Getting a file system object

[David Mueller]

I'm trying to read the security groups associated with a file on an NTFS share.
I tried ...

Set objFile as Object
Set objFile = GetObject("I:\myfolder\myfile.xyz")

This isn't working. I scoured other scripting guides, etc but I'm coming up
empty handed. A push in the right direction would be appreciated -- bonus
points if you have the answer!

Thanks,
David

 

[David Mueller]

Wow. I found some vb script and moved it to VBA and to my surprise it works.
I modified it quite a bit. I feed this the files in my folder it lets me
know which ones don't belong to the 'group' I specify.

I'm not sure what happens if you send it a file to which you have zero
permissions to. I assume it will err and return false.

Hope this helps someone.



Public Function fSecurityDescriptorExists(strFileName As String,
strSecurityDescriptor As String) As Boolean
On Error GoTo Err_fSecurityDescriptorExists
'First, I have no idea why this works. I found some vb script and moved it
to VBA
'if you specify a security descriptor (i.e. security group name) and a
filename
'this will return TRUE if the DACL contains the group
'this will return FALSE if the DACL does not contain the group
'this function doesn't look at individual permissions granted to the group -
only the existence of it
'the constants were in the original vb script I found, so I left them. I
assume you could use them
'to check permission.
'
Const SE_DACL_PRESENT = &H4

Const ACCESS_ALLOWED_ACE_TYPE = &H0
Const ACCESS_DENIED_ACE_TYPE = &H1

Const FILE_ALL_ACCESS = &H1F01FF
Const FILE_APPEND_DATA = &H4
Const FILE_DELETE = &H10000
Const FILE_DELETE_CHILD = &H40
Const FILE_EXECUTE = &H20
Const FILE_READ_ATTRIBUTES = &H80
Const FILE_READ_CONTROL = &H20000
Const FILE_READ_DATA = &H1
Const FILE_READ_EA = &H8
Const FILE_SYNCHRONIZE = &H100000
Const FILE_WRITE_ATTRIBUTES = &H100
Const FILE_WRITE_DAC = &H40000
Const FILE_WRITE_DATA = &H2
Const FILE_WRITE_EA = &H10
Const FILE_WRITE_OWNER = &H80000

Dim objWMIService As Object
Dim objFileSecuritySettings As Object
Dim objSD As Object

Dim objACE As Variant

Dim intRetVal As Long
Dim intControlFlags As Long
Dim arrACEs As Variant

Dim blnFoundDescriptor As Boolean

Set objWMIService = GetObject("winmgmts:")
Set objFileSecuritySettings = _
objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFileName &
"'")

intRetVal = objFileSecuritySettings.GetSecurityDescriptor(objSD) '4?
intControlFlags = objSD.ControlFlags '33796?

'Debug.Print intControlFlags And SE_DACL_PRESENT
If intControlFlags And SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE In arrACEs
Debug.Print objACE.Trustee.Domain & "\" & objACE.Trustee.name
If objACE.Trustee.name = strSecurityDescriptor Then
blnFoundDescriptor = True
End If
Next
Else
Debug.Print "No DACL present in security descriptor"
End If

Exit_Function:
fSecurityDescriptorExists = blnFoundDescriptor
Set objSD = Nothing
Set objACE = Nothing
Set objFileSecuritySettings = Nothing
Set objWMIService = Nothing
Exit Function

Err_fSecurityDescriptorExists:
MsgBox "Error looking for domain security descriptor." & vbCrLf & vbCrLf
& Err.Description
blnFoundDescriptor = False
Resume Exit_Function
Resume
End Function

 

[David Mueller]

I just discovered this won't work with UNC paths, only drive letters. Any
suggestions on modifications that will allow UNC paths?