Changing file/folder permissions - microsoft.public.scripting.vbscript

Message from discussion Changing file/folder permissions
From: "gerryR" <ger...@NOSAPMgerryr.com>
References:  <#jD#gcPiIHA.5504@TK2MSFTNGP05.phx.gbl> <EC0E53CE-C1DE-4D1A-98E9-22E0DB33AE87@microsoft.com>
In-Reply-To: <EC0E53CE-C1DE-4D1A-98E9-22E0DB33AE87@microsoft.com>
Subject: Re: Changing file/folder permissions
Date: Wed, 19 Mar 2008 09:19:48 -0000
Lines: 166
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="Utf-8";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
Message-ID: <e9Up0JaiIHA.1944@TK2MSFTNGP02.phx.gbl>
Newsgroups: microsoft.public.scripting.vbscript
NNTP-Posting-Host: 87-198-135-150.ptr.magnet.ie 87.198.135.150
Path: g2news1.google.com!news2.google.com!newshub.sdsu.edu!msrtrans!TK2MSFTFEEDS02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl

Thanks for the reply John,

Just had anotehr look at cacls and it will probably do what I need without 
using VB at all ......

Ahh well, maybe the next thing will force me to use/ learn VB!!


"Jon" <J...@discussions.microsoft.com> wrote in message 
news:EC0E53CE-C1DE-4D1A-98E9-22E0DB33AE87@microsoft.com...
> There is a way but it is much easier to use cacls or xcacls from the 
> resource
> kit
>
> The script below is an example of how to set share and ntfs permissions
>
> '================
> 'ShareSetup.vbs
> 'Author: Jonathan Warnken - jon.warn...@gmail.com
> 'Credits: parts of various other posted scripts used
> 'Requirements: Admin Rights
>
> 'Some Addition Lev Shumskii aka WildCat
> 'Now You may set SecurityDescriptor for NTFS
> 'and this script work properly under Win2k & Win2k3
> '================
> Option Explicit
>
> Const FILE_SHARE = 0
> Const MAXIMUM_CONNECTIONS = 15
> Const strDomain = "Your Domain"
> Const PERM_READ = 1179817
> Const PERM_MODIFY = 1245631
> Const PERM_FULL = 2032127
>
>
> Dim strComputer
> Dim objWMIService
> Dim objNewShare
>
> strComputer = "."
>
> Set objWMIService = GetObject("winmgmts:" &
> "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
> Set objNewShare = objWMIService.Get("Win32_Share")
>
> 'Worked Example
> Call sharesec ("C:\Robot", "Robot", "Only Security Department", "Security
> Department", Perm_Read, Perm_Modify)
>
> Sub sharesec(Fname, shr, info, account, Share_Perm, NTFS_Perm)
> Dim FSO
> Dim Services
> Dim SecDescClass
> Dim SecDesc
> Dim Trustee
> Dim ACE
> Dim Share
> Dim InParam
> Dim Network
> Dim FolderName
> Dim AdminServer
> Dim ShareName
> Dim FolderSecurity
> Dim RetVal
> Dim SecurityDescriptor
> Dim User
>
> FolderName = Fname
> AdminServer = "\\" & strComputer
> ShareName = shr
> **********************START NTFS SECTION ****************
> 'Write New security descriptor for the FolderName
>
> Set Services =
> GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
> AdminServer & "\ROOT\CIMV2")
> Set SecurityDescriptor = Services.Get("Win32_SecurityDescriptor")
>
> Set FolderSecurity =
> GetObject("winmgmts:Win32_LogicalFileSecuritySetting.Path='" & FolderName 
> &
> "'")
> RetVal = FolderSecurity.GetSecurityDescriptor(SecurityDescriptor)
>
> Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
> groups and SetAccountTrustee for users
> Set ACE = Services.Get("Win32_Ace").SpawnInstance_
> ACE.Properties_.Item("AccessMask") = NTFS_Perm
> ACE.Properties_.Item("AceFlags") = 3
> ACE.Properties_.Item("AceType") = 0
> ACE.Properties_.Item("Trustee") = Trustee
> SecurityDescriptor.Properties_.Item("DACL") = Array(ACE)
>
> RetVal = FolderSecurity.SetSecurityDescriptor(SecurityDescriptor)
> ***************** END NTFS SECTION **********************
> 'Create new Share
>
> Set Services =
> GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
> AdminServer & "\ROOT\CIMV2")
> Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
> Set SecDesc = SecDescClass.SpawnInstance_()
>
> Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
> groups and SetAccountTrustee for users
> Set ACE = Services.Get("Win32_Ace").SpawnInstance_
> ACE.Properties_.Item("AccessMask") = Share_Perm
> ACE.Properties_.Item("AceFlags") = 3
> ACE.Properties_.Item("AceType") = 0
> ACE.Properties_.Item("Trustee") = Trustee
> SecDesc.Properties_.Item("DACL") = Array(ACE)
> Set Share = Services.Get("Win32_Share")
> Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
> InParam.Properties_.Item("Access") = SecDesc
> InParam.Properties_.Item("Description") = Info
> InParam.Properties_.Item("Name") = ShareName
> InParam.Properties_.Item("Path") = FolderName
> InParam.Properties_.Item("MaximumAllowed") = MAXIMUM_CONNECTIONS
> InParam.Properties_.Item("Type") = 0
> Share.ExecMethod_ "Create", InParam
> End Sub
>
>
> Function SetAccountTrustee(strDomain, strName)
> Dim objTrustee
> Dim account
> Dim accountSID
> set objTrustee =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
> set account =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" 
> & strName & "',Domain='" & strDomain &"'")
> set accountSID =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" 
> & account.SID &"'")
> objTrustee.Domain = strDomain
> objTrustee.Name = strName
> objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
> set accountSID = nothing
> set account = nothing
> set SetAccountTrustee = objTrustee
> End Function
>
>
> Function SetGroupTrustee(strDomain, strName)
> Dim objTrustee
> Dim account
> Dim accountSID
> set objTrustee =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
> set account =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" 
> & strName & "',Domain='" & strDomain &"'")
> set accountSID =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" 
> & account.SID &"'")
> objTrustee.Domain = strDomain
> objTrustee.Name = strName
> objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
> set accountSID = nothing
> set account = nothing
> set SetGroupTrustee = objTrustee
> End Function
>