ACCESS CONTROL PLUGIN
---------------------

Written by Mathias Hasselmann <mathias@taschenorakel.de>

The AccessControl plugin for NSIS provides a set of functions related 
Windows NT access control list (ACL) management.


MODIFICATIONS
-------------

- 23rd January 2008 ~ Afrow UK
Added function IsUserTheAdministrator.
Cleaned up code. Rebuilt as pure cpp, decreasing DLL size.
No longer using gobal temp variable for strings.

- 7th January 2008 ~ Afrow UK
Fixed registry instructions.

- 8th November 2007 ~ Afrow UK
EnableInheritance/DisableInheritance names changed.
Functions added:
  EnableFileInheritance
  DisableFileInheritance
  EnableRegKeyInheritance
  DisableRegKeyInheritance
  GetFileOwner
  GetFileGroup
  GetRegKeyOwner
  GetRegKeyGroup
  ClearOnFile
  ClearOnRegKey
  GetCurrentUserName
  SidToName

- 21st August 2007 ~ Afrow UK
Added /noinherit switch to prevent child objects inheriting a
 particular permission.
Added EnableInheritance and DisableInheritance functions.
Removed code to print items in the install log.

- 13th July 2007 ~ kichik
Return proper error codes (return value instead of GetLastError())

- 30th June 2006 ~ Afrow UK
Error MessageBox removed.
Error messages are now just returned on NSIS stack.


CONVENTIONS
-----------

<filename>
	A valid Windows(tm) filename (ie. "C:\WINDOWS\" or "\\HOSTNAME\SHARE").

<rootkey>
	The well-known root of a registry key. Following values are defined:
	
		HKCR - HKEY_CLASSES_ROOT
		HKLM - HKEY_LOCAL_MACHINE
		HKCU - HKEY_CURRENT_USER
		HKU	 - HKEY_USERS

<regkey>
	The name of the registry to alter (ie. "Software\Microsoft\Windows").

<trustee>
	A valid Windows(tm) account. The account can be specified as relative 
	account name (ie. "Administrator" or "Everyone"), a qualified account 
    name (ie. "Domain\Administrator") or as security identifier (SID, 
	ie. "(S-1-5-32-545)"). "BUILTIN\USERS" is also a valid account name.
  For a list of trustee names, open up
    Control Panel > Administrative Tools > Computer Management >
    Local Users and Groups.

<permissions>
	A combination of access rights (ie. "FullAccess" or 
	"GenericRead + GenericWrite").
  For a full list of access rights, open the AccessControl.c source file
  in Notepad.


FUNCTIONS
---------

GrantOnFile [/NOINHERIT] <filename> <trustee> <permissions>
GrantOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>

	Makes sure that the trustee get the requested access rights on 
	that object.

---------

SetOnFile [/NOINHERIT] <filename> <trustee> <permissions>
SetOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>

	Replaces any existing access rights for the trustee on the object
  with the specified access rights.

---------

ClearOnFile [/NOINHERIT] <filename> <trustee> <permissions>
ClearOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>

	Replaces all trustees on the object with the specified trustee and
  access rights.

---------

DenyOnFile [/NOINHERIT] <filename> <trustee> <permissions>
DenyOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>

	Explicitly denies an access right on a object.

---------

RevokeOnFile [/NOINHERIT] <filename> <trustee> <permissions>
RevokeOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>

	Removes a formerly defined access right for that object.
  Note that access rights will still be revoked even if they are
  inherited.

---------

SetFileOwner <filename> <trustee>
SetRegKeyOwner <rootkey> <regkey> <trustee>

	Changes the owner of an object.

---------

GetFileOwner <filename>
GetRegKeyOwner <rootkey> <regkey>

	Gets the owner of an object (on stack).

---------

SetFileGroup <filename> <trustee>
SetRegKeyGroup <rootkey> <regkey> <trustee>

	Changes the primary group of the object.

---------

GetFileGroup <filename>
GetRegKeyGroup <rootkey> <regkey>

	Gets the primary group of the object (on stack).

---------

EnableFileInheritance <filename>
EnableRegKeyInheritance <rootkey> <regkey>

	Enables inheritance of parent object permissions.

---------

DisableFileInheritance <filename>
DisableRegKeyInheritance <rootkey> <regkey>

	Disables inheritance of parent object permissions.

---------

SidToName <sidstring>

  Converts an SID to the corresponding name, returning
  the user's domain followed by their user name on the
  stack.

---------

GetCurrentUserName

  Gets the name of the current logged in user (on stack).

---------

IsUserTheAdministrator <username>

  Returns the Administrator user account SID followed by
  yes or no on the stack.

---------