J
Johan
Hi
I'm using WMI to set and remove folderpermissions and it sems to work
fine, sometimes. I start by having the folderpermissons manuly set to
Everyone and Everone has full rights. When I'm setting and removing
permissons on a mapped folder in the network it works fine but when
doing the same thing on a folder om my harddrive Everyone does not get
removed.
Does anyone have any idea how to fix this or how to set and remove
folderpermissons in another way.
Here is the code I'm using:
Try
'Path to folder to change permissions for
Dim mp As New ManagementPath()
'mp.Server = "servername"
'mp.NamespacePath = "root\cimv2"
mp.RelativePath =
"\\MASCHINENAME\root\CIMV2:Win32_LogicalFileSecuritySetting.Path=""PATHTOFOLDER"""
'"Win32_LogicalFileSecuritySetting.Path='" +
path.Replace("\", "\\") + "'"
Dim objFile As New ManagementObject(mp)
Dim options As New InvokeMethodOptions(Nothing, New
TimeSpan(0, 0, 0, 5))
Dim outparams As ManagementBaseObject =
objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)
Dim securityDescriptor As ManagementBaseObject =
outparams("Descriptor")
lblMessage.Text += "Got SD...<br>"
Dim dacl As ManagementBaseObject() =
securityDescriptor("DACL")
Dim oldACE As ManagementBaseObject
Dim trustee As ManagementBaseObject
lblMessage.Text += "Print old DACL<br>"
For Each oldACE In dacl
trustee = CType(oldACE("Trustee"),
ManagementBaseObject)
lblMessage.Text += trustee("Name").ToString() & " " &
oldACE("AccessMask").ToString() & " " & oldACE("AceType").ToString() &
"<br>"
Next
Dim win32Trustee As New ManagementClass("Win32_Trustee")
'Create Trustee for User
Dim newTrusteeUser As ManagementObject =
win32Trustee.CreateInstance
Dim UserAcct As String = "LDAP string to user in
AD (without LDAP://)"
Dim UserNamePath As String = "LDAP://" & UserAcct
Dim dirEnt As New DirectoryEntry(UserNamePath)
Dim UserName As String =
dirEnt.Properties("sAMAccountName")(0)
Dim UserSid As Byte() = dirEnt.Properties("objectsid")(0)
dirEnt.Dispose()
newTrusteeUser("Name") = UserName
newTrusteeUser("SID") = UserSid
newTrusteeUser("SIDLength") = UserSid.Length
'Create ACE for User
Dim win32Ace As New ManagementClass("Win32_ACE")
Dim newACEUser As ManagementObject =
win32Ace.CreateInstance
newACEUser("Trustee") = newTrusteeUser
newACEUser("AceFlags") = 3
newACEUser("AceType") = 0
newACEUser("AccessMask") = 1179817
'Create Trustee for Domain Admin
Dim newTrusteeAdmin As ManagementObject =
win32Trustee.CreateInstance
Dim AdminAcct As String ="LDAP string to Domain Admins in
AD (without LDAP://)"
Dim AdminNamePath As String = "LDAP://" & AdminAcct
dirEnt = New DirectoryEntry(AdminNamePath)
Dim AdminName As String =
dirEnt.Properties("sAMAccountName")(0)
Dim adminSid As Byte() = dirEnt.Properties("objectsid")(0)
dirEnt.Dispose()
newTrusteeAdmin("Name") = AdminName
newTrusteeAdmin("SID") = adminSid
newTrusteeAdmin("SIDLength") = adminSid.Length
'Create ACE for Domain Admins
Dim newACEAdmin As ManagementObject =
win32Ace.CreateInstance
newACEAdmin("Trustee") = newTrusteeAdmin
newACEAdmin("AceFlags") = 3
newACEAdmin("AceType") = 0
newACEAdmin("AccessMask") = 2032127
'set new dacl
Dim newAces() As ManagementBaseObject = New
ManagementBaseObject() {newACEUser, newACEAdmin}
securityDescriptor("DACL") = newAces
'call method, set sd
Dim args1() As Object = {securityDescriptor}
Dim retval As UInt32 =
objFile.InvokeMethod("SetSecurityDescriptor", args1)
lblMessage.Text += "<br>SetSecurityDescriptor ReturnStatus
= " & System.Convert.ToInt32(retval)
Catch ex As Exception
lblMessage.Text = "Setting permission failed: " &
ex.Message
End Try
End Sub
I'm using WMI to set and remove folderpermissions and it sems to work
fine, sometimes. I start by having the folderpermissons manuly set to
Everyone and Everone has full rights. When I'm setting and removing
permissons on a mapped folder in the network it works fine but when
doing the same thing on a folder om my harddrive Everyone does not get
removed.
Does anyone have any idea how to fix this or how to set and remove
folderpermissons in another way.
Here is the code I'm using:
Try
'Path to folder to change permissions for
Dim mp As New ManagementPath()
'mp.Server = "servername"
'mp.NamespacePath = "root\cimv2"
mp.RelativePath =
"\\MASCHINENAME\root\CIMV2:Win32_LogicalFileSecuritySetting.Path=""PATHTOFOLDER"""
'"Win32_LogicalFileSecuritySetting.Path='" +
path.Replace("\", "\\") + "'"
Dim objFile As New ManagementObject(mp)
Dim options As New InvokeMethodOptions(Nothing, New
TimeSpan(0, 0, 0, 5))
Dim outparams As ManagementBaseObject =
objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)
Dim securityDescriptor As ManagementBaseObject =
outparams("Descriptor")
lblMessage.Text += "Got SD...<br>"
Dim dacl As ManagementBaseObject() =
securityDescriptor("DACL")
Dim oldACE As ManagementBaseObject
Dim trustee As ManagementBaseObject
lblMessage.Text += "Print old DACL<br>"
For Each oldACE In dacl
trustee = CType(oldACE("Trustee"),
ManagementBaseObject)
lblMessage.Text += trustee("Name").ToString() & " " &
oldACE("AccessMask").ToString() & " " & oldACE("AceType").ToString() &
"<br>"
Next
Dim win32Trustee As New ManagementClass("Win32_Trustee")
'Create Trustee for User
Dim newTrusteeUser As ManagementObject =
win32Trustee.CreateInstance
Dim UserAcct As String = "LDAP string to user in
AD (without LDAP://)"
Dim UserNamePath As String = "LDAP://" & UserAcct
Dim dirEnt As New DirectoryEntry(UserNamePath)
Dim UserName As String =
dirEnt.Properties("sAMAccountName")(0)
Dim UserSid As Byte() = dirEnt.Properties("objectsid")(0)
dirEnt.Dispose()
newTrusteeUser("Name") = UserName
newTrusteeUser("SID") = UserSid
newTrusteeUser("SIDLength") = UserSid.Length
'Create ACE for User
Dim win32Ace As New ManagementClass("Win32_ACE")
Dim newACEUser As ManagementObject =
win32Ace.CreateInstance
newACEUser("Trustee") = newTrusteeUser
newACEUser("AceFlags") = 3
newACEUser("AceType") = 0
newACEUser("AccessMask") = 1179817
'Create Trustee for Domain Admin
Dim newTrusteeAdmin As ManagementObject =
win32Trustee.CreateInstance
Dim AdminAcct As String ="LDAP string to Domain Admins in
AD (without LDAP://)"
Dim AdminNamePath As String = "LDAP://" & AdminAcct
dirEnt = New DirectoryEntry(AdminNamePath)
Dim AdminName As String =
dirEnt.Properties("sAMAccountName")(0)
Dim adminSid As Byte() = dirEnt.Properties("objectsid")(0)
dirEnt.Dispose()
newTrusteeAdmin("Name") = AdminName
newTrusteeAdmin("SID") = adminSid
newTrusteeAdmin("SIDLength") = adminSid.Length
'Create ACE for Domain Admins
Dim newACEAdmin As ManagementObject =
win32Ace.CreateInstance
newACEAdmin("Trustee") = newTrusteeAdmin
newACEAdmin("AceFlags") = 3
newACEAdmin("AceType") = 0
newACEAdmin("AccessMask") = 2032127
'set new dacl
Dim newAces() As ManagementBaseObject = New
ManagementBaseObject() {newACEUser, newACEAdmin}
securityDescriptor("DACL") = newAces
'call method, set sd
Dim args1() As Object = {securityDescriptor}
Dim retval As UInt32 =
objFile.InvokeMethod("SetSecurityDescriptor", args1)
lblMessage.Text += "<br>SetSecurityDescriptor ReturnStatus
= " & System.Convert.ToInt32(retval)
Catch ex As Exception
lblMessage.Text = "Setting permission failed: " &
ex.Message
End Try
End Sub