Setting NTFS Permissions using WMI 
Author Message
 Setting NTFS Permissions using WMI

Hi,

I would like to programatically set permissions on a folder to "Domain
Admins" group and a User using system.management namespace with VB .Net. I
have managed to add the users with correct permissions by putting following
some samples i found (Thanks everyone), but i can not figure out how to
"clear" the "Allow inheritable permission" settings. I will paste in my code
below and i would appreciate if someone could help me with the last piece to
this puzzle.

Thanks

Niclas

Public Sub AddFileAccessControlEntry(ByVal path As String)

Try

Dim mp As New ManagementPath
mp.Server = "."
mp.NamespacePath = "root\cimv2"
mp.RelativePath = "Win32_LogicalFileSecuritySetting.Path='" +
path.Replace("\", "\\") + "'"
Dim objFile As New ManagementObject(mp)
Dim options As New InvokeMethodOptions(Nothing, New TimeSpan(0, 0, 0, 5))
Dim outparams As ManagementBaseObject =
objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)
Dim securityDescriptor As ManagementBaseObject =
CType(outparams("Descriptor"), ManagementBaseObject)
Dim dacl As ManagementBaseObject() = CType(securityDescriptor("DACL"),
ManagementBaseObject())
Dim trustee As ManagementBaseObject
Dim win32Trustee As New ManagementClass("Win32_Trustee")

'Create Trustee for User

Dim newTrusteeUser As ManagementObject = win32Trustee.CreateInstance
Dim UserAcct As String = "CN=myUser,DC=mydomain,DC=com"
Dim UserNamePath As String = "LDAP://" & UserAcct
Dim dirEnt As New DirectoryEntry(UserNamePath)
Dim UserName As String = CStr(dirEnt.Properties("sAMAccountName")(0))
Dim UserSid As Byte() = CType(dirEnt.Properties("objectsid")(0), Byte())

dirEnt.Dispose()
newTrusteeUser("Name") = UserName
newTrusteeUser("SID") = UserSid
newTrusteeUser("SIDLength") = UserSid.Length

Dim win32Ace As New ManagementClass("Win32_ACE")
Dim newACEUser As ManagementObject = win32Ace.CreateInstance

newACEUser("Trustee") = newTrusteeUser
newACEUser("AceFlags") = 3
newACEUser("AceType") = 0
newACEUser("AccessMask") = 1179817

Dim newTrusteeAdmin As ManagementObject = win32Trustee.CreateInstance

Dim AdminAcct As String = "CN=Domain Admins,CN=Users,dc=mydomain,dc=com"
Dim AdminNamePath As String = "LDAP://" & AdminAcct
dirEnt = New DirectoryEntry(AdminNamePath)
Dim AdminName As String = CStr(dirEnt.Properties("sAMAccountName")(0))
Dim adminSid As Byte() = CType(dirEnt.Properties("objectsid")(0), Byte())
dirEnt.Dispose()
newTrusteeAdmin("Name") = AdminName
newTrusteeAdmin("SID") = adminSid
newTrusteeAdmin("SIDLength") = adminSid.Length
Dim newACEAdmin As ManagementObject = win32Ace.CreateInstance

newACEAdmin("Trustee") = newTrusteeAdmin
newACEAdmin("AceFlags") = 3
newACEAdmin("AceType") = 0
newACEAdmin("AccessMask") = 2032127

Dim newAces() As ManagementBaseObject = New ManagementBaseObject()
{newACEUser, newACEAdmin}
securityDescriptor("DACL") = newAces

Dim args1() As Object = {securityDescriptor}
Dim retval As UInt32 =
System.Convert.ToUInt32(objFile.InvokeMethod("SetSecurityDescriptor",
args1))

lblMessage.Text = "<br>SetSecurityDescriptor ReturnStatus = " &
System.Convert.ToInt32(retval)

Catch ex As Exception
MsgBox("Setting permission failed: " & ex.Message)
End Try

End Sub



Fri, 14 Oct 2005 17:53:14 GMT  
 Setting NTFS Permissions using WMI
You need to do that through the ControlFlags property of the
win32_securitydescriptor class.
You can look up SECURITY_DESCRIPTOR_CONTROL in msdn for more information.

This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


Quote:
> Hi,

> I would like to programatically set permissions on a folder to "Domain
> Admins" group and a User using system.management namespace with VB .Net. I
> have managed to add the users with correct permissions by putting
following
> some samples i found (Thanks everyone), but i can not figure out how to
> "clear" the "Allow inheritable permission" settings. I will paste in my
code
> below and i would appreciate if someone could help me with the last piece
to
> this puzzle.

> Thanks

> Niclas

> Public Sub AddFileAccessControlEntry(ByVal path As String)

> Try

> Dim mp As New ManagementPath
> mp.Server = "."
> mp.NamespacePath = "root\cimv2"
> mp.RelativePath = "Win32_LogicalFileSecuritySetting.Path='" +
> path.Replace("\", "\\") + "'"
> Dim objFile As New ManagementObject(mp)
> Dim options As New InvokeMethodOptions(Nothing, New TimeSpan(0, 0, 0, 5))
> Dim outparams As ManagementBaseObject =
> objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)
> Dim securityDescriptor As ManagementBaseObject =
> CType(outparams("Descriptor"), ManagementBaseObject)
> Dim dacl As ManagementBaseObject() = CType(securityDescriptor("DACL"),
> ManagementBaseObject())
> Dim trustee As ManagementBaseObject
> Dim win32Trustee As New ManagementClass("Win32_Trustee")

> 'Create Trustee for User

> Dim newTrusteeUser As ManagementObject = win32Trustee.CreateInstance
> Dim UserAcct As String = "CN=myUser,DC=mydomain,DC=com"
> Dim UserNamePath As String = "LDAP://" & UserAcct
> Dim dirEnt As New DirectoryEntry(UserNamePath)
> Dim UserName As String = CStr(dirEnt.Properties("sAMAccountName")(0))
> Dim UserSid As Byte() = CType(dirEnt.Properties("objectsid")(0), Byte())

> dirEnt.Dispose()
> newTrusteeUser("Name") = UserName
> newTrusteeUser("SID") = UserSid
> newTrusteeUser("SIDLength") = UserSid.Length

> Dim win32Ace As New ManagementClass("Win32_ACE")
> Dim newACEUser As ManagementObject = win32Ace.CreateInstance

> newACEUser("Trustee") = newTrusteeUser
> newACEUser("AceFlags") = 3
> newACEUser("AceType") = 0
> newACEUser("AccessMask") = 1179817

> Dim newTrusteeAdmin As ManagementObject = win32Trustee.CreateInstance

> Dim AdminAcct As String = "CN=Domain Admins,CN=Users,dc=mydomain,dc=com"
> Dim AdminNamePath As String = "LDAP://" & AdminAcct
> dirEnt = New DirectoryEntry(AdminNamePath)
> Dim AdminName As String = CStr(dirEnt.Properties("sAMAccountName")(0))
> Dim adminSid As Byte() = CType(dirEnt.Properties("objectsid")(0), Byte())
> dirEnt.Dispose()
> newTrusteeAdmin("Name") = AdminName
> newTrusteeAdmin("SID") = adminSid
> newTrusteeAdmin("SIDLength") = adminSid.Length
> Dim newACEAdmin As ManagementObject = win32Ace.CreateInstance

> newACEAdmin("Trustee") = newTrusteeAdmin
> newACEAdmin("AceFlags") = 3
> newACEAdmin("AceType") = 0
> newACEAdmin("AccessMask") = 2032127

> Dim newAces() As ManagementBaseObject = New ManagementBaseObject()
> {newACEUser, newACEAdmin}
> securityDescriptor("DACL") = newAces

> Dim args1() As Object = {securityDescriptor}
> Dim retval As UInt32 =
> System.Convert.ToUInt32(objFile.InvokeMethod("SetSecurityDescriptor",
> args1))

> lblMessage.Text = "<br>SetSecurityDescriptor ReturnStatus = " &
> System.Convert.ToInt32(retval)

> Catch ex As Exception
> MsgBox("Setting permission failed: " & ex.Message)
> End Try

> End Sub



Mon, 17 Oct 2005 06:19:30 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. Setting NTFS folder permissions using WMI

2. Problems with setting folder security permissions using WMI!!!

3. Set ACL File Permissions for NTFS

4. Add User to AD and Set NTFS Permission - ASP

5. Need Script Sample for set Folder Ntfs Permissions.

6. How to set NTFS permissions to a folder

7. Setting NTFS-Permissions with VBScript possible?

8. Help: Setting NTFS permissions

9. Setting NTFS File Permissions

10. Q: how to set NTFS permissions on deployment folder

11. set NTFS File Permissions with API?

12. How to set NTFS permissions?

 

 
Powered by phpBB® Forum Software