Problems with setting folder security permissions using WMI!!! 
Author Message
 Problems with setting folder security permissions using WMI!!!

Hi all!

I have tried implementing the code below to set permissions on a folder but
can't get it to work perfectly. Think it has something to do with rights to
the folder before executing the code or something like that.

If I create a folder named testfolder under C: (C:\testfolder) with Full
Control to the group Everyone, the code works quite ok, it takes away
Everyone from the "permissionlist" but doesn't create it again.

And if I have the same folder but only give Everyone permission to Read &
Execute, List Folder Contents and Read the code doesn't do anything,
Everyone stays with the same permissions as before.

Do you guys know if I have to set some sort of permission on the folder (or
"parent-folder") before the application starts or do I have to use some
special kind of .NET-application (I'm using a Console Application at the

I'm running the app on my Windows2000 Pro machine but have also tried it on
a Windows2000 Server.

The code looks like this:


Sub main()


End Sub

Public Sub AddFileAccessControlEntry(ByVal path As String)

Dim objFile As New ManagementObject(New
ManagementPath("Win32_LogicalFileSecuritySetting='" + _

path.Replace("\", "\\") + "'"))

Dim options As New InvokeMethodOptions(Nothing, New TimeSpan(0, 0, 0, 5))

Dim outparams As ManagementBaseObject =
objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)

Dim securityDescriptor As ManagementBaseObject = outparams("Descriptor")

Console.WriteLine("Got SD...")

Dim dacl As ManagementBaseObject() = securityDescriptor("DACL")

Dim oldACE As ManagementBaseObject

Dim trustee As ManagementBaseObject

Console.WriteLine("Print old DACL")

For Each oldACE In dacl

trustee = CType(oldACE("Trustee"), ManagementBaseObject)

Console.WriteLine(trustee("Name").ToString() & " " &
oldACE("AccessMask").ToString() & " " & oldACE("AceType").ToString())



'Create Trustee

Dim win32Trustee As New ManagementClass("Win32_Trustee")

Dim newTrustee As ManagementObject = win32Trustee.CreateInstance

newTrustee("Name") = "Everyone"

newTrustee("SID") = New Byte() {1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0}

'Create ACE

Dim win32Ace As New ManagementClass("Win32_ACE")

Dim newACE As ManagementObject = win32Ace.CreateInstance

newACE("Trustee") = newTrustee

newACE("AceType") = 0

newACE("AccessMask") = 2032127

'set new dacl

Dim newAces() As ManagementBaseObject = New ManagementBaseObject() {newACE}

securityDescriptor("DACL") = newAces

'call method, set sd

Dim args1() As Object = {securityDescriptor}

Dim retval As UInt32 = objFile.InvokeMethod("SetSecurityDescriptor", args1)

Console.WriteLine("SetSecurityDescriptor ReturnStatus = " &


End Sub


Hope you can help me

Best regards

Martin Emanuelsson

Gothenburg, Sweden

Mon, 27 Dec 2004 01:22:24 GMT  
 [ 1 post ] 

 Relevant Pages 

1. Setting NTFS folder permissions using WMI

2. Setting NTFS Permissions using WMI

3. Using VBScript to set permissions on a folder

4. ADSI: Setting File/Folder Permissions Problem

5. Problems with setting folder permissions, need help!!!

6. Setting folder permissions using WMI instead of cacls.exe?

7. Can't set open/run permission for modules in Security

8. WMI Security Problem

9. Setting NT Security Permissions with VB

10. WMI security related problem

11. Setting DCOM Security/Permissions programmatically

12. Setting W2K folder permissions in code


Powered by phpBB® Forum Software