn't find any simple way to get the SID for the current user. (Ought to be simple; but then nothing is in this world!)

Theoretically, you ought to be able to substitute 'CO' (creator/owner) for the explicit SID, but my attempts to have icacls apply (/restore) that to a file I created resulted in it running flat out (25%cpu) forever.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.