Path_SecuritySettings

February 3, 2011

Released: February 03, 2011

This script exposes another world in WMI with $Obj.Get and Bit Switches

(native access not found in ScriptOmatic)

; Path_SecuritySettings
; Released: February 03, 2011
;
; [- Basic Info Example -]
;
; Refs: MSDN and 3 other sites

#RequireAdmin

Local $sPath = FileSelectFolder('Select Folder', '', 2, '')

MsgBox(8256, 'Results for Computer: ' & @ComputerName, Path_SecuritySettings($sPath))
Exit

Func Path_SecuritySettings($sPath)
    If StringInStr($sPath, '/') Then Return SetError(-1)
    If Not FileExists($sPath) Then Return SetError(-2)
    Local $oWS = ObjGet('winmgmts:{impersonationLevel = impersonate}!\\.\root\cimv2')
    If Not IsObj($oWS) Then Return SetError(-3)
    Local $oPath = $oWS.Get('Win32_LogicalFileSecuritySetting="' & StringReplace($sPath, '\', '\\') & '"')
    If Not IsObj($oPath) Then Return SetError(-4)
    Local $oPSD, $cnt = 0, $Output = 'Path: ' & $sPath & @CRLF & @CRLF
    If $oPath.GetSecurityDescriptor($oPSD) Then Return SetError(-5)
    For $oAce In $oPSD.DACL
        $cnt += 1
        If $oAce.AceType = 0 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS ALLOWED - '
        If $oAce.AceType = 1 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS DENIED - '
        $Output &= $oAce.Trustee.Domain & '\' & $oAce.Trustee.Name & @CRLF
        $Output &= _GetFlags($oAce.AceFlags)
        $Output &= _GetAccess($oAce.AccessMask) & @CRLF & @CRLF
    Next
    Return $Output
EndFunc

Func _GetFlags($oAF, $str = '')
    If BitAND($oAF, 1) Then $str &= '- Child objects that are not containers inherit permissions -' & @CRLF
    If BitAND($oAF, 2) Then $str &= '- Child objects inherit and pass on permissions -' & @CRLF
    If BitAND($oAF, 4) Then $str &= '- Child objects inherit but do not pass on permissions -' & @CRLF
    If BitAND($oAF, 8) Then $str &= '- Object is not affected by but passes on permissions -' & @CRLF
    If BitAND($oAF, 16) Then $str &= '- Permissions have been inherited -' & @CRLF
    Return $str
EndFunc

Func _GetAccess($oAM, $str = '')
    If BitAND($oAM, 1) Then $str &= 'Read, ';           Read
    If BitAND($oAM, 2) Then $str &= 'Write, ';          Write
    If BitAND($oAM, 4) Then $str &= 'Append, ';         Append
    If BitAND($oAM, 8) Then $str &= 'ReadEA, ';         Read extended attributes
    If BitAND($oAM, 16) Then $str &= 'WriteEA, ';       Write extended attributes
    If BitAND($oAM, 32) Then $str &= 'Execute, ';       Execute
    If BitAND($oAM, 64) Then $str &= 'DeleteD, ';       Delete dir
    If BitAND($oAM, 128) Then $str &= 'ReadA, ';        Read attributes
    If BitAND($oAM, 256) Then $str &= 'WriteA, ';       Write attributes
    If BitAND($oAM, 65536) Then $str &= 'Delete, ';     Delete
    If BitAND($oAM, 131072) Then $str &= 'ReadS, ';     Read security
    If BitAND($oAM, 262144) Then $str &= 'WriteACL, ';  Write ACL
    If BitAND($oAM, 524288) Then $str &= 'WriteO, ';    Write owner
    If BitAND($oAM, 1048576) Then $str &= 'Sync';       Synchronize
    If StringRight($str, 1) = ',' Then $str = StringTrimRight($str, 1)
    Return $str
EndFunc

February 4, 2011

What do you mean by 'path security'? Do you mean making some folders inaccessible without elevation???

February 5, 2011

hyperzap,

It makes no changes - It only gives security information about files and folders.

Sign In

Path_SecuritySettings

3 posts in this topic

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

AutoIt Resources

Release

Beta