Problème lors de la modification des droits NTFS par vba

Recherche :

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Problème lors de la modification des droits NTFS par vba

noisette49

Bonjour,
Ayant régulièrement des droits à changer sur notre réseau,
J'ai crée le code ci-dessous qui me permet de changer les droits sur des répertoires pour un groupe de personnes.
Ca marche très bien en controle total, en lecture ou en ecriture.
Le hic est lorsque je veux que le groupe ait seulement un affichage du contenu du dossier.
Dans les droits du répertoire concerné, les droits apparaissent bien en affichage seul, mais les fichiers dessous sont en lecture écriture pour le groupe de personnes concernées alors qu'en fait, le groupe ne devrait pas apparaitre dans les droits des fichiers.
Quelqu'un pourrait -il m'aider et me dire ce que j'ai oublié dans mon code?
J'espère avoir été claire dans ma demande
Merci de votre aide

Code :

Sub Lancement()
With Application.FileDialog(msoFileDialogFolderPicker)
.Show
If .SelectedItems.Count > 0 Then
Sheets("Lancement" ).Range("B2" ) = .SelectedItems(1)
Chang_droits
End If
End With
End Sub
Sub Chang_droits()
flder = Sheets("Lancement" ).Range("B2" )
Sheets("Changement de Droits" ).Select
idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row
idx1 = Sheets("Changement de Droits" ).Range("D1048576" ).End(xlUp).Row
If idx > 1 Then
If idx > idx1 Or idx = idx1 Then Rows("2:" & idx).Delete Shift:=xlUp
If idx1 > idx Then Rows("2:" & idx1).Delete Shift:=xlUp
End If
'Application.ScreenUpdating = False
TousLesDossiers Sheets("Lancement" ).Range("B2" ), 0
ActiveWorkbook.Save
Message = MsgBox("La modification des droits est terminée", vbInformation)
'Application.ScreenUpdating = True
End Sub
Public Sub TousLesDossiers(LeDossier$, idx As Long)
Set fso = CreateObject("Scripting.FileSystemObject" )
Set Dossier = fso.GetFolder(LeDossier)
' changement dans le répertoire parent
idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row
If idx = 1 Then
idx = idx + 1
StrComputer = "."
StrDomain = "MAIL"
StrUtype = "u"
If Sheets("Lancement" ).Range("B3" ) <> "" Then
Err = 0
StrFilePath = Dossier
Sheets("Changement de Droits" ).Cells(idx, 1).Value = StrFilePath
StrUsername = Sheets("Lancement" ).Range("B3" )
StrMode = "d"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement" ).Range("B4" ) <> "" Then
StrFilePath = Dossier
If idx >= 2 Then idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row + 1
Err = 0
Sheets("Changement de Droits" ).Cells(idx, 1).Value = StrFilePath
StrUsername = Sheets("Lancement" ).Range("B4" )
StrMode = "d"
idx1 = idx - 1
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
If idx >= 2 Then idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row + 1
If idx = idx1 + 2 Then
Err = 0
StrFilePath = Dossier
StrAccessLvl = ""
StrUsername = Sheets("Lancement" ).Range("B5" )
StrMode = "a"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
End If
If Sheets("Lancement" ).Range("B6" ) <> "" Then
If idx >= 2 Then idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row + 1
Err = 0
StrFilePath = Dossier
StrUsername = Sheets("Lancement" ).Range("B6" )
StrMode = "a"
If Sheets("Lancement" ).Range("C6" ) <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement" ).Range("D6" ) <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement" ).Range("E6" ) <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement" ).Range("F6" ) <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement" ).Range("B7" ) <> "" Then
Err = 0
StrFilePath = Dossier
StrUsername = Sheets("Lancement" ).Range("B7" )
StrMode = "m"
If Sheets("Lancement" ).Range("C7" ) <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement" ).Range("D7" ) <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement" ).Range("E7" ) <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement" ).Range("F7" ) <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
End If
For Each flder In Dossier.subfolders
If idx > 1 Then
idx = Sheets("Changement de Droits" ).Range("D1048576" ).End(xlUp).Row
Else
idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row
End If
If idx = 1 Then StrFilePath = Dossier
idx = idx + 1
StrComputer = "."
StrDomain = "MAIL"
StrUtype = "u"
If Sheets("Lancement" ).Range("B3" ) <> "" Then
Err = 0
Sheets("Changement de Droits" ).Cells(idx, 1).Value = flder.path
StrUsername = Sheets("Lancement" ).Range("B3" )
StrFilePath = flder.path
StrMode = "d"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement" ).Range("B4" ) <> "" Then
Err = 0
If idx >= 2 Then idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row + 1
Sheets("Changement de Droits" ).Cells(idx, 1).Value = flder.path
StrUsername = Sheets("Lancement" ).Range("B4" )
StrFilePath = flder.path
StrMode = "d"
idx1 = idx - 1
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
If idx >= 2 Then idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row + 1
If idx = idx1 + 2 Then
Err = 0
StrAccessLvl = ""
StrUsername = Sheets("Lancement" ).Range("B5" )
StrFilePath = flder.path
StrMode = "a"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
End If
If Sheets("Lancement" ).Range("B6" ) <> "" Then
If idx >= 2 Then idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row + 1
Err = 0
StrUsername = Sheets("Lancement" ).Range("B6" )
StrFilePath = flder.path
StrMode = "a"
If Sheets("Lancement" ).Range("C6" ) <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement" ).Range("D6" ) <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement" ).Range("E6" ) <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement" ).Range("F6" ) <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement" ).Range("B7" ) <> "" Then
Err = 0
StrUsername = Sheets("Lancement" ).Range("B7" )
StrFilePath = flder.path
StrMode = "m"
If Sheets("Lancement" ).Range("C7" ) <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement" ).Range("D7" ) <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement" ).Range("E7" ) <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement" ).Range("F7" ) <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
Next
'traitement récursif des sous dossiers
For Each SousRep In Dossier.subfolders
TousLesDossiers SousRep.path, idx
Next SousRep
Set fso = Nothing
End Sub
Function GetFolderInfo(StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx)
Dim dacl, Services, SecDescClass, SecDesc, intRetVal
Dim wmiFileSecSetting, wmiFileSetting, wmiSecurityDescriptor
Dim strMsg, objACE
Set Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & StrComputer & "\ROOT\CIMV2" )
Set SecDescClass = Services.get("Win32_SecurityDescriptor" )
Set SecDesc = SecDescClass.SpawnInstance_
On Error GoTo suite
Set wmiFileSetting = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & StrComputer & "/root/CIMV2:Win32_Directory='" & StrFilePath & "'" )
Set wmiFileSecSetting = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & StrComputer & "\ROOT\CIMV2:Win32_LogicalFileSecuritySetting.path='" & StrFilePath & "'" )
'you can have problems here if you have no descriptor ie only everyone listed.
intRetVal = wmiFileSecSetting.getsecuritydescriptor(wmiSecurityDescriptor)
' Obtain existing security descriptor for folder
If Err <> 0 Then
Message = MsgBox("GetSecurityDescriptor failed" & vbCrLf & Err.Number & vbCrLf & Err.Description, vbOKOnly)
End If
' Retrieve the content of Win32_SecurityDescriptor DACL property.
dacl = wmiSecurityDescriptor.dacl
trouve = ""
If StrMode = "d" Or StrMode = "m" Then
For Each objACE In dacl
If UCase(objACE.trustee.name) = UCase(StrUsername) Then
If Sheets("Changement de Droits" ).Cells(idx, 1) = "" Then Sheets("Changement de Droits" ).Cells(idx, 1) = StrFilePath
Sheets("Changement de Droits" ).Cells(idx, 2) = UCase(StrUsername)
Sheets("Changement de Droits" ).Cells(idx, 3) = objACE.accessmask
Sheets("Changement de Droits" ).Cells(idx, 4) = objACE.AceFlags
Sheets("Changement de Droits" ).Cells(idx, 5) = objACE.AceType
trouve = "X"
idx = idx + 1
Exit For
End If
Next
End If
If (trouve = "X" And (StrMode = "d" Or StrMode = "m" )) Or (trouve = "" And StrMode = "a" ) Then
If StrMode = "d" Then 'delete user
SecDesc.Properties_.Item("DACL" ) = DeleteUserAce(dacl, StrUsername, StrDomain, StrUtype, StrComputer, Services)
Sheets("Changement de Droits" ).Cells(idx - 1, 6) = ("deleting " & StrUsername & " to the dacl for " & Replace(StrFilePath, "\\", "\" ) & "." & vbCrLf & "Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4))
idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row
Sheets("Changement de Droits" ).Cells(idx, 7) = "GROUPE SUPPRIME DU REPERTOIRE"
Else
If StrMode = "a" Then 'add user
AddUserAce dacl, StrUsername, StrDomain, StrUtype, StrComputer, StrAccessLvl, Services
SecDesc.Properties_.Item("DACL" ) = dacl
Sheets("Changement de Droits" ).Cells(idx, 1) = StrFilePath
Sheets("Changement de Droits" ).Cells(idx, 6) = ("adding " & StrUsername & " to the dacl for " & Replace(StrFilePath, "\\", "\" ) & "." & vbCrLf & "Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4))
idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row
Sheets("Changement de Droits" ).Cells(idx, 7) = "GROUPE AJOUTE AU REPERTOIRE"
StrAccessLvl = ""
Else 'Must mean modify access 8), note this one only returns string, not Ace Array.
ModifyUserAce wmiSecurityDescriptor.dacl, StrUsername, StrAccessLvl
'only need this to modify an entry
intRetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
GetResultMessageFile intRetVal, Replace(StrFilePath, "\\", "\" ), StrUsername
Sheets("Changement de Droits" ).Cells(idx, 7) = "DROITS DU GROUPE MODIFIE POUR CE REPERTOIRE"
End If
End If
Else
suite:
idx = Sheets("Changement de Droits" ).Range("B1048576" ).End(xlUp).Row + 1
compt = Sheets("Répertoires_en_erreur" ).Range("A1048576" ).End(xlUp).Row + 1
If Err.Number <> 0 Then
Sheets("Répertoires_en_erreur" ).Cells(compt, 1) = Sheets("Changement de Droits" ).Cells(idx, 1)
Sheets("Répertoires_en_erreur" ).Cells(compt, 2) = Err.Number
Sheets("Répertoires_en_erreur" ).Cells(compt, 3) = Err.Description
End If
Sheets("Changement de Droits" ).Cells(idx, 1).ClearContents
End If
Set objACE = Nothing
Set Services = Nothing
Set SecDescClass = Nothing
Set SecDesc = Nothing
Set wmiFileSecSetting = Nothing
Set wmiFileSetting = Nothing
End Function
Function DeleteUserAce(ByRef dacl, StrUsername, StrDomain, StrUtype, StrComputer, ByRef Services)
' Copy dacl to new ACE array Leaving out the one not.
Dim intArrAceMax, arrACE, i, objACE
intArrAceMax = UBound(dacl)
ReDim arrACE(intArrAceMax)
i = 0
For Each objACE In dacl
If UCase(objACE.trustee.name) <> UCase(StrUsername) Then
Set arrACE(i) = Services.get("Win32_Ace" ).SpawnInstance_
arrACE(i).Properties_.Item("AccessMask" ) = objACE.accessmask
arrACE(i).Properties_.Item("AceFlags" ) = objACE.AceFlags
arrACE(i).Properties_.Item("AceType" ) = objACE.AceType
arrACE(i).Properties_.Item("Trustee" ) = objACE.trustee
i = i + 1
End If
Next
If intArrAceMax > i - 1 Then
' Message = MsgBox("User/Group " & StrUsername & " removed.", vbOKOnly)
ReDim Preserve arrACE(intArrAceMax - 1)
Else
Message = MsgBox("User/Group " & StrUsername & " not found." & flder, vbOKOnly)
End If
DeleteUserAce = arrACE
For i = 0 To intArrAceMax - 1
Set arrACE(i) = Nothing
Next
Set objACE = Nothing
End Function
Function AddUserAce(ByRef dacl, StrUsername, StrDomain, StrUtype, StrComputer, StrAccessLvl, ByRef Services)
'Copy dacl to new ACE array then add specified user/group to ACE array and return it.
intArrAceMax = UBound(dacl) + 1
ReDim Preserve dacl(intArrAceMax)
idx = Sheets("Changement de Droits" ).Range("A1048576" ).End(xlUp).Row
Set dacl(intArrAceMax) = Services.get("Win32_Ace" ).SpawnInstance_
If Sheets("Lancement" ).Range("B5" ) <> "" And StrAccessLvl = "" Then
dacl(intArrAceMax).Properties_.Item("AccessMask" ) = Sheets("Changement de Droits" ).Cells(idx, 3).Value
dacl(intArrAceMax).Properties_.Item("AceFlags" ) = Sheets("Changement de Droits" ).Cells(idx, 4).Value
idx = idx + 1
Else
If StrAccessLvl = "a" Then
dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 1179817
dacl(intArrAceMax).Properties_.Item("AceFlags" ) = 2
ElseIf StrAccessLvl = "r" Then
dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 1179817
dacl(intArrAceMax).Properties_.Item("AceFlags" ) = 3
ElseIf StrAccessLvl = "w" Then
dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 1245631
dacl(intArrAceMax).Properties_.Item("AceFlags" ) = 3
Else 'full access
dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 2032127
dacl(intArrAceMax).Properties_.Item("AceFlags" ) = 3
End If
idx = idx + 1
End If
Sheets("Changement de Droits" ).Cells(idx, 2) = StrUsername
Sheets("Changement de Droits" ).Cells(idx, 3) = dacl(intArrAceMax).Properties_.Item("AccessMask" )
Sheets("Changement de Droits" ).Cells(idx, 4) = dacl(intArrAceMax).Properties_.Item("AceFlags" )
dacl(intArrAceMax).Properties_.Item("AceType" ) = 0
Sheets("Changement de Droits" ).Cells(idx, 5) = dacl(intArrAceMax).Properties_.Item("AceType" )
dacl(intArrAceMax).Properties_.Item("Trustee" ) = GetObjTrustee(StrUsername, StrDomain, StrUtype, StrComputer)
Set objACE = Nothing
End Function
Function GetObjTrustee(StrUsername, StrDomain, StrUtype, StrComputer)
'Get and user/group object to copy user/group sid to new trustee instance to be returned
Dim objTrustee, account, accountSID
Set objTrustee = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & StrComputer & "/root/cimv2:Win32_Trustee" ).SpawnInstance_
'For some reason you can't seem to be able to connect remotely to get account.
If StrUtype = "g" Then
'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Group.Name='" & strUsername & "',Domain='" & strDomain &"'" )
Set account = GetObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Group.Name='" & Chr(34) & StrUsername & Chr(34) & "',Domain='" & StrDomain & "'" )
Else
'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Account.Name='" & strUsername & "',Domain='" & strDomain &"'" )
Set account = GetObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Account.Name='" & StrUsername & "',Domain='" & StrDomain & "'" )
End If
Set accountSID = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & StrComputer & "/root/cimv2:Win32_SID.SID='" & account.SID & "'" )
objTrustee.Domain = StrDomain
objTrustee.name = StrUsername
objTrustee.Properties_.Item("SID" ) = accountSID.BinaryRepresentation
Set GetObjTrustee = objTrustee
Set accountSID = Nothing
Set account = Nothing
Set objTrustee = Nothing
End Function
Function ModifyUserAce(ByRef dacl, StrUsername, StrAccessLvl)
'Modify dacl ACE entry with new accessmask.
Dim strMsg, objACE
strMsg = "User/Group: " & StrUsername & " not found in dacl"
For Each objACE In dacl
If UCase(objACE.trustee.name) = UCase(StrUsername) Then
If StrAccessLvl = "a" Then
objACE.Properties_.Item("AccessMask" ) = 1179817
objACE.Properties_.Item("AceFlags" ) = 2
ElseIf StrAccessLvl = "r" Then
objACE.Properties_.Item("AccessMask" ) = 1179817
objACE.Properties_.Item("AceFlags" ) = 3
ElseIf StrAccessLvl = "w" Then
objACE.Properties_.Item("AccessMask" ) = 1245631
objACE.Properties_.Item("AceFlags" ) = 3
Else 'full access: didn't work in w2k - 131072 works in w2k - 2032127
objACE.Properties_.Item("AccessMask" ) = 2032127
objACE.Properties_.Item("AceFlags" ) = 3
End If
strMsg = "User: " & StrUsername & " found and modified to have " & StrAccessLvl
Exit For
End If
Next
Set objACE = Nothing
ModifyUserAce = strMsg
End Function
Function GetResultMessageFile(errReturn, strSharename, StrUsername)
If errReturn = 0 Then
GetResultMessageFile = "File permissions for " & strSharename & " successfully updated!"
Else
Select Case errReturn
Case 2
errDesc = "Access denied."
Case 8
errDesc = "Unknown failure."
Case 9
errDesc = "Privledge Missing."
Case 10
errDesc = "Invalid level."
Case 21
errDesc = "Invalid parameter."
Case 23
errDesc = "Redirected path."
Case 24
errDesc = "Directory does not exist."
Case 25
errDesc = "Net name not found."
End Select
GetResultMessageFile = "Failed to update File permissions for " & strSharename & ". Error number: " & errReturn & ". " & errDesc
End If
End Function

Publicité

noisette49

Re-bonjour
SVP Personne n'a d'idées sur le sujet ?
Peut-etre que je ne suis pas sur le bon forum !
Si c'est le cas merci de me le dire.

c_moa

Bonjour (ou soir),
je pense que tu es sur le bon forum, mais 399 lignes de code à digérer, cela demande un peu de temps
Et cela peut faire peur, je ne suis pas un fan des commentaires à outrance, mais là, c'est du code quasi brut

J'utilise setacl http://helgeklein.com/setacl/.
Je trouve personnellement l'outil très bien fait pour écrire ses propre fonctions.

noisette49

Bonjour,
En effet, je ne m'étais pas rendu compte que le code était si long.
Cependant merci pour le lien, je vais regarder.
Par contre étant donné que setacl fonctionne avec vbsript, je ne sais pas si cela va fonctionné avec du vba.

FORUM HardWare.fr

Programmation

VB/VBA/VBS

Problème lors de la modification des droits NTFS par vba

Sujets relatifs
Problème avec Typeahead	[Ada][Débutant POO] Problème d'héritage à l'instantiation d'un paquet
Problème avec jdk 1.8	Problème reception données port serie
Petit problème ajax avec JSON	[Qt Débutant] QTreeWidget, problème avec les fonctions de bases
problème avec une boucle foreach	Probleme Application JAVA Connexion DB MySQL (connector/J driver)
directx 11 inclu dans win7 problème jeu	[Qt designer débutant] Problème de connexions des slots
Plus de sujets relatifs à : Problème lors de la modification des droits NTFS par vba

Page générée en 0.209 secondes