Go to Google Groups Home    microsoft.public.scripting.vbscript
Re: Changing file/folder permissions

gerryR <ger...@nosapmgerryr.com>

Thanks for the reply John,

Just had anotehr look at cacls and it will probably do what I need without
using VB at all ......

Ahh well, maybe the next thing will force me to use/ learn VB!!

"Jon" <J...@discussions.microsoft.com> wrote in message

news:EC0E53CE-C1DE-4D1A-98E9-22E0DB33AE87@microsoft.com...
> There is a way but it is much easier to use cacls or xcacls from the
> resource
> kit

> The script below is an example of how to set share and ntfs permissions

> '================
> 'ShareSetup.vbs
> 'Author: Jonathan Warnken - jon.warn...@gmail.com
> 'Credits: parts of various other posted scripts used
> 'Requirements: Admin Rights

> 'Some Addition Lev Shumskii aka WildCat
> 'Now You may set SecurityDescriptor for NTFS
> 'and this script work properly under Win2k & Win2k3
> '================
> Option Explicit

> Const FILE_SHARE = 0
> Const MAXIMUM_CONNECTIONS = 15
> Const strDomain = "Your Domain"
> Const PERM_READ = 1179817
> Const PERM_MODIFY = 1245631
> Const PERM_FULL = 2032127

> Dim strComputer
> Dim objWMIService
> Dim objNewShare

> strComputer = "."

> Set objWMIService = GetObject("winmgmts:" &
> "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
> Set objNewShare = objWMIService.Get("Win32_Share")

> 'Worked Example
> Call sharesec ("C:\Robot", "Robot", "Only Security Department", "Security
> Department", Perm_Read, Perm_Modify)

> Sub sharesec(Fname, shr, info, account, Share_Perm, NTFS_Perm)
> Dim FSO
> Dim Services
> Dim SecDescClass
> Dim SecDesc
> Dim Trustee
> Dim ACE
> Dim Share
> Dim InParam
> Dim Network
> Dim FolderName
> Dim AdminServer
> Dim ShareName
> Dim FolderSecurity
> Dim RetVal
> Dim SecurityDescriptor
> Dim User

> FolderName = Fname
> AdminServer = "\\" & strComputer
> ShareName = shr
> **********************START NTFS SECTION ****************
> 'Write New security descriptor for the FolderName

> Set Services =
> GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
> AdminServer & "\ROOT\CIMV2")
> Set SecurityDescriptor = Services.Get("Win32_SecurityDescriptor")

> Set FolderSecurity =
> GetObject("winmgmts:Win32_LogicalFileSecuritySetting.Path='" & FolderName
> &
> "'")
> RetVal = FolderSecurity.GetSecurityDescriptor(SecurityDescriptor)

> Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
> groups and SetAccountTrustee for users
> Set ACE = Services.Get("Win32_Ace").SpawnInstance_
> ACE.Properties_.Item("AccessMask") = NTFS_Perm
> ACE.Properties_.Item("AceFlags") = 3
> ACE.Properties_.Item("AceType") = 0
> ACE.Properties_.Item("Trustee") = Trustee
> SecurityDescriptor.Properties_.Item("DACL") = Array(ACE)

> RetVal = FolderSecurity.SetSecurityDescriptor(SecurityDescriptor)
> ***************** END NTFS SECTION **********************
> 'Create new Share

> Set Services =
> GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
> AdminServer & "\ROOT\CIMV2")
> Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
> Set SecDesc = SecDescClass.SpawnInstance_()

> Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
> groups and SetAccountTrustee for users
> Set ACE = Services.Get("Win32_Ace").SpawnInstance_
> ACE.Properties_.Item("AccessMask") = Share_Perm
> ACE.Properties_.Item("AceFlags") = 3
> ACE.Properties_.Item("AceType") = 0
> ACE.Properties_.Item("Trustee") = Trustee
> SecDesc.Properties_.Item("DACL") = Array(ACE)
> Set Share = Services.Get("Win32_Share")
> Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
> InParam.Properties_.Item("Access") = SecDesc
> InParam.Properties_.Item("Description") = Info
> InParam.Properties_.Item("Name") = ShareName
> InParam.Properties_.Item("Path") = FolderName
> InParam.Properties_.Item("MaximumAllowed") = MAXIMUM_CONNECTIONS
> InParam.Properties_.Item("Type") = 0
> Share.ExecMethod_ "Create", InParam
> End Sub

> Function SetAccountTrustee(strDomain, strName)
> Dim objTrustee
> Dim account
> Dim accountSID
> set objTrustee =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trust ee").Spawninstance_
> set account =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Accou nt.Name='"
> & strName & "',Domain='" & strDomain &"'")
> set accountSID =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.S ID='"
> & account.SID &"'")
> objTrustee.Domain = strDomain
> objTrustee.Name = strName
> objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
> set accountSID = nothing
> set account = nothing
> set SetAccountTrustee = objTrustee
> End Function

> Function SetGroupTrustee(strDomain, strName)
> Dim objTrustee
> Dim account
> Dim accountSID
> set objTrustee =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trust ee").Spawninstance_
> set account =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group .Name='"
> & strName & "',Domain='" & strDomain &"'")
> set accountSID =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.S ID='"
> & account.SID &"'")
> objTrustee.Domain = strDomain
> objTrustee.Name = strName
> objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
> set accountSID = nothing
> set account = nothing
> set SetGroupTrustee = objTrustee
> End Function