win32security, client privleges

Mark Hammond mhammond at
Tue Feb 8 23:38:30 CET 2000

If you look up the MS docs for GetFileSecurity() you will notice the

"""To read the system access-control list (SACL) of a file or
directory, the SE_SECURITY_NAME privilege must be enabled for the
calling process."""

Note that privileges are different than permissions.  So, you can use
the function below to enable the privilege for your session - just
pass ntsecuritycon.SE_SECURITY_NAME to this function...

[Taken from the book, which discusses this briefly...]


import win32security
import win32api
import sys
import time
from ntsecuritycon import *

def AdjustPrivilege(priv, enable = 1):
    # Get the process token.
    htoken =
win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
    # Get the ID for the system shutdown privilege.
    id = win32security.LookupPrivilegeValue(None, priv)
    # Now obtain the privilege for this process.
    # Create a list of the privileges to be added.
    if enable:
        newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
        newPrivileges = [(id, 0)]
    # and make the adjustment.
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

<daryl_stultz at> wrote in message
news:87pu3o$23i$1 at
> Hello, I'm on a Windows NT machine on a managed network. I would
> to write an app to manage file security (access rights...) It seems
> win32security is just what I need. However, when I run the
> import win32security
> win32security.GetFileSecurity("SomeFile")
> I get the following error:
> api_error: (1314, 'GetFileSecurity', ' A required privilege is not
> by the client.')
> I have "administrator" status on the network. For kicks, I had the
> domain admin log in to my machine and I got the same error. So it
> appears as though client refers to something other than my User
> How do I make this work? Also, is there some decent documentation on
> to use the various win32 modules (or is it all in some MS
> documentation?) Thanks.
> Sent via
> Before you buy.

More information about the Python-list mailing list