Sort of obscure question, hopefully someone has done this before. I've been able to use the EXPLICIT_ACCESS structure with SetEntriesInAcl and SetNamedSecurityInfo to modify the DACL information on a folder. No problems there.
Let's say I give some user all access--i.e. every named bit I can find I turn on in the EXPLICIT_ACCESS grfAccessPermissions field. Then I go to the folder, right click, choose properties, click on the Security tab, and for that user, the only checkbox marked is "Special Permissions". If I click the advanced button, the permissions are listed there for the user are "Full Control". There is an Edit button, so I click that, and all the checkboxes are marked off (all permissions on). But I want those checkboxes checked on the inital property page. After all, the user does have all access, doesn't he?
So I don't get discouraged, and instead I write a display function that walks the ACL list, and prints everything I can find on each ACE. Then I run the display function against the ACL that I created.
Next I go to the folder, choose properties, and select "Full Control". Apply the settings. Run my display program again, and compare the output. Something must have changed, right? Wrong. They are exactly the same.
So if my question isn't obvious yet, I want to know: how do you programatically set the checkboxes on the inital folder property page's security tab? By the way, when you are setting these values as a user, the normal way of doing it is to mark one or more of the checkboxes on the Properties->Security page, and that in turn causes a group of permissions to be set underneath (on the Advanced tab). So what I am seeing is a sort of inverse behavior--the values are set on the advanced tab but not on the usual tab that people generally look at.