GetSecurityDescriptor Problems - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » COM Scripting » GetSecurityDescriptor Problems

Page 1 of 1

1

Topic Options

#124949 - 2004-08-13 08:44 PM GetSecurityDescriptor Problems
Proton Proton Lurker Registered: 2004-08-13 Posts: 4	After reading through MANY MANY posts... I'm wondering if anyone has found a way to call the Win32_LogicalFileSecuritySetting GetSecurityDescriptor Method issue. I'm about to go learn VB just to finish up my project!!! I'm trying to write a script that will list the users and their rights for folders and files on my network. I've used the WMI getobject function to gather all sorts of info successfully.. but I cannot seem to parse the security descriptors from NTFS. Is there a way in Kixtart to do this??? Sample code (Keep in mind that this is just for testing to try to get this to work!!!): Dim $ACE[] Dim $Owner[] Dim $Ret[] $objWMIService = "winmgmts:{impersonationLevel=impersonate}!\\MD50WPJM\root\cimv2:Win32_LogicalFileSecuritySetting.Path='C:\\images'" $colItems = GetObject($objWMIService) ;the following two lines are just diagnostics to see if I can get values from the object ? "Diag1: "+ $colitems.controlflags ? "Diag2: "+ $colitems.path ;attempt to get security object $ret = $colItems.GetSecurityDescriptor("%temp%") $ACE = $ret.DACL $Owner = $ret.owner For Each $objItem in $ACE ;just to see if I can get something!!! ? "Access Mask: " + $objItem.accessmask For Each $trust in $ace.trustee ? "****" ? "Trustee: " + $Trust.accountname ? "Name: " + $Trust.SIDString Next Next ? "###############" ? "Owner Account Name = " + $owner.name ? "Owner SID = " + $owner.SIDString Any thoughts??? OR does anyone know of a working Kixtart UDF that successfully returns ACLs without using xcacls???
Top

#124950 - 2004-08-13 09:01 PM Re: GetSecurityDescriptor Problems
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Don't know a KiXtart script but there is a VB Script to perform this task. XCACLS.VBS - List/Change ACLS files and folders http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Board=UBB14&Number=118467
Top

#124951 - 2004-08-13 09:11 PM Re: GetSecurityDescriptor Problems
Proton Proton Lurker Registered: 2004-08-13 Posts: 4	Hmmm... I'm guessing that I'll have to learn VB Script to do this then... I was hoping to accomplish this task in Kix since I'm pretty familiar with it.. The last posts that had anything to do with this issue were from a few years back. Is it possible that the newer versions of Kix have resolved this issue??
Top

#124952 - 2004-08-13 09:49 PM Re: GetSecurityDescriptor Problems
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I don't think you are using the object correctly. I doubt GetSecurityDescriptor("%temp%") is right. Googling to MSDN, I find http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/getsecuritydescriptor_method_in_class_win32_logicalfilesecuritysetting.asp which shows GetSecurityDescriptor(wmiSecurityDescriptor). Also, the path you have defined in Win32_LogicalFileSecuritySetting.Path is not the same as %temp%. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#124953 - 2004-08-13 09:58 PM Re: GetSecurityDescriptor Problems
Proton Proton Lurker Registered: 2004-08-13 Posts: 4	Ha! True... again... this sample script is the end result of a lot of doodling. The %temp% was an attempt at using the ADSSecurity.dll method as outlined in this script chunk: Break On $Security = CreateObject("ADsSecurity") $SecurityDescriptor = $Security.GetSecurityDescriptor("%temp%") For Each $ACE in $SecurityDescriptor.DiscretionaryACL ?"Name="$ACE.Trustee ?"Type="$ACE.AceType ?"Mask="$ACE.AccessMask Next Exit 1 that was posted a few years ago... Any reference to the standard way of VB method of calling a security descriptor seems to not work. What I read was that kix could not pull the reference because the security descriptor is an entire object and not just an array. Hmmph! I use this code in VB and it works just fine without pulling from xcacls, etc... On Error Resume Next ' The folder named "images" must exist on the C:\ drive. Set wmiFileSecSetting = GetObject ("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\images'") RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor) If Err <> 0 Then WScript.Echo "GetSecurityDescriptor failed" & VBCRLF & Err.Number & VBCRLF & Err.Description WScript.Quit Else WScript.Echo "GetSecurityDescriptor succeeded" End If ' Retrieve the DACL array of Win32_ACE objects. DACL = wmiSecurityDescriptor.DACL For Each wmiAce in DACL wscript.echo "Access Mask: " & wmiAce.AccessMask wscript.echo "ACE Type: " & wmiAce.AceType ' Get Win32_Trustee object from ACE Set Trustee = wmiAce.Trustee wscript.echo "Trustee Domain: " & Trustee.Domain wscript.echo "Trustee Name: " & Trustee.Name wscript.echo "Trustee SID: " & Trustee.SIDString Next The only problem is.. all the other code (treeview, output, etc... ) is already coded in kixtart and kixforms.
Top

#124954 - 2004-08-13 10:02 PM Re: GetSecurityDescriptor Problems
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I think you just need to put on your snorkel and dive deep for wmiSecurityDescriptor. Unfortunately, I am too weak on these snorkelling methods. Maybe Shawn could jump in here. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#124955 - 2004-08-13 10:37 PM Re: GetSecurityDescriptor Problems
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	[in] This vb syntax here: RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor) Is impossible to express in Kixtart. It ain't supported. And god knows we've tried to hack around it. -Shawn [/out]
Top

#124956 - 2004-08-13 10:51 PM Re: GetSecurityDescriptor Problems
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Shouldn't really need to learn VBS to use the script. It takes command line parameters/arguments just like the EXE does, only it is done in a script.
Top

#124957 - 2004-08-13 11:26 PM Re: GetSecurityDescriptor Problems
Proton Proton Lurker Registered: 2004-08-13 Posts: 4	It seems to me that there should be some way to execute a VBscript from Kixtart and "capture" the info back into an kixtart array from a temp file or something??? Sorry if this moves slightly off topic.. but I've noticed that this seems to be a big shortcoming of kixtart!
Top

#124958 - 2004-08-13 11:51 PM Re: GetSecurityDescriptor Problems
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Sure you can. You can send the output to a file and have KiX read it back.
Top

#124959 - 2004-08-14 12:29 AM Re: GetSecurityDescriptor Problems
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Whats a big short-coming in Kixtart ? The un-supportability of the COM syntax or the calling of the vbscript thingy ?
Top

#124960 - 2004-08-14 01:45 AM Re: GetSecurityDescriptor Problems
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Don't know. KiX can shell out and run a VB script and then read the file it creates if wanted. As for the COM stuff, yeah don't think that will be any time soon for KiXtart.
Top

#124961 - 2004-08-14 04:20 PM Re: GetSecurityDescriptor Problems
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	I see there was no mention of - Re- OFF TOPIC - Shawn can you review a WSH script for me? Not sure of the limitation, but we were able to get this to work fine. Thanks, Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#124962 - 2004-08-18 05:06 AM Re: GetSecurityDescriptor Problems
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	The support of ByVar/ByRef when passing variables has been on my wish list for a long time already together with full binary support. However, I do not think any of these two items will see the light very soon. _________________________ There are two types of vessels, submarines and targets.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 874 anonymous users online.

Newest Members

StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users

Generated in 0.126 seconds in which 0.086 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking