用管理员运行的cmd无法删除program files和其他系统文件夹下的程序

用管理员运行的cmd无法删除program files和其他系统文件夹下的程序，可删除其他地方的程序，如何解决 代码如下
ShellExecuteA(NULL, "runas", "cmd.exe", "/C rmdir /s /q C:\Program Files\123", NULL, SW_HIDE);

1.删除文件，不成功提示

2.右键文件属性，进入高级

3.更改“所有者”

4.进入高级

5.立即查找，找到User 确定，保存即可

6.再次打开属性，编辑

7.修改用户权限

zhjianwang 的方法是对的 当然这是手动操作的方法
如果你想用程序操作的话 也是同样的思路 改变文件所有权

CHAR                    UserName[ 36 ];
    DWORD                   cbUserName = sizeof( UserName );
    CHAR                    Sid[ 1024 ] = { 0 };
    DWORD                   cbSid = sizeof( Sid );
    CHAR                    DomainBuffer[ 128 ] = { 0 };
    DWORD                   cbDomainBuffer = sizeof( DomainBuffer );
    SID_NAME_USE            eUse;
    PACL                    Dacl = NULL, OldDacl = NULL;
    EXPLICIT_ACCESSA         Ea;
    PSECURITY_DESCRIPTOR    Sd = NULL;
    BOOL                    Ret = FALSE;

    if ( adjustPrivileges( SE_TAKE_OWNERSHIP_NAME ) && adjustPrivileges( SE_RESTORE_NAME ) )
    {
        GetUserNameA( UserName, &cbUserName );
        if ( LookupAccountNameA( NULL, UserName, &Sid, &cbSid, DomainBuffer, &cbDomainBuffer, &eUse ) )
        {
            ZeroMemory( &Ea, sizeof( EXPLICIT_ACCESS ) );
            GetNamedSecurityInfoA( strSystemDir.c_str(), SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl, NULL, &Sd );
            BuildExplicitAccessWithNameA( &Ea, UserName, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT );
            if ( SetEntriesInAclA( 1, &Ea, OldDacl, &Dacl ) == ERROR_SUCCESS )
            {
                SetNamedSecurityInfoA((LPSTR)strSystemDir.c_str() , SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, &Sid, NULL, NULL, NULL );
                if ( SetNamedSecurityInfoA( ( LPSTR )strSystemDir.c_str(), SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, &Sid, NULL, Dacl, NULL ) == ERROR_SUCCESS )
                {
                    Ret = TRUE;
                }
            }

        }
BOOL adjustPrivileges( LPWSTR lpName )
{
    HANDLE hToken = NULL;
    TOKEN_PRIVILEGES tp = { 0 };
    TOKEN_PRIVILEGES oldtp = { 0 };
    DWORD dwSize = sizeof( TOKEN_PRIVILEGES );
    LUID luid = { 0 };

    if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ) {
        if ( GetLastError() == ERROR_CALL_NOT_IMPLEMENTED )
            return TRUE;
        else
            return FALSE;
    }
    if ( !LookupPrivilegeValueW( NULL, lpName, &luid ) ) {
        CloseHandle( hToken );
        return FALSE;
    }

    tp.PrivilegeCount = 1;
    tp.Privileges[ 0 ].Luid = luid;
    tp.Privileges[ 0 ].Attributes = SE_PRIVILEGE_ENABLED;

    /* Adjust Token Privileges */
    if ( !AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof( TOKEN_PRIVILEGES ), &oldtp, &dwSize ) ) {
        CloseHandle( hToken );
        return FALSE;
    }

    CloseHandle( hToken );
    return TRUE;
}

大概就是这样