#110385 - 2003-12-15 08:28 PM
Re: Using WMI to set ownership
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I have an EXE to recursively set ownership on directories and files. It is not currently posted to my web site as I have not tested it extensively. I could email a copy to you if you want to give it whirl.
|
Top
|
|
|
|
#110387 - 2003-12-15 08:34 PM
Re: Using WMI to set ownership
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Does not use subinacl, xcalcs, etc. This is pure Perl and Win32 API.
Usage: SetOwner c:\directoryA domain\user
|
Top
|
|
|
|
#110392 - 2003-12-15 11:28 PM
Re: Using WMI to set ownership
|
jtokach
Seasoned Scripter
Registered: 2001-11-15
Posts: 513
Loc: PA, USA
|
Yeah, this is pretty much out of my league. Shawn or Chris can you guys confirm?
On another note, got this from the SDK. There seems to be many other ways to call methods. But, like I said, this is trial and error for me with little logic and less understanding of why. Tell me if you can see anything in here worth following up on.
Code:
'******************************************************************* ' Name : CreateShare.vbs ' ' Purpose : This example creates a new share and sets the ' security descriptor for the new share. '******************************************************************** '*** Connect to WMI and set security settings. ****** '*** You should substitute the name of the remote system for "\\myserver" *** Set objservices = GetObject("WINMGMTS:" _ & "{impersonationLevel=impersonate,(Security)}" _ & "!\\myserver\ROOT\CIMV2")
'*** Get the Win32_SecurityDescriptor class and spawn a new instance **** Set objclass = objservices.Get("Win32_SecurityDescriptor") Set objSecDescriptor = objclass.SpawnInstance_() '****** Prepare the security descriptor for the new share ****** objSecDescriptor.Properties_.Item("ControlFlags") = 4 Set ACE1 = SetACE(objservices, 2032127, _ 3, _ 0, _ SetTrustee(objservices, "myserver", _ "user1", _ Array(1, 5, 0, 0, 0, 0, 0, 5, 21, _ 0, 0, 0, 160, 101, 207, 126, _ 120, 75, 155, 95, 231, 124, _ 135, 112, 119, 238, 0, 0))) Set ACE2 = SetACE(objservices, 2032127, _ 3, _ 0, _ SetTrustee(objservices, Null, _ "EVERYONE", _ Array(1, 1, 0, 0, 0, 0, 0, 1, 0, _ 0, 0, 0))) objSecDescriptor.Properties_.Item("DACL") = Array(ACE1, ACE2) '************************ Create the new share ********************* Set objShare = objservices.Get("Win32_Share") Set objInParam = objShare.Methods_("Create").InParameters.SpawnInstance_() objInParam.Properties_.Item("Access") = objSecDescriptor objInParam.Properties_.Item("Description") = "New share created by WMI script" objInParam.Properties_.Item("Name") = "NewShare" objInParam.Properties_.Item("Path") = "C:\temp" objInParam.Properties_.Item("Type") = 0 'objInParam.Properties_.item("MaximumAllowed") = 10 'optional - default is 'max allowed' 'objInParam.Properties_.item("Password") = "Password" 'optional - default is no password '************************ Execute the method ********************** Set objOutParams = objShare.ExecMethod_("Create", objInParam) If objOutParams.ReturnValue = 0 Then wscript.echo "Share created successfully" Else If objOutParams.ReturnValue = 22 Then wscript.echo "Share may already exist" Else wscript.echo "Unable to create share, return value was : " _ & objOutParams.ReturnValue End If End If
'************************* HELPER FUNCTIONS ********************* Function SetTrustee(objservices, strDomain, strName, SID) Set objTrustee = objservices.Get("Win32_Trustee").SpawnInstance_ objTrustee.Domain = strDomain objTrustee.Name = strName objTrustee.Properties_.Item("SID") = SID Set SetTrustee = objTrustee End Function
Function SetACE(objservices, AccessMask, AceFlags, AceType, objTrustee) Set objAce = objservices.Get("Win32_Ace").SpawnInstance_ objAce.Properties_.Item("AccessMask") = AccessMask objAce.Properties_.Item("AceFlags") = AceFlags objAce.Properties_.Item("AceType") = AceType objAce.Properties_.Item("Trustee") = objTrustee Set SetACE = objAce End Function '******************************************************************
_________________________
-Jim
...the sort of general malaise that only the genius possess and the insane lament.
|
Top
|
|
|
|
#110396 - 2003-12-16 05:24 PM
Re: Using WMI to set ownership
|
Sealeopard
KiX Master
Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
|
Nope.
The results of GetSecurityDescriptor(Descriptor) is in Descriptor.
Code:
rc = GetSecurityDescriptor(Descriptor)
Thus, you have to pass a variable into the GetSecurityDescriptor() function as a ByRef in order for the function to return the results in Descriptor. KiXtart does not support this type of passing variables into COM objects, it only supports the ByVal passing, which essentially copies the value into the function. The ByRef passes the reference to the value into the function which gives the function the ability to update said reference so that once the funciton exits the referenced variable contaisn the new value.
We already requested a couple of times to include ByRef passing as this would enable you to pass e.g. three parameters into a funciton and have the function return with updated values in these three variables. This would save the kludge of using arrays to return multiple parameters out of a UDF.
Code:
; demo code
$a=1
$b=2
$c=3
? $a
? $b
? $c
$rc=byreffun($a, %b, $c)
? $a
? $b
? $c
function byreffun(ByRef $var1, ByRef $var2, ByRef $var3)
$var1='aaa'
$var2='bbb'
$var3='ccc'
endfunction
The output of this script would beCode:
1
2
3
aaa
bbb
ccc
Edited by sealeopard (2003-12-16 05:25 PM)
_________________________
There are two types of vessels, submarines and targets.
|
Top
|
|
|
|
#110399 - 2003-12-16 06:40 PM
Re: Using WMI to set ownership
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Jim - here's the code I was playing with last night. Basically trying to create an "blank" instance of Win32_SecurityDescriptor and passing that to the function. You can tell that an object was indeed created. And when one queries the ControlFlags property it returns success (but I guess since its not a real instance of a security descriptor (ie a blank one) that no flags are present. If you substitute a bad property name, you do get an error - so definitetly talking to a real object here. But the passing out from GetSecurityDescriptor still doesn't work. tbh - don't think OUT parms work this way. If this was an IN/OUT parm it would probably work.
Code:
Break On $wmiFileSecSetting = GetObject ("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\temp'") $wmiSecurityDescriptor = GetObject ("winmgmts:Win32_SecurityDescriptor") ?"GetObject = " + @SERROR if $wmiSecurityDescriptor ? "ControlFlags=" + $wmiSecurityDescriptor.ControlFlags ? "QueryControlFlags = " + @SERROR endif $= $wmiFileSecSetting.GetSecurityDescriptor( $wmiSecurityDescriptor ) ? "GetSecurityDescriptor = " + @SERROR
|
Top
|
|
|
|
#110401 - 2003-12-17 01:39 AM
Re: Using WMI to set ownership
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
I just traversed the inheritance tree from Win32_LogicalFileSecuritySetting that inherits from Win32_SecuritySetting which inherits from CIM_Setting but I see no support for reflection here with this class, like using get and put. But then again, I could be totally off base here.
-Shawn
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 248 anonymous users online.
|
|
|