Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

HowTo use setACL.exe from AutoIt...


  • Please log in to reply
3 replies to this topic

#1 cherdeg

cherdeg

    Polymath

  • Active Members
  • PipPipPipPip
  • 246 posts

Posted 26 June 2008 - 08:31 AM

Hi alltogether,

I would like to contribute some lines of my code to the community (as I have noticed that several people had problems using setacl.exe from within AutoIt). Probably there are more includes than neccessary...feel free to cleanup here as well as in other areas...

To use it you will have to copy the x86 and x64 versions of setacl.exe to a tools-directory with the following names: "SetACL-x64.exe" and "SetACL-x32.exe".

AutoIt         
#include <Constants.au3> #include <GUIConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <String.au3> #include <file.au3> #include <Array.au3> ; Define global variables ; ================================================================================================== Global $s_ini_file = "setacls.ini" Global $s_ini_sections = IniReadSectionNames($s_ini_file) ; Run da shi-i-iiit! ; ================================================================================================== _setACLs() ; Function _setACLs to harden ACLs on security relevant files and directories specified in the INI-File ; ============================================================================================== Func _setACLs()     ; Create an array for the objects to change the ACLs on     ; Check how many of the 20 possible Objects are defined in the INI-File ($counter)     Local $counter = 0     For $j = 0 To 19         $actualACLobject = "ACLobject_" & $j         If IniRead($s_ini_file, "Settings", $actualACLobject, "") <> '' Then             $counter = $counter + 1         EndIf     Next     ; Create the array $arrACLobjects (dynamically in size depending on $counter's value)     Local $arrACLobjects[$counter]     For $j = 0 To $counter         $actualACLobject = "ACLobject_" & $j         If IniRead($s_ini_file, "Settings", $actualACLobject, "") <> '' Then             $arrACLobjects[$j] = IniRead($s_ini_file, "Settings", $actualACLobject, "")         EndIf     Next         ; Set a variable containing the right filename for SetACL.exe depending on the local machines bit count (x32 or x64)     $s_ToolsShare = IniRead($s_ini_file, "Settings", "ToolsShare", "")     If Not _OSBits() = 32 Then         $s_ACLtool = "SetACL-x64.exe"     Else         $s_ACLtool = "SetACL-x32.exe"     EndIf     ; Set the ACLs for all objects specified in the INI-File     For $i = 0 To UBound($arrACLobjects) - 1         $InfoValue = "Setting File and Directory ACLs..."         _InfoGui($InfoValue)         ; revoke AllAccess for  "Everyone", "Users" and "Power Users"         ; set FullAccess for    "Administrators" and "System"         ; remove inherited permissions         ; inherit the new ones recursivly         $cmd = $s_ToolsShare & "\" & $s_ACLtool & " -on """ & $arrACLobjects[$i] & """ -ot file -actn ace -ace ""n:everyone;m:revoke"" -ace ""n:users;m:revoke"" -ace ""n:power users;m:revoke"" -ace ""n:S-1-5-32-544;p:full;s:y"" -ace ""n:S-1-5-18;p:full;s:y"" -actn setprot -op ""dacl:p_nc;sacl:p_nc"" -rec cont_obj"         RunWait(@ComSpec & " /c " & $cmd, "", @SW_SHOW)         GUIDelete()     Next EndFunc   ;==>_setACLs ; Function _OSBits to check if the host's OS is 32 or 64bits, returns "64" or "32" ; ============================================================================================== Func _OSBits()     Local $tOS = DllStructCreate("char[256]")     Local $aGSWD = DllCall("Kernel32.dll", "int", "GetSystemWow64Directory", "ptr", DllStructGetPtr($tOS), "int", 256)     If IsArray($aGSWD) And DllStructGetData($tOS, 1) Then Return 64     Return 32 EndFunc   ;==>_OSBits ; Function _InfoGUI to display an info about the task currently processed. ; ============================================================================================== Func _InfoGUI($InfoValue)     GUICreate("", 300, 100, -1, -1, $WS_Popup, $WS_EX_TOOLWINDOW, "")     GUICtrlCreateLabel($InfoValue, 0, 45, 300, -1, $SS_Center)     GUISetState(@SW_SHOW)     Sleep(500) EndFunc   ;==>_InfoGUI


Also you would need an INI-file looking like this:

CODE
;####################################ACL Settings####################################
; Here up to 20 objects may be defined to set ACLs on. The ACLs of the objects defined
; here are set to to the following ITSC104 compliant values:
;
; "COMPUTERNAME\System" = FullAccess
; "COMPUTERNAME\Administrators" = FullAccess
; "COMPUTERNAME\Users" = NoAccess
; "COMPUTERNAME\PowerUsers" = NoAccess
; "COMPUTERNAME\Everyone" = NoAccess
;
[Settings]
ACLobject_0=c:\AUTOEXEC.BAT
ACLobject_1=c:\boot.ini
ACLobject_2=c:\CONFIG.SYS
ACLobject_3=c:\IO.SYS
ACLobject_4=c:\MSDOS.SYS
ACLobject_5=c:\NTDETECT.COM
ACLobject_6=c:\ntldr
ACLobject_7=c:\WINDOWS\repair
ACLobject_8=c:\WINDOWS\security
ACLobject_9=c:\WINDOWS\system32\config
ACLobject_10=c:\WINDOWS\system32\dllcache
ACLobject_11=c:\WINDOWS\system32\GroupPolicy
ACLobject_12=
ACLobject_13=
ACLobject_14=
ACLobject_15=
ACLobject_16=
ACLobject_17=
ACLobject_18=
ACLobject_19=
;
; The "ToolsShare" item shouldn't end with a \ or your would have to change the $cmd = [...] line accordingly!
;
ToolsShare=\\server\share\directory


Best Regards,

Chris

Edited by cherdeg, 26 June 2008 - 08:38 AM.








#2 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 12 July 2008 - 11:42 PM

Hi.

Last time I used SetACL I suddenly lost permissions for everything under Windows XP. Even under the default Administrator account. I didn't even had permissions to restart my computer! I entered into safe mode. Deleted the folder I have set permissions on with SetACL. And finally my computer was usable again.

#3 maydayy

maydayy

    Seeker

  • New Members
  • 2 posts

Posted 30 October 2009 - 07:44 AM

Hello. I am tryng to give privilages for all users on a folder. I can't make it work.
Can you please help me?
this is the code

#include <Constants.au3> #include <GUIConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <String.au3> #include <file.au3> #include <Array.au3>     $set = @DesktopDir & "/setacl/SetACL.exe" $dir = @ProgramFilesDir & "/oracle" msgbox(0, "", @error) $cmd = $set "-on """ & $dir & """-ot file -actn ace -ace ""n:users;p:full"" RunWait(@ComSpec & " /c " & $cmd, "", @SW_SHOW) msgbox(0, "", @error)


the error I get is:
"C:\Documents and Settings\User\Desktop\setacl\setacl_pilot.au3 (24) : ==> Unterminated string.:
$cmd = $set "-on """ & $dir & """-ot file -actn ace -ace ""n:users;p:full"" "

#4 wakillon

wakillon

    Tiny Tools Coder

  • Active Members
  • PipPipPipPipPipPip
  • 2,856 posts

Posted 25 March 2010 - 04:45 PM

give privilages for all users on a folder.

Try this

AutoIt         
$set = @DesktopDir & "\setacl\SetACL.exe" $dir = @ProgramFilesDir & "\oracle" $user = 'everyone' ; 'tout le monde' $cmd = FileGetShortName ( $set ) & ' -on ' & '"' & $dir & '"' & ' -ot file -actn ace -ace "n:' & $user & ';p:full"' _SetACL ( $cmd, @Homedrive & '\SetACL.log' ) Exit Func _SetACL ( $cmd, $_OutputLogPath )     FileDelete ( $_OutputLogPath )     ConsoleWrite ( "+---- $cmd : " & $cmd & @Crlf )     RunWait ( @ComSpec & " /c " & $cmd & ' >' & $_OutputLogPath, '', @SW_HIDE )     ConsoleWrite ( "+---- ReadOutPutLog : " & @Crlf & _ReadOutPutLog ( $_OutputLogPath ) & @Crlf ) EndFunc ;==> _SetACL ( ) Func _ReadOutPutLog ( $_AclOutputFile )     $_FileOpen = FileOpen ( $_AclOutputFile, 0 )     If @error Then Return ''     $_Return = FileRead ( $_FileOpen )     If @error Then Return ''     FileClose ( $_FileOpen )     Return $_Return EndFunc ;==> _ReadOutPutLog ( )

Edited by wakillon, 25 March 2010 - 04:54 PM.

       AutoIt Version : 3.3.12.0 / Beta 3.3.13.16 SciTE 3.4.1 OS:WIN7/WIN8.1 CPU:X64 OS:X64





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users