ripdad 86 Posted February 3, 2011 Path_SecuritySettings Released: February 03, 2011 This script exposes another world in WMI with $Obj.Get and Bit Switches (native access not found in ScriptOmatic) expandcollapse popup; Path_SecuritySettings ; Released: February 03, 2011 ; ; [- Basic Info Example -] ; ; Refs: MSDN and 3 other sites #RequireAdmin Local $sPath = FileSelectFolder('Select Folder', '', 2, '') MsgBox(8256, 'Results for Computer: ' & @ComputerName, Path_SecuritySettings($sPath)) Exit Func Path_SecuritySettings($sPath) If StringInStr($sPath, '/') Then Return SetError(-1) If Not FileExists($sPath) Then Return SetError(-2) Local $oWS = ObjGet('winmgmts:{impersonationLevel = impersonate}!\\.\root\cimv2') If Not IsObj($oWS) Then Return SetError(-3) Local $oPath = $oWS.Get('Win32_LogicalFileSecuritySetting="' & StringReplace($sPath, '\', '\\') & '"') If Not IsObj($oPath) Then Return SetError(-4) Local $oPSD, $cnt = 0, $Output = 'Path: ' & $sPath & @CRLF & @CRLF If $oPath.GetSecurityDescriptor($oPSD) Then Return SetError(-5) For $oAce In $oPSD.DACL $cnt += 1 If $oAce.AceType = 0 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS ALLOWED - ' If $oAce.AceType = 1 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS DENIED - ' $Output &= $oAce.Trustee.Domain & '\' & $oAce.Trustee.Name & @CRLF $Output &= _GetFlags($oAce.AceFlags) $Output &= _GetAccess($oAce.AccessMask) & @CRLF & @CRLF Next Return $Output EndFunc Func _GetFlags($oAF, $str = '') If BitAND($oAF, 1) Then $str &= '- Child objects that are not containers inherit permissions -' & @CRLF If BitAND($oAF, 2) Then $str &= '- Child objects inherit and pass on permissions -' & @CRLF If BitAND($oAF, 4) Then $str &= '- Child objects inherit but do not pass on permissions -' & @CRLF If BitAND($oAF, 8) Then $str &= '- Object is not affected by but passes on permissions -' & @CRLF If BitAND($oAF, 16) Then $str &= '- Permissions have been inherited -' & @CRLF Return $str EndFunc Func _GetAccess($oAM, $str = '') If BitAND($oAM, 1) Then $str &= 'Read, '; Read If BitAND($oAM, 2) Then $str &= 'Write, '; Write If BitAND($oAM, 4) Then $str &= 'Append, '; Append If BitAND($oAM, 8) Then $str &= 'ReadEA, '; Read extended attributes If BitAND($oAM, 16) Then $str &= 'WriteEA, '; Write extended attributes If BitAND($oAM, 32) Then $str &= 'Execute, '; Execute If BitAND($oAM, 64) Then $str &= 'DeleteD, '; Delete dir If BitAND($oAM, 128) Then $str &= 'ReadA, '; Read attributes If BitAND($oAM, 256) Then $str &= 'WriteA, '; Write attributes If BitAND($oAM, 65536) Then $str &= 'Delete, '; Delete If BitAND($oAM, 131072) Then $str &= 'ReadS, '; Read security If BitAND($oAM, 262144) Then $str &= 'WriteACL, '; Write ACL If BitAND($oAM, 524288) Then $str &= 'WriteO, '; Write owner If BitAND($oAM, 1048576) Then $str &= 'Sync'; Synchronize If StringRight($str, 1) = ',' Then $str = StringTrimRight($str, 1) Return $str EndFunc "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Share this post Link to post Share on other sites
twitchyliquid64 23 Posted February 4, 2011 What do you mean by 'path security'? Do you mean making some folders inaccessible without elevation??? ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search Share this post Link to post Share on other sites
ripdad 86 Posted February 5, 2011 hyperzap, It makes no changes - It only gives security information about files and folders. "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Share this post Link to post Share on other sites
