Page 1 of 1 1
Topic Options
#197035 - 2009-12-09 09:03 AM Using KiXtart for Folder and Registry permissions
ThaSySman Offline
Fresh Scripter

Registered: 2008-03-03
Posts: 13
Hello,

I am trying to add some permissions on a folder. But i can't make it work at the moment. I used VBScripts as well but it will add the wrong user group.

I have the Dutch version of Server 2008 running. So the groups are dutch.

The usergroup: "All Apotheek"
needs full rights on the following folder:

C:\Program Files\Old Bike Soft


And i need in the same script the rule to change a registry key. As well, the user group "All Apotheek" needs full rights on this registry key.
HKEY_LOCAL_MACHINE\Software\Old Bike Soft

And i don't know if its possible, but i made a simple Batch file for adding a Firewall rule to a Windows XP Machine.
This is the script i made in a batchfile. Maybe i can implement it into a Kixtart script?

 Code:
netsh firewall set portopening protocol=TCP port=9021 name=PP_FTP mode=ENABLE profile=All


Can someone give me examples about how i can arrange this? Maybe someone who has a little spare time to give me a good example script or something.. because i am not really good at this...

I searched the board.. and founded some stuff.. but i don't understand it really much..

1- http://www.kixtart.org/forums/ubbthreads...true#Post197034

2- http://www.kixtart.org/forums/ubbthreads...true#Post195756

So the script has to do:

- Add group: "All Apotheek" to the following folder:
C:\Program Files\Old Bike Soft

- Add group: "All Apotheek" to the following registry key:
HKEY_LOCAL_MACHINE\Software\Old Bike Soft

- Add Firewall rule on a XP machine:
Port Protocol: TCP
Por: 9021
Name: PP_FTP
Mode: Enable
Profile: All

Is that possible?


very... very.. very thanks for someone who can help me!


Edited by ThaSySman (2009-12-09 09:03 AM)

Top
#197036 - 2009-12-09 09:26 AM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Firewall is easy, see the code below.
For permissions on the folder, see my NTFSPerms UDF.

 Code:
Dim $objFirewall, $objPolicy, $objPort, $colPorts
$objFirewall = CreateObject("HNetCfg.FwMgr")
$objPolicy = $objFirewall.LocalPolicy.CurrentProfile

$objPort = CreateObject("HNetCfg.FwOpenPort")
$objPort.Port = 9021
$objPort.Protocol = 6 ;TCP
$objPort.Name = "PP_FTP"
$objPort.Enabled = 1

$colPorts = $objPolicy.GloballyOpenPorts
$rc = $colPorts.Add($objPort)

Top
#197037 - 2009-12-09 09:44 AM Re: Using KiXtart for Folder and Registry permissions [Re: Arend_]
ThaSySman Offline
Fresh Scripter

Registered: 2008-03-03
Posts: 13
Hi Apronk,

Thanks for your help.

I will look for your NTFSPerms UDF, I hope i can understand it to use it.

Top
#197038 - 2009-12-09 09:46 AM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
ThaSySman Offline
Fresh Scripter

Registered: 2008-03-03
Posts: 13
I can't find the file.. do you have a direct link to it?
Top
#197040 - 2009-12-09 11:43 AM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
Did you search in the UDF forum? A quick search found:

http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=180734

Top
#197042 - 2009-12-09 12:56 PM Re: Using KiXtart for Folder and Registry permissions [Re: BradV]
ThaSySman Offline
Fresh Scripter

Registered: 2008-03-03
Posts: 13
Okay thank you... didnt found it but many thanks.

So that will be... (???)

 Code:
NTFSPerms("ADD:CHANGE","C:\Program Files\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")

NTFSPerms("ADD:CHANGE","HKEY_LOCAL_MACHINE\Software\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")

Dim $objFirewall, $objPolicy, $objPort, $colPorts
$objFirewall = CreateObject("HNetCfg.FwMgr")
$objPolicy = $objFirewall.LocalPolicy.CurrentProfile

$objPort = CreateObject("HNetCfg.FwOpenPort")
$objPort.Port = 9021
$objPort.Protocol = 6 ;TCP
$objPort.Name = "PP_FTP"
$objPort.Enabled = 1

$colPorts = $objPolicy.GloballyOpenPorts
$rc = $colPorts.Add($objPort)


Can someone review it?

Top
#197048 - 2009-12-09 05:29 PM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
 Code:
NTFSPerms("ADD:CHANGE","C:\Program Files\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")

Yeah that'll work.

 Code:
NTFSPerms("ADD:CHANGE","HKEY_LOCAL_MACHINE\Software\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")

That won't work, NTFSPerms unfortunately won't work with Registry.

Top
#197060 - 2009-12-09 10:43 PM Re: Using KiXtart for Folder and Registry permissions [Re: Arend_]
ThaSySman Offline
Fresh Scripter

Registered: 2008-03-03
Posts: 13
Okay, thank you very much for your support..

So how can i edit easily permissions for registry... and maybe another issue.. it should be run as the global administrator on the domain.. is that difficult to put that in it?

Top
#197073 - 2009-12-11 02:39 AM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
ThaSySman Offline
Fresh Scripter

Registered: 2008-03-03
Posts: 13
Does anyone knows how to change the registry permissions?

The group : All Apotheek has to be added to a HKEY_LOCAL_MACHINE key...

Top
#197074 - 2009-12-11 09:13 AM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
You could use regini.exe for this. It is not that difficult to use regini.exe from a kix script.
The link below should get you started.

http://support.microsoft.com/kb/264584
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#197075 - 2009-12-11 09:32 AM Re: Using KiXtart for Folder and Registry permissions [Re: ThaSySman]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
I could probably get it to work, I'll give you a piece of code to try:
 Code:
Dim $strRegPath, $strUser
$strRegPath = "HKEY_CURRENT_USER\test"
$strUser = @WKSTA+"\Administrator"

Dim $objADSU, $objSD, $objDACL, $objAceNew
$objADSU = CreateObject("ADsSecurityUtility")
$objSD = $objADSU.GetSecurityDescriptor($strRegPath, 3, 1)
$objDACL = $objSD.DiscretionaryAcl
$objAceNew = CreateObject("AccessControlEntry")
$objAceNew.Trustee = $strUser
$objAceNew.AceFlags = 2
$objAceNew.AccessMask = 983103
$objAceNew.AceType = 0
$objDACL.AddAce($objAceNew)
$objSD.DiscretionaryAcl = $objDACL
$objADSU.SetSecurityDescriptor($strRegPath, 3, $objSD, 1)

Keep in mind, if you use the example key in this code that you have to create the "test" key first. Also remember that this code has the same problem as the original NTFSPerms, the permissions are not pushed down the food chain. Only keys created afterwards will inherit.

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.143 seconds in which 0.106 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org