the_silencer | J'ai pas été très précis.
Voici le code que j'utilise ci-dessous.
J'ai essayé avec BUILTIN , AUTORITE NT ou . mais vu que "Createur propriétaire" est un compte de sécurité...
J'obtiens une erreur 0x80041002
Code :
- WScript.Echo ModifyFilePerm(".",strFolderName, "CREATEUR PROPRIETAIRE", "BUILTIN", "f", "u", "a" )
- Function ModifyFilePerm(strComputer, strFilePath, strUsername, strDomain, strAccessLvl, strUtype, strMode)
- Dim dacl, Services, SecDescClass, SecDesc, intRetVal
- Dim wmiFileSecSetting, wmiFileSetting, wmiSecurityDescriptor
- Set Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & strComputer & "\ROOT\CIMV2" )
- Set SecDescClass = Services.Get("Win32_SecurityDescriptor" )
- Set SecDesc = SecDescClass.SpawnInstance_
- strFilePath = replace(strFilePath,"\","\\" )
- Set wmiFileSetting = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Directory='" & strFilePath & "'" )
- Set wmiFileSecSetting = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & strComputer & _
- "\ROOT\CIMV2:Win32_LogicalFileSecuritySetting.path='" & strFilePath & "'" )
- 'you can have problems here if you have no descriptor ie only everyone listed.
- intRetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
- ' Obtain existing security descriptor for folder
- If Err <> 0 Then
- WScript.Echo "GetSecurityDescriptor failed" & VBCRLF & Err.Number & VBCRLF & Err.Description
- WScript.Quit
- End If
- ' Retrieve the content of Win32_SecurityDescriptor DACL property.
- DACL = wmiSecurityDescriptor.dacl
- If strMode = "a" Then 'add user
- AddUserAce dacl, strUsername, strDomain, strUtype, strComputer, strAccessLvl, Services
- SecDesc.Properties_.Item("DACL" ) = dacl
- wscript.echo "adding " & strusername & " to the dacl for " & replace(strFilePath,"\\","\" ) & "." & vbcrlf & _
- "Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4)
- ElseIf strMode = "d" Then 'Must mean delete access.
- SecDesc.Properties_.Item("DACL" ) = DeleteUserAce(dacl, strUsername, strDomain, strUtype, strComputer, Services)
- wscript.echo "deleting " & strusername & " to the dacl for " & replace(strFilePath,"\\","\" ) & "." & vbcrlf & _
- "Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4)
- Else 'Must mean modify access 8), note this one only returns string, not Ace Array.
- wscript.echo ModifyUserAce(wmiSecurityDescriptor.dacl, strUsername, strAccessLvl)
- 'only need this to modify an entry
- intRetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
- Wscript.Echo GetResultMessageFile(intretval, replace(strFilePath,"\\","\" ), strUsername)
- End If
- Set Services = nothing
- Set SecDescClass = nothing
- Set SecDesc = Nothing
- Set wmiFileSecSetting = nothing
- Set wmiFileSetting = nothing
- End Function
- Function AddUserAce( byref dacl, strUsername, strDomain, strUtype, strComputer, strAccessLvl, byref Services )
- 'Copy dacl to new ACE array then add specified user/group to ACE array and return it.
- Dim intArrAceMax, arrACE, objACE
- intArrAceMax = UBound(dacl) + 1
- ReDim preserve dacl(intArrAceMax)
-
- Set dacl(intArrAceMax) = Services.Get("Win32_Ace" ).SpawnInstance_
- If strAccessLvl = "r" Then
- dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 1179817
- ElseIf strAccessLvl = "w" Then
- dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 1245631
- Else 'full access
- dacl(intArrAceMax).Properties_.Item("AccessMask" ) = 2032127
- End If
- dacl(intArrAceMax).Properties_.Item("AceFlags" ) = 3
- dacl(intArrAceMax).Properties_.Item("AceType" ) = 0
- dacl(intArrAceMax).Properties_.Item("Trustee" ) = GetObjTrustee(strUsername, strDomain, strUtype, strComputer)
- Set objACE = Nothing
- End Function
- Function GetObjTrustee(strUsername, strDomain, strUtype, strComputer)
- 'Get and user/group object to copy user/group sid to new trustee instance to be returned
- Dim objTrustee, account, accountSID
- Set objTrustee = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Trustee" ).Spawninstance_
- 'For some reason you can't seem to be able to connect remotely to get account.
- If strUtype = "g" Then
- 'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Group.Name='" & strUsername & "',Domain='" & strDomain &"'" )
- Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Group.Name='" & strUsername & "',Domain='" & strDomain &"'" )
- Else
- 'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Account.Name='" & strUsername & "',Domain='" & strDomain &"'" )
- Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Account.Name='" & strUsername & "',Domain='" & strDomain &"'" )
- End If
- Set accountSID = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_SID.SID='" & account.SID &"'" )
- objTrustee.Domain = strDomain
- objTrustee.Name = strUsername
- objTrustee.Properties_.item("SID" ) = accountSID.BinaryRepresentation
- Set GetObjTrustee = objTrustee
- Set accountSID = nothing
- Set account = Nothing
- Set objTrustee = nothing
- End Function
|
Message édité par the_silencer le 16-04-2007 à 11:10:45
|