Jump to content
Sign in to follow this  
ripdad

Path_SecuritySettings

Recommended Posts

ripdad

Path_SecuritySettings

Released: February 03, 2011

This script exposes another world in WMI with $Obj.Get and Bit Switches

(native access not found in ScriptOmatic)

; Path_SecuritySettings
; Released: February 03, 2011
;
; [- Basic Info Example -]
;
; Refs: MSDN and 3 other sites

#RequireAdmin

Local $sPath = FileSelectFolder('Select Folder', '', 2, '')

MsgBox(8256, 'Results for Computer: ' & @ComputerName, Path_SecuritySettings($sPath))
Exit

Func Path_SecuritySettings($sPath)
    If StringInStr($sPath, '/') Then Return SetError(-1)
    If Not FileExists($sPath) Then Return SetError(-2)
    Local $oWS = ObjGet('winmgmts:{impersonationLevel = impersonate}!\\.\root\cimv2')
    If Not IsObj($oWS) Then Return SetError(-3)
    Local $oPath = $oWS.Get('Win32_LogicalFileSecuritySetting="' & StringReplace($sPath, '\', '\\') & '"')
    If Not IsObj($oPath) Then Return SetError(-4)
    Local $oPSD, $cnt = 0, $Output = 'Path: ' & $sPath & @CRLF & @CRLF
    If $oPath.GetSecurityDescriptor($oPSD) Then Return SetError(-5)
    For $oAce In $oPSD.DACL
        $cnt += 1
        If $oAce.AceType = 0 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS ALLOWED - '
        If $oAce.AceType = 1 Then $Output &= 'ACE#' & $cnt & ' - ' & 'ACCESS DENIED - '
        $Output &= $oAce.Trustee.Domain & '\' & $oAce.Trustee.Name & @CRLF
        $Output &= _GetFlags($oAce.AceFlags)
        $Output &= _GetAccess($oAce.AccessMask) & @CRLF & @CRLF
    Next
    Return $Output
EndFunc

Func _GetFlags($oAF, $str = '')
    If BitAND($oAF, 1) Then $str &= '- Child objects that are not containers inherit permissions -' & @CRLF
    If BitAND($oAF, 2) Then $str &= '- Child objects inherit and pass on permissions -' & @CRLF
    If BitAND($oAF, 4) Then $str &= '- Child objects inherit but do not pass on permissions -' & @CRLF
    If BitAND($oAF, 8) Then $str &= '- Object is not affected by but passes on permissions -' & @CRLF
    If BitAND($oAF, 16) Then $str &= '- Permissions have been inherited -' & @CRLF
    Return $str
EndFunc

Func _GetAccess($oAM, $str = '')
    If BitAND($oAM, 1) Then $str &= 'Read, ';           Read
    If BitAND($oAM, 2) Then $str &= 'Write, ';          Write
    If BitAND($oAM, 4) Then $str &= 'Append, ';         Append
    If BitAND($oAM, 8) Then $str &= 'ReadEA, ';         Read extended attributes
    If BitAND($oAM, 16) Then $str &= 'WriteEA, ';       Write extended attributes
    If BitAND($oAM, 32) Then $str &= 'Execute, ';       Execute
    If BitAND($oAM, 64) Then $str &= 'DeleteD, ';       Delete dir
    If BitAND($oAM, 128) Then $str &= 'ReadA, ';        Read attributes
    If BitAND($oAM, 256) Then $str &= 'WriteA, ';       Write attributes
    If BitAND($oAM, 65536) Then $str &= 'Delete, ';     Delete
    If BitAND($oAM, 131072) Then $str &= 'ReadS, ';     Read security
    If BitAND($oAM, 262144) Then $str &= 'WriteACL, ';  Write ACL
    If BitAND($oAM, 524288) Then $str &= 'WriteO, ';    Write owner
    If BitAND($oAM, 1048576) Then $str &= 'Sync';       Synchronize
    If StringRight($str, 1) = ',' Then $str = StringTrimRight($str, 1)
    Return $str
EndFunc

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites
twitchyliquid64

What do you mean by 'path security'? Do you mean making some folders inaccessible without elevation???


ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search

Share this post


Link to post
Share on other sites
ripdad

hyperzap,

It makes no changes - It only gives security information about files and folders.


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.