(mayayana) RE: NT Permissions 
Author Message
 (mayayana) RE: NT Permissions

I tried the code posted on:

http://www.*-*-*.com/

I added a command button, and this code:

Private Sub Command1_Click()
     Dim iRet As Long
     Dim iType As Long

     iType = 1
     iRet = FreeForAll("D:\2", iType)
     Debug.Print iRet, iType
End Sub

On Vista Ultimate I get error  1332 on function 2  (it is SetEntriesInAcl)

(The folder "D:\2" exists.)

The description from
http://www.*-*-*.com/ :

// MessageId: ERROR_NONE_MAPPED
//
// MessageText:
//
//  No mapping between account names and security IDs was done.
//
#define ERROR_NONE_MAPPED                1332L



Mon, 13 Feb 2012 08:31:28 GMT  
 (mayayana) RE: NT Permissions
  Thanks for the feedback. I haven't looked at
this code for awhile, but I wonder if it could be
the "Users" string in BuildExplicitAccessWithName?
Are you maybe on a PC defaulting to Spanish?
I hadn't thought of that. I don't know how one
goes about finding the right string in connection
with the local codepage.

Quote:
> I tried the code posted on:

http://groups.google.com/group/microsoft.public.vb.general.discussion...
b62753054fdd2f
Quote:

> I added a command button, and this code:

> Private Sub Command1_Click()
>      Dim iRet As Long
>      Dim iType As Long

>      iType = 1
>      iRet = FreeForAll("D:\2", iType)
>      Debug.Print iRet, iType
> End Sub

> On Vista Ultimate I get error  1332 on function 2  (it is SetEntriesInAcl)

> (The folder "D:\2" exists.)

> The description from
> http://msdn.microsoft.com/en-us/library/ms819775.aspx is:

> // MessageId: ERROR_NONE_MAPPED
> //
> // MessageText:
> //
> //  No mapping between account names and security IDs was done.
> //
> #define ERROR_NONE_MAPPED                1332L



Mon, 13 Feb 2012 09:01:07 GMT  
 (mayayana) RE: NT Permissions
mayayana escribi:

Quote:
>   Thanks for the feedback. I haven't looked at
> this code for awhile, but I wonder if it could be
> the "Users" string in BuildExplicitAccessWithName?
> Are you maybe on a PC defaulting to Spanish?
> I hadn't thought of that.

Yes, I came back because I found that this was the problem, and I find
that you already figured it out.

If I change "Users" to "Usuarios" it works.

 > I don't know how one
 > goes about finding the right string in connection
 > with the local codepage.

This is also my question, in order to make it language independant, but
I have no idea.

"Everyone" doesn't work either, but "Todos" (todos is everyone in
Spanish) does work.



Mon, 13 Feb 2012 09:20:59 GMT  
 (mayayana) RE: NT Permissions
Eduardo escribi:

Quote:
> mayayana escribi:
>  > I don't know how one
>  > goes about finding the right string in connection
>  > with the local codepage.

> This is also my question, in order to make it language independant, but
> I have no idea.

I found it.

Here are the SIDs: http://support.microsoft.com/kb/243330

And here there is the code to convert the SIDs to SAM:
http://support.microsoft.com/kb/276208



Mon, 13 Feb 2012 09:43:05 GMT  
 (mayayana) RE: NT Permissions

Quote:

> Here are the SIDs: http://support.microsoft.com/kb/243330

> And here there is the code to convert the SIDs to SAM:
> http://support.microsoft.com/kb/276208

Thanks. The code is confusing, though. At your
second link...all that "authority" stuff is needed to
just return, for instance, "Usuarios" from S-1-5-32-545?


Mon, 13 Feb 2012 10:18:15 GMT  
 (mayayana) RE: NT Permissions
mayayana escribi:

Quote:
>> Here are the SIDs: http://support.microsoft.com/kb/243330

>> And here there is the code to convert the SIDs to SAM:
>> http://support.microsoft.com/kb/276208

> Thanks. The code is confusing, though. At your
> second link...all that "authority" stuff is needed to
> just return, for instance, "Usuarios" from S-1-5-32-545?

I'm afraid yes, it's just to return "Usuarios" from "S-1-5-32-545".

In fact it returns "BUILTIN\Usuarios", I guess that the first part
should be removed.

"S-1-1-0" returns "\Todos"
"S-1-5-32-544" returns "BUILTIN\Administradores"
"S-1-5-32-545" returns "BUILTIN\Usuarios"

I'll search the web to see if I find a less complicated way.



Mon, 13 Feb 2012 10:37:54 GMT  
 (mayayana) RE: NT Permissions
Eduardo escribi:

Quote:
> I'll search the web to see if I find a less complicated way.

OK, I have a shorter code borrowed from:
http://vbnet.mvps.org/index.html?code/network/isadministrator.htm

Option Explicit

Private Const SECURITY_BUILTIN_DOMAIN_RID    As Long = &H20&
Private Const DOMAIN_ALIAS_RID_USERS         As Long = &H221&
Private Const SECURITY_NT_AUTHORITY          As Long = &H5

Private Type SID_IDENTIFIER_AUTHORITY
    Value(6) As Byte
End Type

Private Declare Function LookupAccountSid Lib "advapi32.dll" _
    Alias "LookupAccountSidA" _
   (ByVal lpSystemName As String, _
    ByVal Sid As Long, _
    ByVal name As String, _
    cbName As Long, _
    ByVal ReferencedDomainName As String, _
    cbReferencedDomainName As Long, _
    peUse As Long) As Long

Private Declare Function AllocateAndInitializeSid Lib "advapi32.dll" _
   (pIdentifierAuthority As SID_IDENTIFIER_AUTHORITY, _
    ByVal nSubAuthorityCount As Byte, _
    ByVal nSubAuthority0 As Long, _
    ByVal nSubAuthority1 As Long, _
    ByVal nSubAuthority2 As Long, _
    ByVal nSubAuthority3 As Long, _
    ByVal nSubAuthority4 As Long, _
    ByVal nSubAuthority5 As Long, _
    ByVal nSubAuthority6 As Long, _
    ByVal nSubAuthority7 As Long, _
    lpPSid As Long) As Long

Private Function GetLocaleForUsers() As String
     Dim res As Long
     Dim SIA As SID_IDENTIFIER_AUTHORITY
     Dim lSid As Long
     Dim sAcctName1 As String
     Dim cbAcctName As Long
     Dim sDomainName As String
     Dim cbDomainName As Long
     Dim peUse As Long

     SIA.Value(5) = SECURITY_NT_AUTHORITY

     res = AllocateAndInitializeSid(SIA, 2, _
                                     SECURITY_BUILTIN_DOMAIN_RID, _
                                     DOMAIN_ALIAS_RID_USERS, _
                                     0, 0, 0, 0, 0, 0, _
                                     lSid)

     If res = 1 Then
          sAcctName1 = Space$(255)
          sDomainName = Space$(255)
          cbAcctName = 255
          cbDomainName = 255
          res = LookupAccountSid(vbNullString, _
                                 lSid, _
                                 sAcctName1, _
                                 cbAcctName, _
                                 sDomainName, _
                                 cbDomainName, _
                                 peUse)

         If res = 1 Then
             GetLocaleForUsers = Left(sAcctName1, _
             InStr(sAcctName1, Chr(0)) - 1)
         End If
     End If
End Function

Private Sub Command1_Click()
     MsgBox GetLocaleForUsers
End Sub



Mon, 13 Feb 2012 11:39:59 GMT  
 (mayayana) RE: NT Permissions
   I don't quite get this. The AllocateAndInitializeSid
function is very odd and I don't see any explanation
in MSDN about the extra "authorities". Also, Randy
only has a few SECURITY_* constants. When I tried
his project I get "Administrators" for the account
name. But I don't know how to do a lookup that returns
Users/Usuarios, etc. And the SID structure is mysterious.
It's described as a "variable length value". It seems
to me that it should be possible to somehow translate
S-1-5-32-545 to an appropriate value and send the VarPtr
for that to LookupAccountName. I don't understand all this
rigmarole about getting the SID when they're pre-defined
values. Could you show me how you returned "Usuarios"?
Quote:

> > I'll search the web to see if I find a less complicated way.

> OK, I have a shorter code borrowed from:
> http://vbnet.mvps.org/index.html?code/network/isadministrator.htm

> Option Explicit

> Private Const SECURITY_BUILTIN_DOMAIN_RID    As Long = &H20&
> Private Const DOMAIN_ALIAS_RID_USERS         As Long = &H221&
> Private Const SECURITY_NT_AUTHORITY          As Long = &H5

> Private Type SID_IDENTIFIER_AUTHORITY
>     Value(6) As Byte
> End Type

> Private Declare Function LookupAccountSid Lib "advapi32.dll" _
>     Alias "LookupAccountSidA" _
>    (ByVal lpSystemName As String, _
>     ByVal Sid As Long, _
>     ByVal name As String, _
>     cbName As Long, _
>     ByVal ReferencedDomainName As String, _
>     cbReferencedDomainName As Long, _
>     peUse As Long) As Long

> Private Declare Function AllocateAndInitializeSid Lib "advapi32.dll" _
>    (pIdentifierAuthority As SID_IDENTIFIER_AUTHORITY, _
>     ByVal nSubAuthorityCount As Byte, _
>     ByVal nSubAuthority0 As Long, _
>     ByVal nSubAuthority1 As Long, _
>     ByVal nSubAuthority2 As Long, _
>     ByVal nSubAuthority3 As Long, _
>     ByVal nSubAuthority4 As Long, _
>     ByVal nSubAuthority5 As Long, _
>     ByVal nSubAuthority6 As Long, _
>     ByVal nSubAuthority7 As Long, _
>     lpPSid As Long) As Long

> Private Function GetLocaleForUsers() As String
>      Dim res As Long
>      Dim SIA As SID_IDENTIFIER_AUTHORITY
>      Dim lSid As Long
>      Dim sAcctName1 As String
>      Dim cbAcctName As Long
>      Dim sDomainName As String
>      Dim cbDomainName As Long
>      Dim peUse As Long

>      SIA.Value(5) = SECURITY_NT_AUTHORITY

>      res = AllocateAndInitializeSid(SIA, 2, _
>                                      SECURITY_BUILTIN_DOMAIN_RID, _
>                                      DOMAIN_ALIAS_RID_USERS, _
>                                      0, 0, 0, 0, 0, 0, _
>                                      lSid)

>      If res = 1 Then
>           sAcctName1 = Space$(255)
>           sDomainName = Space$(255)
>           cbAcctName = 255
>           cbDomainName = 255
>           res = LookupAccountSid(vbNullString, _
>                                  lSid, _
>                                  sAcctName1, _
>                                  cbAcctName, _
>                                  sDomainName, _
>                                  cbDomainName, _
>                                  peUse)

>          If res = 1 Then
>              GetLocaleForUsers = Left(sAcctName1, _
>              InStr(sAcctName1, Chr(0)) - 1)
>          End If
>      End If
> End Function

> Private Sub Command1_Click()
>      MsgBox GetLocaleForUsers
> End Sub



Mon, 13 Feb 2012 23:16:44 GMT  
 (mayayana) RE: NT Permissions
mayayana escribi:

Quote:
>    I don't quite get this. The AllocateAndInitializeSid

I don't know how the code works, I just used it.

Quote:
> When I tried
> his project I get "Administrators" for the account
> name. But I don't know how to do a lookup that returns
> Users/Usuarios, etc.

I pasted in my last post the modified code to get "Usuarios" (in
Spanish), in fact "Users" in the locale language.

Quote:
> Could you show me how you returned "Usuarios"?

With that code, it returns "Usuarios". I changed the constant at the
AllocateAndInitializeSid API call. It was DOMAIN_ALIAS_RID_ADMINS in
Randy's code but I changed it to DOMAIN_ALIAS_RID_USERS in my code.
I just used a part of Randy's code, not all. It's below:
Quote:
>> Option Explicit

>> Private Const SECURITY_BUILTIN_DOMAIN_RID    As Long = &H20&
>> Private Const DOMAIN_ALIAS_RID_USERS         As Long = &H221&
>> Private Const SECURITY_NT_AUTHORITY          As Long = &H5

>> Private Type SID_IDENTIFIER_AUTHORITY
>>     Value(6) As Byte
>> End Type

>> Private Declare Function LookupAccountSid Lib "advapi32.dll" _
>>     Alias "LookupAccountSidA" _
>>    (ByVal lpSystemName As String, _
>>     ByVal Sid As Long, _
>>     ByVal name As String, _
>>     cbName As Long, _
>>     ByVal ReferencedDomainName As String, _
>>     cbReferencedDomainName As Long, _
>>     peUse As Long) As Long

>> Private Declare Function AllocateAndInitializeSid Lib "advapi32.dll" _
>>    (pIdentifierAuthority As SID_IDENTIFIER_AUTHORITY, _
>>     ByVal nSubAuthorityCount As Byte, _
>>     ByVal nSubAuthority0 As Long, _
>>     ByVal nSubAuthority1 As Long, _
>>     ByVal nSubAuthority2 As Long, _
>>     ByVal nSubAuthority3 As Long, _
>>     ByVal nSubAuthority4 As Long, _
>>     ByVal nSubAuthority5 As Long, _
>>     ByVal nSubAuthority6 As Long, _
>>     ByVal nSubAuthority7 As Long, _
>>     lpPSid As Long) As Long

>> Private Function GetLocaleForUsers() As String
>>      Dim res As Long
>>      Dim SIA As SID_IDENTIFIER_AUTHORITY
>>      Dim lSid As Long
>>      Dim sAcctName1 As String
>>      Dim cbAcctName As Long
>>      Dim sDomainName As String
>>      Dim cbDomainName As Long
>>      Dim peUse As Long

>>      SIA.Value(5) = SECURITY_NT_AUTHORITY

>>      res = AllocateAndInitializeSid(SIA, 2, _
>>                                      SECURITY_BUILTIN_DOMAIN_RID, _
>>                                      DOMAIN_ALIAS_RID_USERS, _
>>                                      0, 0, 0, 0, 0, 0, _
>>                                      lSid)

>>      If res = 1 Then
>>           sAcctName1 = Space$(255)
>>           sDomainName = Space$(255)
>>           cbAcctName = 255
>>           cbDomainName = 255
>>           res = LookupAccountSid(vbNullString, _
>>                                  lSid, _
>>                                  sAcctName1, _
>>                                  cbAcctName, _
>>                                  sDomainName, _
>>                                  cbDomainName, _
>>                                  peUse)

>>          If res = 1 Then
>>              GetLocaleForUsers = Left(sAcctName1, _
>>              InStr(sAcctName1, Chr(0)) - 1)
>>          End If
>>      End If
>> End Function

>> Private Sub Command1_Click()
>>      MsgBox GetLocaleForUsers
>> End Sub



Tue, 14 Feb 2012 02:05:47 GMT  
 (mayayana) RE: NT Permissions
Quote:

> >    I don't quite get this. The AllocateAndInitializeSid

> I don't know how the code works, I just used it.

   :)

Quote:
> I changed the constant at the
> AllocateAndInitializeSid API call. It was DOMAIN_ALIAS_RID_ADMINS in
> Randy's code but I changed it to DOMAIN_ALIAS_RID_USERS in my code.

   OK, thanks. I didn't notice that. I may
try to research this some more when I have
a chance. It seems odd that the whole thing
is so obscure and complex.


Tue, 14 Feb 2012 09:32:36 GMT  
 (mayayana) RE: NT Permissions
Eduardo escribi:

Quote:
> I tried the code posted on:

> http://groups.google.com/group/microsoft.public.vb.general.discussion...

mayayana (or anyone else), do you have any idea about how to set the
default permissions back? (of course, from VB).


Wed, 15 Feb 2012 12:06:17 GMT  
 (mayayana) RE: NT Permissions
Eduardo escribi:

Quote:
> Eduardo escribi:
>> I tried the code posted on:

>> http://groups.google.com/group/microsoft.public.vb.general.discussion...

> mayayana (or anyone else), do you have any idea about how to set the
> default permissions back? (of course, from VB).

I found it.

I had to replace GENERIC_ALL Or STANDARD_RIGHTS_ALL with 0& (zero) in
the call to BuildExplicitAccessWithName. It seemingly removes the ACL entry.

Thanks.



Wed, 15 Feb 2012 15:19:46 GMT  
 (mayayana) RE: NT Permissions

Quote:

> mayayana (or anyone else), do you have any idea about how to set the
> default permissions back? (of course, from VB).

It's simple. Only change the permissions for a subfolder created by you, and
delete it afterward, unless the user wants to keep that folder or data.


Wed, 15 Feb 2012 21:12:48 GMT  
 (mayayana) RE: NT Permissions
Nobody escribi:

Quote:

>> mayayana (or anyone else), do you have any idea about how to set the
>> default permissions back? (of course, from VB).

> It's simple. Only change the permissions for a subfolder created by you, and
> delete it afterward, unless the user wants to keep that folder or data.

Yes, I need to keep the folder and its content.

But your solution is valid: create another folder, move all the content
there, delete the original folder, and name the new created folder with
the original name.

Anyway I fould how to remove the permissions as I commented in another post.

Thanks.



Wed, 15 Feb 2012 21:27:18 GMT  
 (mayayana) RE: NT Permissions

Quote:

> I had to replace GENERIC_ALL Or STANDARD_RIGHTS_ALL with 0& (zero) in the
> call to BuildExplicitAccessWithName. It seemingly removes the ACL entry.

That seems to mean no access at all. I suggest that you test in a VM just in
case you create a condition that you cannot delete the folder that you
created because of permissions issues, even if you are an administrator. I
am not sure how such a situation can be fixed, perhaps by formatting.

If you use SetACL, you can check the return codes to see if it's successful.



Wed, 15 Feb 2012 22:04:13 GMT  
 
 [ 25 post ]  Go to page: [1] [2]

 Relevant Pages 

1. mayayana, you may want to check Virtual PC

2. File Permissions in Win NT

3. Database permissions with VB4-16bit and NT.

4. Setting NT Security Permissions with VB

5. setting NT permissions through VB program - how??

6. An NT permissions issue

7. Settging NT permissions using code

8. Registry permissions on NT

9. NT File Permissions

10. Getting NT permissions via VB

11. NT permissions in VB?

12. NT File Permissions / Delete User Directories

 

 
Powered by phpBB® Forum Software