#176183 - 2007-05-10 07:13 PM
NTFSPerms.... Finally!
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1896
Loc: Hilversum, The Netherlands
|
At long last, I've finally done it.
I have managed to set permissions on a folder without inheritance and the sorting order being screwed up. But before I submit a fullfledged UDF I'd like to ask you all to try this UDF on your networks/home environments and see how it works out with inheritance and sorting order.
XP is needed or Activeds.dll at least (comes standard in XP).
Things to test:
1. Add a new user (in the form of @LDOMAIN\@USERID or @WKSTA\@USERID) to a folder.
2. open the security TAB on the folder and see if it worked.
3. create a subfolder and check the security tab there.
If all 3 work without errors, or with errors I'd like to know about it.
Without any further ado here's the preliminary UDF:
Function NTFSPerms($cmd,$object,Optional $trustee,Optional $perms)
Dim $adsu, $sd, $dacl, $ace, $newace
$adsu = CreateObject("ADsSecurityUtility")
If @error Exit @error EndIf
$sd = $adsu.GetSecurityDescriptor($object,1, 1)
$dacl = $sd.DiscretionaryAcl
Select
Case $cmd = "Owner"
? $sd.Owner
Case $cmd = "Count"
? $dacl.AceCount
Case $cmd = "Show"
For Each $Ace in $dacl
? $Ace.Trustee
? $Ace.AceFlags
? $Ace.AccessMask
? $Ace.AceType
? $Ace.Flags
?
Next
Case $cmd = "DEL"
If $trustee <> ""
For Each $ace In $Dacl
If $ace.trustee = $trustee
$Dacl.RemoveAce($Ace)
EndIf
Next
$sd.DiscretionaryAcl = $Dacl
$adsu.SetSecurityDescriptor($object,1,$sd,1)
Else
Exit 1
EndIf
Case $cmd = "ADD"
If $trustee <> ""
$NewAce = CreateObject("AccessControlEntry")
$NewAce.Trustee = $trustee
$NewAce.AceFlags = 3
$NewAce.AccessMask = -1 ;2032127
$NewAce.AceType = 0
$dacl.AddAce($NewAce)
$sd.DiscretionaryAcl = $Dacl
$adsu.SetSecurityDescriptor($object,1,$sd,1)
? @serror
Else
Exit 1
EndIf
Case 1
Exit 1
EndSelect
EndFunction
Usage:
NTFSPerms("ADD","C:\testfolder","DOMAIN\user")
NTFSPerms("DEL","C:\testfolder","DOMAIN\user")
NTFSPerms("OWNER","D:\testfolder")
NTFSPerms("SHOW","D:\testfolder")
NTFSPerms("COUNT","D:\testfolder")
|
|
Top
|
|
|
|
|
#176196 - 2007-05-11 08:27 AM
Re: NTFSPerms.... Finally!
[Re: Allen]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1896
Loc: Hilversum, The Netherlands
|
I will, in the final UDF, this is just a quick WIP one.
Thanks for the suggestion though 
|
|
Top
|
|
|
|
|
#176385 - 2007-05-21 10:37 PM
Re: NTFSPerms.... Finally!
[Re: Arend_]
|
Peter Fry
Getting the hang of it
Registered: 2001-07-23
Posts: 95
Loc: Bristol UK
|
looks great i'll give it a whirl tomorrow in work
is there any way of setting the permissions like read / write / modify / full?
and to assign groups in stead of users?
i.e. add domain admins as full control and add domain users (or other group) to modify control?
looks great! can't wait to try this in work tomorrow
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 657 anonymous users online.
|
|
|
