Setting access rights to an NTFS directory 
Author Message
 Setting access rights to an NTFS directory

Hi All,

Any pointers on setting access rights on a directory located on an
NTFS volume?  After creating the directory I then want to assign
specific users specific rights to it.

TIA,
  Jon.



Sat, 24 Apr 2004 00:52:33 GMT  
 Setting access rights to an NTFS directory
Hi

You can use the command line utility CACLS.EXE I guess.

Or you can go to Win32 Scripting [Clarence Washington]
http://cwashington.netreach.net/

Search for:
-----------------------------------------------------------------------
Author: Craig Paterson
Date Posted: 12/15/1999
Apply File And Directory Permissions
Script Language: VBScript

I put this script in the featured script section both for its technical
excellence and its incredible usefulness. People have been asking for this
thing FOREVER. This script emulates some of the functionality of CACLS.EXE
using ADSSecurity.dll from ADSI SDK. Take a look at this one. Its incredibly
thorough and well done.

-----------------------------------------------------------------------

A newsgroup search at http://groups.google.com/advanced_group_search came up
with this:

-----------------------------------------------------------------------

Subject: NTFS permissions in files and folders ?
Newsgroups: microsoft.public.active.directory.interfaces

Download the SDK

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

and install adssecurity.dll.
The snippet underneath will do the trick. Should work with NT and Win2000.
Try to add some users manually, and see what value the AccessMask property
holds for each user - then change the line ACE.AccessMask = 1179817 to
whatever level you want.

Good luck
Olav Kraakenes, NORWAY

----------------------------------------------------------------------------

Dim Sec, secDesc, DACL, ACE
Dim strTrustee, strDomain, strPath

strTrustee = "myLogin"
strDomain = "MYSERVER"
strPath = "d:\temp\test"

Set Sec = CreateObject("ADsSecurity")
Set secDesc = Sec.GetSecurityDescriptor("FILE://" & strPath)
Set DACL = secDesc.DiscretionaryAcl

'-- Show the ACEs in the DACL (Not necessary) ----
For Each ACE In DACL
 subStr = "Trustee: " & chr(9) & chr(9) & ACE.Trustee & chr(10)
 subStr = subStr & "AccessMask:" & chr(9) & ACE.AccessMask & chr(10)
 subStr = subStr & "AceType:" & chr(9) & chr(9) & ACE.AceType & chr(10)
 subStr = subStr & "AceFlags:" & chr(9) & chr(9) & ACE.AceFlags & chr(10)
 subStr = subStr & "Flags:" & chr(9) & chr(9) & ACE.Flags & chr(10)
 MsgBox subStr
Next

'-- Add user to ACL --
Set ACE = CreateObject("AccessControlEntry")
ACE.Trustee = strDomain & "\" & strTrustee
ACE.AccessMask = 1179817
ACE.AceFlags = 3
ACE.AceType = 0

DACL.AddAce ace
secDesc.DiscretionaryAcl = DACL
Sec.SetSecurityDescriptor secDesc

Set DACL = Nothing
Set SecDec = Nothing
Set Sec = Nothing
----------------------------------------------------------------------------

----------------------------------------------------------------------------

Subject: RE: List permissions of files and folders?
Newsgroups: microsoft.public.scripting.wsh
Date: 2001-10-09 18:06:24 PST

We can enumerate folders and files and set file permissions using
ADsSecurity.DLL, which was shipped with Platform SDK. Below is the related
article:

HOWTO: Use ADSI to Set Automatic Inheritance of File/Folder Permissions
http://support.microsoft.com/support/kb/articles/Q266/4/61.asp
----------------------------------------------------------------------------

-----------------   An old one, but still relevant ;-)   -----------------


Subject: Re: adsi - creating a share and modifying permissions
Newsgroups: microsoft.public.scripting.wsh
Date: 1998/09/17

Hi,

You might want to check out my company's product named XLNT.
XLNT is a Command and Scripting Language for NT/9x systems.
http://www.advsyscon.com/products/xlnt/xlnt.asp

XLNT also supports ActiveX Scripting and can be used inconjunction
with WSH and/or IIS.  For your specific question, under XLNT,
the syntax would be:

$ SET PERMISSION/OBJECT=SHARE  \\server\test
/ACCOUNT=(account:permissions,...)
where:
account is an NT account name (domain\name syntax also supported) and
permissions for this object is: FULL, READ, CHANGE, NOACCESS or special
access (RWXDPO).

For a free 30-day full-function kit, please visit our web site at
http://www.advsyscon.com.
----------------------------------------------------------------------------

--
torgeir

Quote:

> Hi All,

> Any pointers on setting access rights on a directory located on an
> NTFS volume?  After creating the directory I then want to assign
> specific users specific rights to it.

> TIA,
>   Jon.



Sat, 24 Apr 2004 00:58:07 GMT  
 Setting access rights to an NTFS directory
Hi
Here is a VBS that set a folder permission:
Note that you have to have the ADSSecurity.dll from ADSI SDK

************************************
' Declarations

' ADS_ACEFLAGS_ENUM
' Ace Flag Constants
'
   Const ADS_ACEFLAG_UNKNOWN = &H1
   Const ADS_ACEFLAG_INHERIT_ACE = &H2
' ADS_ACETYPE_ENUM
' Ace Type definitions
'
   Const ADS_ACETYPE_ACCESS_ALLOWED = 0
   Const ADS_ACETYPE_ACCESS_DENIED = &H1
'
' Define a ADS_RIGHTS_ENUM constants:
' Ace AccessMask definitions
'
   Const ADS_RIGHT_DELETE = &H10000
   Const ADS_RIGHT_READ_CONTROL = &H20000
   Const ADS_RIGHT_WRITE_DAC = &H40000
   Const ADS_RIGHT_WRITE_OWNER = &H80000
   Const ADS_RIGHT_SYNCHRONIZE = &H100000
   Const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000
   Const ADS_RIGHT_GENERIC_READ = &H80000000
   Const ADS_RIGHT_GENERIC_WRITE = &H40000000
   Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000
   Const ADS_RIGHT_GENERIC_ALL = &H10000000
   Const ADS_RIGHT_DS_CREATE_CHILD = &H1
   Const ADS_RIGHT_DS_DELETE_CHILD = &H2
   Const ADS_RIGHT_ACTRL_DS_LIST = &H4
   Const ADS_RIGHT_DS_SELF = &H8
   Const ADS_RIGHT_DS_READ_PROP = &H10
   Const ADS_RIGHT_DS_WRITE_PROP = &H20
   Const ADS_RIGHT_DS_DELETE_TREE = &H40
   Const ADS_RIGHT_DS_LIST_OBJECT = &H80
   Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100

    Dim Sec            'Dim sec As New ADsSecurity
    Dim sd             'Dim sd As IADsSecurityDescriptor
    Dim Dacl           'Dim Dacl As IADsAccessControlList
    Dim newAce         'Dim newAce As New AccessControlEntry
    Dim WSHNetwork
    Dim sFolderPath
    Dim sTrustee

    ' Prolog
    Set WSHNetwork = WScript.CreateObject("WScript.Network")
    Set Sec = CreateObject("ADsSecurity")

    sTrustee = WSHNetwork.UserDomain & "\" & WSHNetwork.UserName   '///
Or how ever
    sFolderPath =    Write here the folder path

    Set sd = sec.GetSecurityDescriptor("FILE://" & sFolderPath)
    Set Dacl = sd.DiscretionaryAcl
    On Error Resume Next
    ' Body

    Set newAce = CreateObject("AccessControlEntry")
    MsgBox sTrustee
    newAce.Trustee = sTrustee
    newAce.AccessMask = ADS_RIGHT_GENERIC_ALL Or ADS_RIGHT_GENERIC_READ Or
ADS_RIGHT_GENERIC_EXECUTE _
                            Or ADS_RIGHT_GENERIC_WRITE Or ADS_RIGHT_DELETE
    newAce.AceFlags = ADS_ACEFLAG_UNKNOWN Or ADS_ACEFLAG_INHERIT_ACE
    newAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED
    sd.Owner = newAce.Trustee

    Dacl.AddAce newAce
   'Removes everyone else from the permission
        For Each newAce In Dacl
             If newAce.Trustee <> Trim(sTrustee) Then
                 Dacl.RemoveAce newAce
             End If
            sd.DiscretionaryAcl = Dacl
        Next

    sd.DiscretionaryAcl = Dacl
    sec.SetSecurityDescriptor sd

    ' Epilog
  If Err.Number <> 0 then
     MsgBox Err.Description
  End if
    ' Destroy all objects
    Set sec = Nothing
    Set sd = Nothing
    Set Dacl = Nothing
    Set ace = Nothing
    Set newAce = Nothing
*****************************************

Yoav


Quote:
> Hi All,

> Any pointers on setting access rights on a directory located on an
> NTFS volume?  After creating the directory I then want to assign
> specific users specific rights to it.

> TIA,
>   Jon.



Sat, 24 Apr 2004 22:05:10 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. Setting NTFS Rights to directories

2. Q: Setting NTFS Rights

3. Setting User-rights for NTFS?

4. Setting NTFS rights

5. Q: Changing Access Rights on NTFS

6. batch setting access rights to files

7. Directory, share, Win2000, access rights, ADSI

8. Directories, sharing, Win2000, Access rights, ADSI

9. Problem adding the SYSTEM user to NTFS rights

10. Really need help with the SYSTEM user vs NTFS rights

11. NTFS rights

12. NTFS rights

 

 
Powered by phpBB® Forum Software