| ThaSySman |
| (Fresh Scripter) |
| 2009-12-09 09:03 AM |
Using KiXtart for Folder and Registry permissions
|
Hello,
I am trying to add some permissions on a folder. But i can't make it work at the moment. I used VBScripts as well but it will add the wrong user group.
I have the Dutch version of Server 2008 running. So the groups are dutch.
The usergroup: "All Apotheek"
needs full rights on the following folder:
C:\Program Files\Old Bike Soft
And i need in the same script the rule to change a registry key. As well, the user group "All Apotheek" needs full rights on this registry key.
HKEY_LOCAL_MACHINE\Software\Old Bike Soft
And i don't know if its possible, but i made a simple Batch file for adding a Firewall rule to a Windows XP Machine.
This is the script i made in a batchfile. Maybe i can implement it into a Kixtart script?
Code:
netsh firewall set portopening protocol=TCP port=9021 name=PP_FTP mode=ENABLE profile=All
Can someone give me examples about how i can arrange this? Maybe someone who has a little spare time to give me a good example script or something.. because i am not really good at this...
I searched the board.. and founded some stuff.. but i don't understand it really much..
1- http://www.kixtart.org/forums/ubbthreads...true#Post197034
2- http://www.kixtart.org/forums/ubbthreads...true#Post195756
So the script has to do:
- Add group: "All Apotheek" to the following folder:
C:\Program Files\Old Bike Soft
- Add group: "All Apotheek" to the following registry key:
HKEY_LOCAL_MACHINE\Software\Old Bike Soft
- Add Firewall rule on a XP machine:
Port Protocol: TCP
Por: 9021
Name: PP_FTP
Mode: Enable
Profile: All
Is that possible?
very... very.. very thanks for someone who can help me!
| Arend_ |
| (MM club member) |
| 2009-12-09 09:26 AM |
|
|
Re: Using KiXtart for Folder and Registry permissions
|
Firewall is easy, see the code below.
For permissions on the folder, see my NTFSPerms UDF.
Code:
Dim $objFirewall, $objPolicy, $objPort, $colPorts
$objFirewall = CreateObject("HNetCfg.FwMgr")
$objPolicy = $objFirewall.LocalPolicy.CurrentProfile
$objPort = CreateObject("HNetCfg.FwOpenPort")
$objPort.Port = 9021
$objPort.Protocol = 6 ;TCP
$objPort.Name = "PP_FTP"
$objPort.Enabled = 1
$colPorts = $objPolicy.GloballyOpenPorts
$rc = $colPorts.Add($objPort)
| ThaSySman |
| (Fresh Scripter) |
| 2009-12-09 09:44 AM |
|
Re: Using KiXtart for Folder and Registry permissions
|
Hi Apronk,
Thanks for your help.
I will look for your NTFSPerms UDF, I hope i can understand it to use it.
| ThaSySman |
| (Fresh Scripter) |
| 2009-12-09 09:46 AM |
|
Re: Using KiXtart for Folder and Registry permissions
|
I can't find the file.. do you have a direct link to it?
| BradV |
| (Seasoned Scripter) |
| 2009-12-09 11:43 AM |
|
Re: Using KiXtart for Folder and Registry permissions
|
Did you search in the UDF forum? A quick search found:
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=180734
| ThaSySman |
| (Fresh Scripter) |
| 2009-12-09 12:56 PM |
|
Re: Using KiXtart for Folder and Registry permissions
|
Okay thank you... didnt found it but many thanks.
So that will be... (???)
Code:
NTFSPerms("ADD:CHANGE","C:\Program Files\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
NTFSPerms("ADD:CHANGE","HKEY_LOCAL_MACHINE\Software\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
Dim $objFirewall, $objPolicy, $objPort, $colPorts
$objFirewall = CreateObject("HNetCfg.FwMgr")
$objPolicy = $objFirewall.LocalPolicy.CurrentProfile
$objPort = CreateObject("HNetCfg.FwOpenPort")
$objPort.Port = 9021
$objPort.Protocol = 6 ;TCP
$objPort.Name = "PP_FTP"
$objPort.Enabled = 1
$colPorts = $objPolicy.GloballyOpenPorts
$rc = $colPorts.Add($objPort)
Can someone review it?
| Arend_ |
| (MM club member) |
| 2009-12-09 05:29 PM |
|
|
|
Re: Using KiXtart for Folder and Registry permissions
|
Code:
NTFSPerms("ADD:CHANGE","C:\Program Files\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
Yeah that'll work.
Code:
NTFSPerms("ADD:CHANGE","HKEY_LOCAL_MACHINE\Software\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
That won't work, NTFSPerms unfortunately won't work with Registry.
| ThaSySman |
| (Fresh Scripter) |
| 2009-12-09 10:43 PM |
|
Re: Using KiXtart for Folder and Registry permissions
|
Okay, thank you very much for your support..
So how can i edit easily permissions for registry... and maybe another issue.. it should be run as the global administrator on the domain.. is that difficult to put that in it?
| ThaSySman |
| (Fresh Scripter) |
| 2009-12-11 02:39 AM |
|
Re: Using KiXtart for Folder and Registry permissions
|
Does anyone knows how to change the registry permissions?
The group : All Apotheek has to be added to a HKEY_LOCAL_MACHINE key...
| Mart |
| (KiX Supporter) |
| 2009-12-11 09:13 AM |
|
|
Re: Using KiXtart for Folder and Registry permissions
|
You could use regini.exe for this. It is not that difficult to use regini.exe from a kix script.
The link below should get you started.
http://support.microsoft.com/kb/264584
| Arend_ |
| (MM club member) |
| 2009-12-11 09:32 AM |
|
|
|
Re: Using KiXtart for Folder and Registry permissions
|
I could probably get it to work, I'll give you a piece of code to try:
Code:
Dim $strRegPath, $strUser
$strRegPath = "HKEY_CURRENT_USER\test"
$strUser = @WKSTA+"\Administrator"
Dim $objADSU, $objSD, $objDACL, $objAceNew
$objADSU = CreateObject("ADsSecurityUtility")
$objSD = $objADSU.GetSecurityDescriptor($strRegPath, 3, 1)
$objDACL = $objSD.DiscretionaryAcl
$objAceNew = CreateObject("AccessControlEntry")
$objAceNew.Trustee = $strUser
$objAceNew.AceFlags = 2
$objAceNew.AccessMask = 983103
$objAceNew.AceType = 0
$objDACL.AddAce($objAceNew)
$objSD.DiscretionaryAcl = $objDACL
$objADSU.SetSecurityDescriptor($strRegPath, 3, $objSD, 1)
Keep in mind, if you use the example key in this code that you have to create the "test" key first. Also remember that this code has the same problem as the original NTFSPerms, the permissions are not pushed down the food chain. Only keys created afterwards will inherit.