I have a folder for which I want to alter/change the security attributes. To be more specific I have a user called "test4", member of group "Power Users" and a folder called "CLAU". I want to give full control of this folder to user "test4". The machine name is "Marijuana", see code below. The code works fine, no error throwed, but I DO NOT HAVE FULL ACCESS to this folder for user "test4". Does anybody knows why ?
Any useful answer will be rated.

// get the security information for the specific folder.
// we are intrested in the DACL
PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PACL pOldDACL = NULL;
PACL pNewDACL = NULL;

if (GetNamedSecurityInfo("C:\\CLAU",SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,NULL,NULL,&pOldDACL,NULL,&pSecurityDescriptor) != ERROR_SUCCESS)
{
printf("\nGetNamedSecurityInfo failure !!!\n");
return;
}

// initialize an EXPLICIT_ACCESS structure for the new ACE
EXPLICIT_ACCESS access;
ZeroMemory(&access,sizeof(EXPLICIT_ACCESS));
access.grfAccessPermissions = 2032127;
access.grfAccessMode = GRANT_ACCESS;
access.grfInheritance = CONTAINER_INHERIT_ACE;
access.Trustee.pMultipleTrustee = NULL;
access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
access.Trustee.TrusteeType = TRUSTEE_IS_USER;
access.Trustee.ptstrName = "Marijuana\\test4"; // we have only a test user here

// add this new entry to the old DACL of the folder
if (SetEntriesInAcl(1,&access,pOldDACL,&pNewDACL) != ERROR_SUCCESS)
{
printf("\nSetEntriesInAcl failure !!!\n");
return;
}

// attach this new DACL to the object's DACL
if (SetNamedSecurityInfo("C:\\CLAU",SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,
NULL,NULL,pNewDACL,NULL) != ERROR_SUCCESS)
{
printf("\nSetNamedSecurityInfo failure !!!\n");
}
else printf("\nOperation succesful !!!\n");

// clean-up the ****
LocalFree((HLOCAL)pSecurityDescriptor);
LocalFree((HLOCAL)pNewDACL);




What is wrong here ?? My guess is that the error could be in setting the member access.grfAccessPermissions = 2032127;. I was looking in the MSDN and I noticed that for the ACCESS_MASK structure I need to set bit 28 for GENERIC_ALL, which , documentation states, will be mapped to the SPECIFIC and STANDARD rights.
But, doesn't work. Then, I did another thing.
I set manually full permissions for user "test4" for folder "CLAU", and then, using the following code I got the AccessMask:

/////////////////////// JUST FOR DEBUGGING ////////////////////////////
/* EXPLICIT_ACCESS info;
ACCESS_MASK AccessMask;
TRUSTEE Trustee;

ZeroMemory(&info,sizeof(EXPLICIT_ACCESS));
ZeroMemory(&AccessMask,sizeof(ACCESS_MASK));

Trustee.pMultipleTrustee = NULL;
Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
Trustee.TrusteeForm = TRUSTEE_IS_NAME;
Trustee.TrusteeType = TRUSTEE_IS_USER;
Trustee.ptstrName = "Marijuana\\test4";
if (GetEffectiveRightsFromAcl(pOldDACL,&Trustee,&AccessMask) != ERROR_SUCCESS)
{
printf("\nError GetEffectiveRightsFromAcl !!!\n");
} */
/////////////////////// END DEBUGGING CODE /////////////////////////////



I get the AccessMask value and put it in my first code for the value. Again the same problem.
If U have some other source-code which can help me I will also appreciate it.
10x in advance