* bug. However, removing the DACL is not a valid workaround because this
* changes the meaning of the security descriptor--- an empty DACL allows no
* access, whereas a "null" DACL allows all access.
* bug. However, removing the DACL is not a valid workaround because this
* changes the meaning of the security descriptor--- an empty DACL allows no
* access, whereas a "null" DACL allows all access.