Go to Google Groups Home    microsoft.public.scripting.vbscript
RE: Changing file/folder permissions

Jon <j...@discussions.microsoft.com>

There is a way but it is much easier to use cacls or xcacls from the resource
kit

The script below is an example of how to set share and ntfs permissions

'================
'ShareSetup.vbs
'Author: Jonathan Warnken - jon.warn...@gmail.com
'Credits: parts of various other posted scripts used
'Requirements: Admin Rights

'Some Addition Lev Shumskii aka WildCat
'Now You may set SecurityDescriptor for NTFS
'and this script work properly under Win2k & Win2k3
'================
Option Explicit

Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 15
Const strDomain = "Your Domain"
Const PERM_READ = 1179817
Const PERM_MODIFY = 1245631
Const PERM_FULL = 2032127

Dim strComputer
Dim objWMIService
Dim objNewShare

strComputer = "."

Set objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")

'Worked Example
Call sharesec ("C:\Robot", "Robot", "Only Security Department", "Security
Department", Perm_Read, Perm_Modify)

Sub sharesec(Fname, shr, info, account, Share_Perm, NTFS_Perm)
Dim FSO
Dim Services
Dim SecDescClass
Dim SecDesc
Dim Trustee
Dim ACE
Dim Share
Dim InParam
Dim Network
Dim FolderName
Dim AdminServer
Dim ShareName
Dim FolderSecurity
Dim RetVal
Dim SecurityDescriptor
Dim User

FolderName = Fname
AdminServer = "\\" & strComputer
ShareName = shr
**********************START NTFS SECTION ****************
'Write New security descriptor for the FolderName

Set Services =
GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
AdminServer & "\ROOT\CIMV2")
Set SecurityDescriptor = Services.Get("Win32_SecurityDescriptor")

Set FolderSecurity =
GetObject("winmgmts:Win32_LogicalFileSecuritySetting.Path='" & FolderName &
"'")
RetVal = FolderSecurity.GetSecurityDescriptor(SecurityDescriptor)

Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
groups and SetAccountTrustee for users
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
ACE.Properties_.Item("AccessMask") = NTFS_Perm
ACE.Properties_.Item("AceFlags") = 3
ACE.Properties_.Item("AceType") = 0
ACE.Properties_.Item("Trustee") = Trustee
SecurityDescriptor.Properties_.Item("DACL") = Array(ACE)

RetVal = FolderSecurity.SetSecurityDescriptor(SecurityDescriptor)
***************** END NTFS SECTION **********************
'Create new Share

Set Services =
GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
AdminServer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_()

Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
groups and SetAccountTrustee for users
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
ACE.Properties_.Item("AccessMask") = Share_Perm
ACE.Properties_.Item("AceFlags") = 3
ACE.Properties_.Item("AceType") = 0
ACE.Properties_.Item("Trustee") = Trustee
SecDesc.Properties_.Item("DACL") = Array(ACE)
Set Share = Services.Get("Win32_Share")
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
InParam.Properties_.Item("Access") = SecDesc
InParam.Properties_.Item("Description") = Info
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("MaximumAllowed") = MAXIMUM_CONNECTIONS
InParam.Properties_.Item("Type") = 0
Share.ExecMethod_ "Create", InParam
End Sub

Function SetAccountTrustee(strDomain, strName)
Dim objTrustee
Dim account
Dim accountSID
set objTrustee =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trust ee").Spawninstance_
set account =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Accou nt.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.S ID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetAccountTrustee = objTrustee
End Function

Function SetGroupTrustee(strDomain, strName)
Dim objTrustee
Dim account
Dim accountSID
set objTrustee =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trust ee").Spawninstance_
set account =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group .Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.S ID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetGroupTrustee = objTrustee
End Function