in reply to Re^4: Private temporal files on Windows
in thread Private temporal files on Windows

how to construct a security descriptor.

The simplest way (I know of) is to use ConvertStringSecurityDescriptorToSecurityDescriptor()

You start with a string something like:

O:S-1-5-21-3383984691-152274320-3948966431-1000
D:PAI(A;;FA;;;S-1-5-21-3383984691-152274320-3948966431-1000)(D;;FA;;;W
+D)

[download]

But that contains a hard-coded SID, and I couldn't find any simple way to get the SID for the current user. (Ought to be simple; but then nothing is in this world!)

Theoretically, you ought to be able to substitute 'CO' (creator/owner) for the explicit SID, but my attempts to have icacls apply (/restore) that to a file I created resulted in it running flat out (25%cpu) forever.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

Replies are listed 'Best First'.
Re^6: Private temporal files on Windows
by Discipulus (Canon) on Dec 19, 2014 at 10:53 UTC
    Incidentally to get the SID of current user i used sometimes:
    whoami /user /FO TABLE /NH

    [download]
    the command returns the full current username and the SID. Seems available post win2000.

    L*

    There are no rules, there are no thumbs..
    Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
[reply]
[d/l]

      That certainly works on my system (Vista), but it is crazy to have to shell out in order to obtain such a fundamental piece of information.

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
        yes, even if in my humble experience i found parsing output of native commands to be more reliable then many other options (you remember the times of Win32::AdminMisc ?)
        L*
        There are no rules, there are no thumbs..
        Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
[reply]
[d/l]

In Section Seekers of Perl Wisdom