Undeleting post:
I had written up this bit of code earlier, unfortunately it is CLR/.NET specific. However, since you professed that using 'the API' is hard (it is, I did it 10 years ago and NTFS ACLS are no picknick), you might be motivated by the below sample to integrate a bit of .NET code (C++/CLI or Interop based?)
Any specific reason not to use C# code?
AddFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
RemoveFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
With the following helpers from MSDN: How to: Add or Remove Access Control List Entries:
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
FileSecurity fSecurity = File.GetAccessControl(fileName);
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
File.SetAccessControl(fileName, fSecurity);
}
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
FileSecurity fSecurity = File.GetAccessControl(fileName);
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
File.SetAccessControl(fileName, fSecurity);
}
See the article for full details and comments