Delegate permissions with VBS

  • Thread starter Thread starter birddog
  • Start date Start date
B

birddog

I am trying to create a VBS script that would delegate permissions to
OU's with the following extended and property right, can anyone help me
out? First of all I tried running a script that queries a text file
the different areas but it kept over writing the permissions that were
applied, something to do with running a single process so I scraped
that plan and now I made a vbs script for each permission that I want
to use and then call each vbs script with a start/wait command from a
batch file. The problem I am running into is that when I look at the
ntsecurity descriptor it has added a "special" permission that applies
to " this object only" with nothing in it. This maybe ok but the who
point of me running this script is to clean up my perms not make it
more difficult to read. Can you assit me, PLEASE. any help would be
good, thanks.

'Script 1
Option Explicit

Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2
Const ADS_RIGHT_GENERIC_ALL = &H10000000
Const ADS_ACEFLAG_INHERIT_ACE = &H2

Dim objFSO, objFile, objSdUtil,objSD,objDACL,objAce
Dim strOU
Dim arrAllOUs, arrFileLine

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("Perms.txt")

arrAllOUs = objFile.ReadAll
arrFileLine = Split(arrAllOUs, vbCrlf)

For Each strOU in arrFileLine
Set objSdUtil = GetObject(strOU)
Set objSD = objSdUtil.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryACL
Set objAce = CreateObject("AccessControlEntry")
objAce.Trustee = "Frontrange-2k\_Test01"
objAce.AceFlags = ADS_ACEFLAG_INHERIT_ACE
objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objAce.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT OR
ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT
objAce.ObjectType = "{00299570-246d-11d0-a768-00aa006e0529}"

objAce.InheritedObjectType = "{BF967ABA-0DE6-11D0-A285-00AA003049E2}"
objAce.AccessMask = ADS_RIGHT_GENERIC_ALL
objDacl.AddAce objAce
objSD.DiscretionaryAcl = objDacl
objSDUtil.Put "ntSecurityDescriptor", Array(objSD)
objSDUtil.SetInfo
Next
msgBox "done4"

'script 2
Option Explicit

Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
Const ADS_ACEFLAG_INHERIT_ACE = &H2

Dim objFSO, objFile, objSdUtil,objSD,objDACL,objAce
Dim strOU
Dim arrAllOUs, arrFileLine

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("Perms.txt")

arrAllOUs = objFile.ReadAll
arrFileLine = Split(arrAllOUs, vbCrlf)

For Each strOU in arrFileLine
Set objSdUtil = GetObject(strOU)
Set objSD = objSdUtil.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryACL
Set objAce = CreateObject("AccessControlEntry")
objAce.Trustee = "Frontrange-2k\_Test01"
objAce.AceFlags = ADS_ACEFLAG_INHERIT_ACE
objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objAce.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT OR
ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT
objAce.ObjectType = "{bf967a0a-0de6-11d0-a285-00aa003049e2}"

objAce.InheritedObjectType = "{BF967ABA-0DE6-11D0-A285-00AA003049E2}"
objAce.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objDacl.AddAce objAce
objSD.DiscretionaryAcl = objDacl
objSDUtil.Put "ntSecurityDescriptor", Array(objSD)
objSDUtil.SetInfo
Next
msgBox "done3"
 
Back
Top