Tiny
1. Use WMI. I have included a short WMI example at the bottom of this
reply. You can use WMI from VBS.
2. Use the NetShare* APIs in conjunction with the WIn32 Security APIs to
modify the ACL. If you want to do this you will need to use the APIs from
VB, the APIs are not readily scriptable. You would need to wrap the APIs
in a VB/VC COM wrapper and to call them from VBS.
3. Use the NetShare* APIs to retrieve the binary security descriptor.
Stuff the security descriptor in the ADSI property cache and let it convert
it to an IADsSecurityDescriptor interface. Work with the DACL from IADs*
interface. Then use the property cache to convert it back.
Solutions 2 and 3 are non trivial, and require an understanding of COM,
Win32 security the NTLM API set ( Net*) not to mention a very clear
understanding of ADSI.
At this time the most straight forward scriptable solution would be to use
WMI.
Hope this helps.
later,
Max Vaughn
Microsoft Developer Support
Disclaimer: This posting is provided “AS IS” with no warranties, and
confers no rights. You assume all risk for your use. © 2001 Microsoft
Corporation. All rights reserved
'
' WMI VBS Example for setting share permissions.
'
Set objLocator = CreateObject("wbemscripting.swbemlocator")
machinename = InputBox("Enter machine name where the share resides")
Set objServices = objLocator.ConnectServer(machinename) 'THIS IS THE NAME
OF THE COMPUTER YOU ARE SETTING PERMISSIONS ON
objServices.security_.impersonationlevel = 3
objServices.security_.privileges.AddAsString("SeSecurityPrivilege")
sharename = InputBox("Enter the share name")
set objShareSecSetting =
objServices.Get("Win32_LogicalShareSecuritySetting.Name='" & sharename &
"'")
Set objInParam =
objShareSecSetting.Methods_("SetSecurityDescriptor").inParameters.SpawnInsta
nce_()
Set objSecDescriptor =
GetObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Securi
tyDescriptor").Spawninstance_()
objInParam.Properties_.item("Descriptor") = objSecDescriptor
'4 = DACL Present
'256 = Propagate to child objects
' Do not propagate to child objects
' (however child object descriptors may already be set to inherit security)
objSecDescriptor.Properties_.item("ControlFlags") = 4
'********************************************************
'********************************************************
' Do propagate to child objects
'objSecDescriptor.Properties_.item("ControlFlags") = 260
'********************************************************
'********************************************************
domainname = InputBox("Enter the user's domain name")
accountname = InputBox("Enter the user name")
set ACE1 = SetACE(2032127, _
3, _
0, _
SetAccountTrustee(domainname,accountname))
objSecDescriptor.Properties_.item("DACL") = Array(ACE1)
' Now set the SACL...
'set SACE1 = SetACE(131072, _
' 192, _
' 2, _
' SetAccountTrustee(domainname,accountname))
'objSecDescriptor.Properties_.item("SACL") = Array(SACE1)
Set objOutParams = objShareSecSetting.ExecMethod_("SetSecurityDescriptor",
objInParam)
wscript.echo "Finished setting descriptor. Return code: " &
objOutParams.ReturnValue
'***************************************************************************
***************************************
Function SetAccountTrustee(strDomain, strName)
set objTrustee =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Truste
e").Spawninstance_
set account =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Accoun
t.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SI
D='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetAccountTrustee = objTrustee
End Function
Function SetGroupTrustee(strDomain, strName)
set objTrustee =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Truste
e").Spawninstance_
set account =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.
Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SI
D='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetGroupTrustee = objTrustee
End Function
Function SetACE(AccessMask, AceFlags, AceType, objTrustee)
set objACE =
getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Ace").
Spawninstance_
objACE.Properties_.item("AccessMask") = AccessMask
objACE.Properties_.item("AceFlags") = AceFlags
objACE.Properties_.item("AceType") = AceType
objACE.Properties_.item("Trustee") = objTrustee
set objTrustee = nothing
set SetACE = objACE
End Function
'***************************************************************************
***************************************
Disclaimer: This posting is provided “AS IS” with no warranties, and
confers no rights. You assume all risk for your use. © 2001 Microsoft
Corporation. All rights reserved
Thanks for your support
Tiny
"Max L. Vaughn" <maxvo...@microsoft.com> schrieb im Newsbeitrag
news:ejzorou...@cppssbbsa01.microsoft.com...
later,
max Vaughn