Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Misc Newsgroups > VB Script
Reload this Page Adding an ACE to an ACL
Join Now FAQ Search Today's Posts Mark Forums Read

Vista - Adding an ACE to an ACL

Reply
 
Old 04-17-2009   #1 (permalink)
Cesar S


 
 

Adding an ACE to an ACL
I'm trying to write a small script that will emulate giving the 'Users' group
'Write' permission to a folder. The permission should also apply to 'this
folder, subfolders and files'. I feel that I'm so close. The problem that
I'm having with the code below is that according to the error thrown I need
an ObjectType. I have no idea what the object type should be. I'm pretty
sure that it's a property that I can read from an existing ACE? ACL? and then
assign to my new ACE.

Thanks a million in advance.

Cesar


CONST ADS_RIGHT_DS_WRITE_PROP = &h20
CONST ADS_FILE_LIST_DIRECTORY = &h1
CONST ADS_ACETYPE_ACCESS_ALLOWED = &h0
CONST ADS_ACEFLAG_OBJECT_INHERIT_ACE = &h1
CONST ADS_ACEFLAG_CONTAINER_INHERIT_ACE = &h2
CONST ADS_FLAG_OBJECT_TYPE_PRESENT = &h1
CONST ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &h2

strFolder = "C:\\My Folder\\New Folder\\New Folder"


On Error Resume Next
Err = 0

Set objWMIFileSecSetting = GetObject
("winmgmts:Win32_LogicalFileSecuritySetting.path='" & strFolder & "'")
intRetVal = objWMIFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)

If Err = 0 Then
wscript.echo "<span style="font-size:x-small">Adding 'Write' permission for
group 'Users'</span>"
wscript.echo ""

'Create the Discretionary Access Control List object
objDACL = wmiSecurityDescriptor.DACL

'Create the Access Control Entry object
Set objACE = CreateObject("AccessControlEntry")

'Set the ACE properties
objACE.AccessMask = ADS_RIGHT_DS_WRITE_PROP
objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
objACE.AceFlags = ADS_ACEFLAG_OBJECT_INHERIT_ACE or
ADS_ACEFLAG_CONTAINER_INHERIT_ACE
objACE.Trustee = "MyComputer\Users"
'objACE.Flags =
'objACE.ObjectType =
'objACE.InheritedObjectType =

wscript.echo "Access Mask: " & objACE.AccessMask
wscript.echo "ACE Type: " & objACE.AceType
wscript.echo "Ace Flags: " & objACE.AceFlags
wscript.echo "Trustee: " & objACE.Trustee
wscript.echo "Flags: " & objACE.Flags
wscript.echo "ObjectType: " & objACE.ObjectType
wscript.echo "IObjectType: " & objACE.InheritedObjectType

'Add the ACE to the DACL
objDACL.AddAce objACE
If (Err.Number <> 0) Then
MsgBox("An error has occurred... " & Err.Number & ":" & Err.Description)
End If

' Clean up
Set objWMIFileSecSetting = Nothing
Set objDACL = Nothing
Set objACE = Nothing
End If
My System SpecsSystem Spec
Reply

« Computer Last Password Change | multiple search and replaces in a text file »
Thread Tools


Similar Threads
Thread Forum
DVD+RW adding to Vista music pictures video
Adding a second HD Vista hardware & devices
adding ram Vista hardware & devices
Adding Promise FastTrack 378 Adding Vista hardware & devices
Adding Promise FastTrack 378 Adding Vista hardware & devices


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
Contact Us - Windows Vista Forums - Archive - Privacy - Legal - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46