Hi,
I'm trying to set permissions on an NTFS tree. Specifically I'm trying to add a propagable A
CE to the DACL on a top-level directory and hoping for it to recursively propagate to childr
en who do not have inherited permissions blocked. I'm currently tying to do this by calling 
SetNamedSecurityInfo. However, it appears that the ACE is only added to the top-level direct
ory. I'm passing both children_containers_inherit children_noncontainers_inherit  to AddAcce
ssAllowedAceEx and when I look at the ACE on the top-level directory it shows as being appli
ed to directory and all children... it's just that none of the permissions actually appear t
o be propagated to the children in the directory tree.

MSDN specifies that SetNamedSecurityInfo does propagate to children. However, I'm under the 
impression that this propagation isn't truly complete until you somehow manually force the c
hildren nodes to recalculate their DACLs and notice the new ACE that applies to them. Is thi
s correct and if so what is the correct way of forcing the children nodes to re-calculate vi
a win32security? I also noticed that in aclapi.h there is a function called TreeResetNamedSe
curityInfo (2003+) that appears to do what I'm looking for instead of SetNamedSecurityInfo, 
however it's not included in win32security. If it's not possible to manually to manually for
ce the recalculation in SetNamedSecurityInfo, is the next best bet to try to manually call o
ut to TreeResetNamedSecurityInfo or are there any other suggestions?

I would appreciate any light someone could spread on this issue -- I'm to the point of bangi
ng my head against the wall.

Thank you

Zakir Durumeric