fname = r"h:\tmp.txt" import win32security, win32file, win32api, ntsecuritycon, win32con new_privs = ( ( win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME), win32con.SE_PRIVILEGE_ENABLED, ), ( win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SHUTDOWN_NAME), win32con.SE_PRIVILEGE_ENABLED, ), ( win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TCB_NAME), win32con.SE_PRIVILEGE_ENABLED, ), ( win32security.LookupPrivilegeValue("", ntsecuritycon.SE_RESTORE_NAME), win32con.SE_PRIVILEGE_ENABLED, ), ( win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TAKE_OWNERSHIP_NAME), win32con.SE_PRIVILEGE_ENABLED, ), ( win32security.LookupPrivilegeValue("", ntsecuritycon.SE_CREATE_PERMANENT_NAME), win32con.SE_PRIVILEGE_ENABLED, ), ( win32security.LookupPrivilegeValue("", "SeEnableDelegationPrivilege"), win32con.SE_PRIVILEGE_ENABLED, ), ##doesn't seem to be in ntsecuritycon.py ? ) ph = win32api.GetCurrentProcess() th = win32security.OpenProcessToken( ph, win32security.TOKEN_ALL_ACCESS | win32con.TOKEN_ADJUST_PRIVILEGES ) win32security.AdjustTokenPrivileges(th, 0, new_privs) all_security_info = ( win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION | win32security.SACL_SECURITY_INFORMATION ) sd = win32security.GetFileSecurity(fname, all_security_info) old_dacl = sd.GetSecurityDescriptorDacl() old_sacl = sd.GetSecurityDescriptorSacl() old_group = sd.GetSecurityDescriptorGroup() new_sd = win32security.SECURITY_DESCRIPTOR() print( "relative, valid, size: ", new_sd.IsSelfRelative(), new_sd.IsValid(), new_sd.GetLength(), ) my_sid = win32security.GetTokenInformation(th, ntsecuritycon.TokenUser)[0] tmp_sid = win32security.LookupAccountName("", "tmp")[0] new_sd.SetSecurityDescriptorSacl(1, old_sacl, 1) new_sd.SetSecurityDescriptorDacl(1, old_dacl, 1) new_sd.SetSecurityDescriptorOwner(tmp_sid, 0) new_sd.SetSecurityDescriptorGroup(old_group, 0) win32security.SetFileSecurity(fname, all_security_info, new_sd)