I have been scripting in Kix for over a year now, I know my way around variables and hidden shares they pose no problems, I also tried using cacls, xcacls and the sorts but I need a kix only solution with the exeption of ADsSecutiry.dll which provides the solution, the only thing needed is the code in kix and not vbs. Which is possible I won't stop till I get it working one way or another. I hope you can provide a solution, so far I tranlated it into this part of code:
Code:
$sec = CreateObject("ADsSecurity")
$textusr = "BLAH\testuser"
$userdir = "\\PC-BLAH-XP-4\d$\TEST"
$filenm = $userdir
$permspart = "add(" + $textusr + ":F)+add(Administrators:F)"
ChangeAcls($filenm, $permspart, "EDIT", "FOLDER")
;############################################### Functions ##########################################################
FUNCTION ChangeAcls($file, $perms, $redit, $ffolder)
;- Edit ACLS of specified file -----
$ADS_ACETYPE_ACCESS_ALLOWED = 0
$ADS_ACETYPE_ACCESS_DENIED = 1
$ADS_ACEFLAG_INHERIT_ACE = 2
$ADS_ACEFLAG_SUB_NEW = 9
$sd = $sec.GetSecurityDescriptor("FILE://" + $file)
$dacl = $sd.discretionaryacl
;if flagged Replace then remove all existing aces from dacl first
IF ucase($redit)="REPLACE"
FOR EACH $existingace IN $dacl
$dacl.removeace $existingace
NEXT
ENDIF
;break up Perms into individual actions
$cmdarray=split($perms,"+")
FOR x=0 TO ubound($cmdarray)
$tmpvar1=$cmdarray(x)
IF ucase(left($tmpvar1,3))="DEL"
$aclaction="DEL"
ELSE
$aclaction="ADD"
ENDIF
$tmpcmdvar=left($tmpvar1,len($tmpvar1)-1)
$tmpcmdvar=right($tmpcmdvar,len($tmpcmdvar)-4)
$cmdparts=split($tmpcmdvar,":")
$namevar=$cmdparts(0)
$rightvar=$cmdparts(1)
; if flagged edit, delete ACE;s belonging to user about to add an ace for
IF ucase($redit)="EDIT"
FOR EACH $existingAce IN $dacl
$trusteevar=$existingAce.trustee
IF instr($trusteeVar,"\")
$trunamevar=right($trusteevar,len($trusteevar)-instr($trusteevar,"\"))
ELSE
$trunamevar=$trusteevar
ENDIF
$uctrunamevar=ucase($trunamevar)
$ucnamevar=ucase($namevar)
IF $uctrunamevar=$ucnamevar
$dacl.removeace $existingace
ENDIF
NEXT
ENDIF
; if action is to del ace then following clause skips addace
IF $aclaction="ADD"
IF ucase($ffolder)="FOLDER"
; folders require 2 aces for user (to do with inheritance)
addace $dacl, $namevar, $rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_SUB_NEW
addace $dacl, $namevar, $rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE
ELSE
addace $dacl, $namevar, $rightvar, ADS_ACETYPE_ACCESS_ALLOWED,0
ENDIF
ENDIF
NEXT
FOR EACH $ace IN $dacl
; for some reason if ace includes "NT AUTHORITY" then existing ace does not get readded to dacl
IF instr(ucase($ace.trustee),"NT AUTHORITY\")
$newtrustee=right($ace.trustee, len($ace.trustee)-instr($ace.trustee, "\"))
$ace.trustee=newtrustee
ENDIF
NEXT
; final sets and cleanup
$sd.discretionaryacl = $dacl
$sec.setsecuritydescriptor $sd
$sd=nothing
$dacl=nothing
$sec=nothing
ENDFUNCTION
FUNCTION addace($dacl, $trustee, $maskvar, $acetype, $aceflags)
; add ace to the specified dacl
Const RIGHT_READ = &H80000000
Const RIGHT_EXECUTE = &H20000000
Const RIGHT_WRITE = &H40000000
Const RIGHT_DELETE = &H10000
Const RIGHT_FULL = &H10000000
Const RIGHT_CHANGE_PERMS = &H40000
Const RIGHT_TAKE_OWNERSHIP = &H80000
$ace = CreateObject("AccessControlEntry")
$ace.trustee = $trustee
SELECT
CASE
ucase($maskvar)
; specified rights so far only include FC & R. Could be expanded though
CASE
"F"
$ace.accessmask = RIGHT_FULL
CASE
"C"
$ace.accessmask = RIGHT_READ OR RIGHT_WRITE OR RIGHT_EXECUTE OR RIGHT_DELETE
CASE
"R"
$ace.accessmask = RIGHT_READ OR RIGHT_EXECUTE
ENDSELECT
$ace.acetype = $acetype
$ace.aceflags = $aceflags
$dacl.addace $ace
$ace=nothing
ENDFUNCTION
But gets stuck in ubound
