#197035 - 2009-12-09 09:03 AM
Using KiXtart for Folder and Registry permissions
|
ThaSySman
Fresh Scripter
Registered: 2008-03-03
Posts: 13
|
Hello,
I am trying to add some permissions on a folder. But i can't make it work at the moment. I used VBScripts as well but it will add the wrong user group.
I have the Dutch version of Server 2008 running. So the groups are dutch.
The usergroup: "All Apotheek" needs full rights on the following folder:
C:\Program Files\Old Bike Soft
And i need in the same script the rule to change a registry key. As well, the user group "All Apotheek" needs full rights on this registry key. HKEY_LOCAL_MACHINE\Software\Old Bike Soft
And i don't know if its possible, but i made a simple Batch file for adding a Firewall rule to a Windows XP Machine. This is the script i made in a batchfile. Maybe i can implement it into a Kixtart script?
netsh firewall set portopening protocol=TCP port=9021 name=PP_FTP mode=ENABLE profile=All
Can someone give me examples about how i can arrange this? Maybe someone who has a little spare time to give me a good example script or something.. because i am not really good at this...
I searched the board.. and founded some stuff.. but i don't understand it really much..
1- http://www.kixtart.org/forums/ubbthreads...true#Post197034
2- http://www.kixtart.org/forums/ubbthreads...true#Post195756
So the script has to do:
- Add group: "All Apotheek" to the following folder: C:\Program Files\Old Bike Soft
- Add group: "All Apotheek" to the following registry key: HKEY_LOCAL_MACHINE\Software\Old Bike Soft
- Add Firewall rule on a XP machine: Port Protocol: TCP Por: 9021 Name: PP_FTP Mode: Enable Profile: All
Is that possible?
very... very.. very thanks for someone who can help me!
Edited by ThaSySman (2009-12-09 09:03 AM)
|
Top
|
|
|
|
#197036 - 2009-12-09 09:26 AM
Re: Using KiXtart for Folder and Registry permissions
[Re: ThaSySman]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
|
Firewall is easy, see the code below. For permissions on the folder, see my NTFSPerms UDF.
Dim $objFirewall, $objPolicy, $objPort, $colPorts
$objFirewall = CreateObject("HNetCfg.FwMgr")
$objPolicy = $objFirewall.LocalPolicy.CurrentProfile
$objPort = CreateObject("HNetCfg.FwOpenPort")
$objPort.Port = 9021
$objPort.Protocol = 6 ;TCP
$objPort.Name = "PP_FTP"
$objPort.Enabled = 1
$colPorts = $objPolicy.GloballyOpenPorts
$rc = $colPorts.Add($objPort)
|
Top
|
|
|
|
#197037 - 2009-12-09 09:44 AM
Re: Using KiXtart for Folder and Registry permissions
[Re: Arend_]
|
ThaSySman
Fresh Scripter
Registered: 2008-03-03
Posts: 13
|
Hi Apronk,
Thanks for your help.
I will look for your NTFSPerms UDF, I hope i can understand it to use it.
|
Top
|
|
|
|
#197038 - 2009-12-09 09:46 AM
Re: Using KiXtart for Folder and Registry permissions
[Re: ThaSySman]
|
ThaSySman
Fresh Scripter
Registered: 2008-03-03
Posts: 13
|
I can't find the file.. do you have a direct link to it?
|
Top
|
|
|
|
#197040 - 2009-12-09 11:43 AM
Re: Using KiXtart for Folder and Registry permissions
[Re: ThaSySman]
|
BradV
Seasoned Scripter
Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
|
|
Top
|
|
|
|
#197042 - 2009-12-09 12:56 PM
Re: Using KiXtart for Folder and Registry permissions
[Re: BradV]
|
ThaSySman
Fresh Scripter
Registered: 2008-03-03
Posts: 13
|
Okay thank you... didnt found it but many thanks.
So that will be... (???)
NTFSPerms("ADD:CHANGE","C:\Program Files\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
NTFSPerms("ADD:CHANGE","HKEY_LOCAL_MACHINE\Software\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
Dim $objFirewall, $objPolicy, $objPort, $colPorts
$objFirewall = CreateObject("HNetCfg.FwMgr")
$objPolicy = $objFirewall.LocalPolicy.CurrentProfile
$objPort = CreateObject("HNetCfg.FwOpenPort")
$objPort.Port = 9021
$objPort.Protocol = 6 ;TCP
$objPort.Name = "PP_FTP"
$objPort.Enabled = 1
$colPorts = $objPolicy.GloballyOpenPorts
$rc = $colPorts.Add($objPort)
Can someone review it?
|
Top
|
|
|
|
#197048 - 2009-12-09 05:29 PM
Re: Using KiXtart for Folder and Registry permissions
[Re: ThaSySman]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
|
NTFSPerms("ADD:CHANGE","C:\Program Files\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
Yeah that'll work.
NTFSPerms("ADD:CHANGE","HKEY_LOCAL_MACHINE\Software\Old Bike Soft","Gezondheidshuis\Alle Gebruikers")
That won't work, NTFSPerms unfortunately won't work with Registry.
|
Top
|
|
|
|
#197060 - 2009-12-09 10:43 PM
Re: Using KiXtart for Folder and Registry permissions
[Re: Arend_]
|
ThaSySman
Fresh Scripter
Registered: 2008-03-03
Posts: 13
|
Okay, thank you very much for your support..
So how can i edit easily permissions for registry... and maybe another issue.. it should be run as the global administrator on the domain.. is that difficult to put that in it?
|
Top
|
|
|
|
#197073 - 2009-12-11 02:39 AM
Re: Using KiXtart for Folder and Registry permissions
[Re: ThaSySman]
|
ThaSySman
Fresh Scripter
Registered: 2008-03-03
Posts: 13
|
Does anyone knows how to change the registry permissions?
The group : All Apotheek has to be added to a HKEY_LOCAL_MACHINE key...
|
Top
|
|
|
|
#197075 - 2009-12-11 09:32 AM
Re: Using KiXtart for Folder and Registry permissions
[Re: ThaSySman]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
|
I could probably get it to work, I'll give you a piece of code to try:
Dim $strRegPath, $strUser
$strRegPath = "HKEY_CURRENT_USER\test"
$strUser = @WKSTA+"\Administrator"
Dim $objADSU, $objSD, $objDACL, $objAceNew
$objADSU = CreateObject("ADsSecurityUtility")
$objSD = $objADSU.GetSecurityDescriptor($strRegPath, 3, 1)
$objDACL = $objSD.DiscretionaryAcl
$objAceNew = CreateObject("AccessControlEntry")
$objAceNew.Trustee = $strUser
$objAceNew.AceFlags = 2
$objAceNew.AccessMask = 983103
$objAceNew.AceType = 0
$objDACL.AddAce($objAceNew)
$objSD.DiscretionaryAcl = $objDACL
$objADSU.SetSecurityDescriptor($strRegPath, 3, $objSD, 1)
Keep in mind, if you use the example key in this code that you have to create the "test" key first. Also remember that this code has the same problem as the original NTFSPerms, the permissions are not pushed down the food chain. Only keys created afterwards will inherit.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 466 anonymous users online.
|
|
|