Hi,
I found a vb code sample for setting ntfs file permissions here:
http://msdn.microsoft.com/en-us/libr...22(VS.85).aspx.
It looked simple enought to be made into a vbscript which I could then
further modify to do some fancy stuff with a bunch of home directories and
accounts.
I made the few symantic changes that I though would be necessary to get it
to work under vbscript, but now I get the error:
"E:\Temp\ace.vbs(217, 5) (null): The security ID structure is invalid."
Why does the line:
oADsSecurityUtility.SetSecurityDescriptor sFile, ADS_PATH_FILE, oSD,
ADS_SD_FORMAT_IID
not work? Why is the "oSD" variable invalid?
Below is the full script that I am using.
Thanks,
Greg
' Beginning of Code Modified to work as VBScript
' Define constants:
'
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
' Define the ADS_RIGHTS_ENUM values.
'
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_SYNCHRONIZE = &H100000
Const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000
Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ADS_RIGHT_GENERIC_WRITE = &H40000000
Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000
Const ADS_RIGHT_GENERIC_ALL = &H10000000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
' Ace Type definitions
'
Const ADS_ACETYPE_ACCESS_ALLOWED = 0
Const ADS_ACETYPE_ACCESS_DENIED = &H1
Const ADS_ACETYPE_SYSTEM_AUDIT = &H2
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
' Ace Flag Constants
'
Const ADS_ACEFLAG_UNKNOWN = &H1
Const ADS_ACEFLAG_INHERIT_ACE = &H2
Const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &H4
Const ADS_ACEFLAG_INHERIT_ONLY_ACE = &H8
Const ADS_ACEFLAG_INHERITED_ACE = &H10
Const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &H1F
Const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &H40
Const ADS_ACEFLAG_FAILED_ACCESS = &H80
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
' Flags constants for AD objects
'
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
' From WinNT.h
'------------------------------------------------------------------------------
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
' File Specific Access Rights
'
Const DELETE = &H10000
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = &H20000
Const STANDARD_RIGHTS_WRITE = &H20000
Const STANDARD_RIGHTS_EXECUTE = &H20000
Const STANDARD_RIGHTS_ALL = &H1F0000
Const SPECIFIC_RIGHTS_ALL = &HFFFF
'
' AccessSystemAcl access type
'
Const ACCESS_SYSTEM_SECURITY = &H1000000
'
' MaximumAllowed access type
'
Const MAXIMUM_ALLOWED = &H2000000
'
' These are the generic rights
'
Const GENERIC_READ = &H80000000
Const GENERIC_WRITE = &H40000000
Const GENERIC_EXECUTE = &H20000000
Const GENERIC_ALL = &H10000000
'
' AccessMask constants for FILE ACEs
'
Const FILE_READ_DATA = &H1 ' file & pipe
Const FILE_LIST_DIRECTORY = &H1 ' directory
Const FILE_WRITE_DATA = &H2 ' file & pipe
Const FILE_ADD_FILE = &H2 ' directory
Const FILE_APPEND_DATA = &H4 ' file
Const FILE_ADD_SUBDIRECTORY = &H4 ' directory
Const FILE_CREATE_PIPE_INSTANCE = &H4 ' named pipe
Const FILE_READ_EA = &H8 ' file & directory
Const FILE_WRITE_EA = &H10 ' file & directory
Const FILE_EXECUTE = &H20 ' file
Const FILE_TRAVERSE = &H20 ' directory
Const FILE_DELETE_CHILD = &H40 ' directory
Const FILE_READ_ATTRIBUTES = &H80 ' all
Const FILE_WRITE_ATTRIBUTES = &H100 ' all
FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &H1FF
FILE_GENERIC_READ = STANDARD_RIGHTS_READ Or FILE_READ_DATA Or
FILE_READ_ATTRIBUTES Or FILE_READ_EA Or SYNCHRONIZE
FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE Or FILE_WRITE_DATA Or
FILE_WRITE_ATTRIBUTES Or FILE_WRITE_EA Or FILE_APPEND_DATA Or SYNCHRONIZE
FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE Or FILE_READ_ATTRIBUTES Or
FILE_EXECUTE Or SYNCHRONIZE
Const FILE_SHARE_READ = &H1
Const FILE_SHARE_WRITE = &H2
Const FILE_SHARE_DELETE = &H4
'
' AceFlags values for files
'
Const OBJECT_INHERIT_ACE = &H1
Const CONTAINER_INHERIT_ACE = &H2
Const NO_PROPAGATE_INHERIT_ACE = &H4
Const INHERIT_ONLY_ACE = &H8
Const INHERITED_ACE = &H10
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
'<<<<<<<<<<<<<<<<<<<<<<<<< BEGIN IADsSecurityUtility Constants >>>>>>>>>>>>
'
'
' ADS_PATHTYPE_ENUM
'
Const ADS_PATH_FILE = 1
Const ADS_PATH_FILESHARE = 2
Const ADS_PATH_REGISTRY = 3
'
' ADS_SD_FORMAT_ENUM
'
Const ADS_SD_FORMAT_IID = 1
Const ADS_SD_FORMAT_RAW = 2
Const ADS_SD_FORMAT_HEXSTRING = 3
'
'<<<<<<<<<<<<<<<< END IADsSecurityUtility Constants >>>>>>>>>>>>>>>>>>>>>
'
'+++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++
'
' AddACEToFile
'
' Adds an ACE to the specified file or folder that grants the trustee
' modify rights on the file.
'
Sub AddACEToFile(sFile, sTrustee)
Dim oAce ' As AccessControlEntry ' variable for the new ACE
Dim oSD ' As SecurityDescriptor ' variable for the Security Descriptor
of the object
Dim oDacl ' As AccessControlList ' variable for the DACL of the object
Dim oADsSecurityUtility ' As ADsSecurityUtility
'
' Create an ADsSecurityUtlity object.
'
Set oADsSecurityUtility = CreateObject("ADsSecurityUtility")
'
' Get the Security Descriptor for the given NTFS File path.
'
Set oSD = oADsSecurityUtility.GetSecurityDescriptor(sFile,
ADS_PATH_FILE, ADS_SD_FORMAT_IID)
'
' Get the Discrectionary ACL for the key.
'
Set oDacl = oSD.DiscretionaryAcl
'
' Create an ACE object.
'
Set oAce = CreateObject("AccessControlEntry")
'
' Set the IADsAccessControlEntry::Trustee attribute.
'
oAce.Trustee = Trustee
'
' Set the IADsAccessControlEntry::AccessMask attribute.
'
oAce.AccessMask = FILE_GENERIC_READ Or FILE_GENERIC_WRITE Or
FILE_GENERIC_EXECUTE Or DELETE
'
' Set the IADsAccessControlEntry::AceType attribute.
'
oAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED
'
' Set the IADsAccessControlEntry::AceFlags attribute.
'
oAce.AceFlags = OBJECT_INHERIT_ACE Or CONTAINER_INHERIT_ACE
'
' Place the ACE on the DACL.
'
oDacl.AddACE oAce
'
' Place the DACL back onto the SD.
'
oSD.DiscretionaryAcl = oDacl
'
' Place the SD back onto the file.
'
oADsSecurityUtility.SetSecurityDescriptor sFile, ADS_PATH_FILE, oSD,
ADS_SD_FORMAT_IID
'
' Cleanup.
'
Set oAce = Nothing
Set oDacl = Nothing
Set oSD = Nothing
Set oADsSecurityUtility = Nothing
End Sub
AddACEToFile "E:\Home\gbartho", "CAMPUS\gbartho"
' End of Code Modified for VBScript
Similar Threads
Linear Mode
