Message from discussion
Changing file/folder permissions
Thread-Topic: Changing file/folder permissions
thread-index: AciJFXd1lQMFRLheRC+mATjrU5FmTA==
X-WBNR-Posting-Host: 207.46.193.207
From: =?Utf-8?B?Sm9u?= <J...@discussions.microsoft.com>
References: <#jD#gcPiIHA.5504@TK2MSFTNGP05.phx.gbl>
Subject: RE: Changing file/folder permissions
Date: Tue, 18 Mar 2008 09:31:07 -0700
Lines: 149
Message-ID: <EC0E53CE-C1DE-4D1A-98E9-22E0DB33AE87@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
Newsgroups: microsoft.public.scripting.vbscript
NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
Path: g2news1.google.com!news3.google.com!out02a.usenetserver.com!news.usenetserver.com!in04.usenetserver.com!news.usenetserver.com!in03.usenetserver.com!news.usenetserver.com!newshub.sdsu.edu!msrtrans!TK2MSFTFEEDS02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGHUB02.phx.gbl
There is a way but it is much easier to use cacls or xcacls from the resource
kit
The script below is an example of how to set share and ntfs permissions
'================
'ShareSetup.vbs
'Author: Jonathan Warnken - jon.warn...@gmail.com
'Credits: parts of various other posted scripts used
'Requirements: Admin Rights
'Some Addition Lev Shumskii aka WildCat
'Now You may set SecurityDescriptor for NTFS
'and this script work properly under Win2k & Win2k3
'================
Option Explicit
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 15
Const strDomain = "Your Domain"
Const PERM_READ = 1179817
Const PERM_MODIFY = 1245631
Const PERM_FULL = 2032127
Dim strComputer
Dim objWMIService
Dim objNewShare
strComputer = "."
Set objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
'Worked Example
Call sharesec ("C:\Robot", "Robot", "Only Security Department", "Security
Department", Perm_Read, Perm_Modify)
Sub sharesec(Fname, shr, info, account, Share_Perm, NTFS_Perm)
Dim FSO
Dim Services
Dim SecDescClass
Dim SecDesc
Dim Trustee
Dim ACE
Dim Share
Dim InParam
Dim Network
Dim FolderName
Dim AdminServer
Dim ShareName
Dim FolderSecurity
Dim RetVal
Dim SecurityDescriptor
Dim User
FolderName = Fname
AdminServer = "\\" & strComputer
ShareName = shr
**********************START NTFS SECTION ****************
'Write New security descriptor for the FolderName
Set Services =
GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
AdminServer & "\ROOT\CIMV2")
Set SecurityDescriptor = Services.Get("Win32_SecurityDescriptor")
Set FolderSecurity =
GetObject("winmgmts:Win32_LogicalFileSecuritySetting.Path='" & FolderName &
"'")
RetVal = FolderSecurity.GetSecurityDescriptor(SecurityDescriptor)
Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
groups and SetAccountTrustee for users
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
ACE.Properties_.Item("AccessMask") = NTFS_Perm
ACE.Properties_.Item("AceFlags") = 3
ACE.Properties_.Item("AceType") = 0
ACE.Properties_.Item("Trustee") = Trustee
SecurityDescriptor.Properties_.Item("DACL") = Array(ACE)
RetVal = FolderSecurity.SetSecurityDescriptor(SecurityDescriptor)
***************** END NTFS SECTION **********************
'Create new Share
Set Services =
GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
AdminServer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_()
Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
groups and SetAccountTrustee for users
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
ACE.Properties_.Item("AccessMask") = Share_Perm
ACE.Properties_.Item("AceFlags") = 3
ACE.Properties_.Item("AceType") = 0
ACE.Properties_.Item("Trustee") = Trustee
SecDesc.Properties_.Item("DACL") = Array(ACE)
Set Share = Services.Get("Win32_Share")
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
InParam.Properties_.Item("Access") = SecDesc
InParam.Properties_.Item("Description") = Info
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("MaximumAllowed") = MAXIMUM_CONNECTIONS
InParam.Properties_.Item("Type") = 0
Share.ExecMethod_ "Create", InParam
End Sub
Function SetAccountTrustee(strDomain, strName)
Dim objTrustee
Dim account
Dim accountSID
set objTrustee =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
set account =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetAccountTrustee = objTrustee
End Function
Function SetGroupTrustee(strDomain, strName)
Dim objTrustee
Dim account
Dim accountSID
set objTrustee =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
set account =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetGroupTrustee = objTrustee
End Function
|
