ripdad Posted February 3, 2011 Posted February 3, 2011 Path_SecuritySettings Released: February 03, 2011 This script exposes another world in WMI with $Obj.Get and Bit Switches (native access not found in ScriptOmatic) expandcollapse popup; Path_SecuritySettings ; Released: February 03, 2011 ; ; [- Basic Info Example -] ; ; Refs: MSDN and 3 other sites #RequireAdmin Local $sPath = FileSelectFolder('Select Folder', '', 2, '') MsgBox(8256, 'Results for Computer: ' & @ComputerName, Path_SecuritySettings($sPath)) Exit Func Path_SecuritySettings($sPath) If StringInStr($sPath, '/') Then Return SetError(-1) If Not FileExists($sPath) Then Return SetError(-2) Local $oWS = ObjGet('winmgmts:{impersonationLevel = impersonate}!\\.\root\cimv2') If Not IsObj($oWS) Then Return SetError(-3) Local $oPath = $oWS.Get('Win32_LogicalFileSecuritySetting="' & StringReplace($sPath, '\', '\\') & '"') If Not IsObj($oPath) Then Return SetError(-4) Local $oPSD, $cnt = 0, $Output = 'Path: ' & $sPath & @CRLF & @CRLF If $oPath.GetSecurityDescriptor($oPSD) Then Return SetError(-5) For $oAce In $oPSD.DACL $cnt += 1 If $oAce.AceType = 0 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS ALLOWED - ' If $oAce.AceType = 1 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS DENIED - ' $Output &= $oAce.Trustee.Domain & '\' & $oAce.Trustee.Name & @CRLF $Output &= _GetFlags($oAce.AceFlags) $Output &= _GetAccess($oAce.AccessMask) & @CRLF & @CRLF Next Return $Output EndFunc Func _GetFlags($oAF, $str = '') If BitAND($oAF, 1) Then $str &= '- Child objects that are not containers inherit permissions -' & @CRLF If BitAND($oAF, 2) Then $str &= '- Child objects inherit and pass on permissions -' & @CRLF If BitAND($oAF, 4) Then $str &= '- Child objects inherit but do not pass on permissions -' & @CRLF If BitAND($oAF, 8) Then $str &= '- Object is not affected by but passes on permissions -' & @CRLF If BitAND($oAF, 16) Then $str &= '- Permissions have been inherited -' & @CRLF Return $str EndFunc Func _GetAccess($oAM, $str = '') If BitAND($oAM, 1) Then $str &= 'Read, '; Read If BitAND($oAM, 2) Then $str &= 'Write, '; Write If BitAND($oAM, 4) Then $str &= 'Append, '; Append If BitAND($oAM, 8) Then $str &= 'ReadEA, '; Read extended attributes If BitAND($oAM, 16) Then $str &= 'WriteEA, '; Write extended attributes If BitAND($oAM, 32) Then $str &= 'Execute, '; Execute If BitAND($oAM, 64) Then $str &= 'DeleteD, '; Delete dir If BitAND($oAM, 128) Then $str &= 'ReadA, '; Read attributes If BitAND($oAM, 256) Then $str &= 'WriteA, '; Write attributes If BitAND($oAM, 65536) Then $str &= 'Delete, '; Delete If BitAND($oAM, 131072) Then $str &= 'ReadS, '; Read security If BitAND($oAM, 262144) Then $str &= 'WriteACL, '; Write ACL If BitAND($oAM, 524288) Then $str &= 'WriteO, '; Write owner If BitAND($oAM, 1048576) Then $str &= 'Sync'; Synchronize If StringRight($str, 1) = ',' Then $str = StringTrimRight($str, 1) Return $str EndFunc "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
twitchyliquid64 Posted February 4, 2011 Posted February 4, 2011 What do you mean by 'path security'? Do you mean making some folders inaccessible without elevation??? ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
ripdad Posted February 5, 2011 Author Posted February 5, 2011 hyperzap, It makes no changes - It only gives security information about files and folders. "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now