It seems Win 8 has a new user group "ALL APPLICATION PACKAGES". This group seems to have Read permissions on all folders by default. However my requirement is to set some specific ACLs on a folder created by me. This group has no permissions on my folder currently and I wrote some code to add Read permissions for "ALL APPLICATION PACKAGES". I'm using VS 2010 and below is the trimmed down code snippet.

Win 8 似乎有一个新的用户组“所有应用程序包”。默认情况下，该组似乎对所有文件夹具有读取权限。但是我的要求是在我创建的文件夹上设置一些特定的 ACL。该组目前对我的文件夹没有权限，我编写了一些代码来为“所有应用程序包”添加读取权限。我正在使用 VS 2010 及以下是精简后的代码片段。

The SID for "ALL APPLICATION PACKAGES" as listed at http://msdn.microsoft.com/en-us/library/cc980032.aspxis ALL_APP_PACKAGES (S-1-15-2-1).

http://msdn.microsoft.com/en-us/library/cc980032.aspx 中列出的“所有应用程序包”的 SID是 ALL_APP_PACKAGES (S-1-15-2-1)。

But no matter how or what value I pass as trustee Name the code below does not work. For example in the code below SetNamedSecurityInfo() fails with ERROR_INVALID_ACL. However if I use "Administrators" or "Everyone" account then it works.

但无论我作为受托人以何种方式传递或传递什么值，下面的代码都不起作用。例如，在下面的代码中 SetNamedSecurityInfo() 因 ERROR_INVALID_ACL 失败。但是，如果我使用“管理员”或“所有人”帐户，则它可以工作。

Exact permission I need to assign are “Read & Execute”, “List Folder Contents”, and “Read”

我需要分配的确切权限是“读取和执行”、“列出文件夹内容”和“读取”

#include "stdafx.h"
#include "windows.h"
#include "sddl.h"
#include "Aclapi.h"

int _tmain(int argc, _TCHAR* argv[])
{
TCHAR pszObjName[MAX_PATH] = L"C:\Program Files\Common Files\Test\";
PACL pOldDACL = NULL, pNewDACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;

// Get a pointer to the existing DACL (Conditionaly).
DWORD dwRes = GetNamedSecurityInfo(pszObjName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSD);

// Initialize an EXPLICIT_ACCESS structure for the new ACE. 
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = STANDARD_RIGHTS_READ;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
// ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
// Should I be using SID (S-1-15-2-1) (SetEntriesInAcl() fails) or "ALL_APP_PACKAGES" (SetEntriesInAcl() passes but SetNamedSecurityInfo() fails)
//If I use "Administrators" or "Everyone" as Trustee Name then it works fine but not with "ALL APPLICATION PACKAGES"
ea.Trustee.ptstrName = _T(" ALL_APP_PACKAGES"); 

// Create a new ACL that merges the new ACE into the existing DACL.
dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
if(ERROR_SUCCESS != dwRes) 
goto Cleanup; 

// Attach the new ACL as the object's DACL.
dwRes = SetNamedSecurityInfo(pszObjName, SE_FILE_OBJECT, si, NULL, NULL, pNewDACL, NULL);
if(ERROR_SUCCESS != dwRes)  
goto Cleanup;

Cleanup:
if(pSD != NULL) 
LocalFree((HLOCAL) pSD); 
if(pNewDACL != NULL) 
LocalFree((HLOCAL) pNewDACL); 

return dwRes;
}