Set Acl permissions UDF

[Biatu]

1 hour ago, Bowmore said:

@Biatu

Does this give you what you are looking for?

$sName = ObjName()

 

Basically im creating a wrapper for this UDF so I can use it via console, I should have clarified lol, is there a way to get the SE_OBJECT_TYPE from a string (command line arg) detecting a file/path and registry are pretty straight forward, but I was wonding if there was a way to automatically detect the type before calling GrantAll

Edited April 22, 2017 by Biatu

[YawStar]

Some files that named with unicode character can not be set permission.

Sorry for my english.

[AdamUL]

Please post an example showing the issue.  

 

Adam

 

[YawStar]

Sorry for late this is my script.

#Include <Permissions.au3>
$ret_Val = _DenyAllAccess(@ScriptDir & "\#Apink&#39;s Eunji Tuto! DAILY BEST Video   YouTube.mp4")
If $ret_Val = 1 Then
    MsgBox(0, "Permission", "Successful.")
EndIf

If $ret_Val = 0 Then
    MsgBox(16, "Permission", "Failure.")
EndIf

 

#Apink's Eunji Tuto! DAILY BEST Video YouTube.mp4

[AdamUL]

It looks like you forgot _InitiatePermissionResources and _ClosePermissionResources function calls at the beginning and ending of your script.  Give this a try.  

#Include <Permissions.au3>

_InitiatePermissionResources()

$ret_Val = _DenyAllAccess(@ScriptDir & "\#Apink's Eunji Tuto! DAILY BEST Video   YouTube.mp4")
If $ret_Val = 1 Then
    MsgBox(0, "Permission", "Successful.")
EndIf

If $ret_Val = 0 Then
    MsgBox(16, "Permission", "Failure.")
EndIf

_ClosePermissionResources()

 

Adam

 

[YawStar]

Sorry for late. I have traveled to no internet region. I tried with your suggest script. But not working. I added #RequireAdmin ,  _InitiatePermissionResources() and _ClosePermissionResources() in my second script but not working. And then I added FileOpenDialog(). When i chose "171029 걸크러) 엉덩이(지아) 밀리오레신발 직캠.txt" in ScriptDir, the return value is 0. But when i change file name "171029 걸크러) 엉덩이(지아) 밀리오레신발 직캠.txt" to "English File Name Changed.txt", the return value is 1.

My OS is Windows 10 RS4 (x64)

My Autoit Version is 3.3.14.5

Can permission.au3 used in Window 10 RS 4 (x64)? I have no test other windows.

Here is my second Script

#NoTrayIcon
#RequireAdmin
#include "RESOURCES\UDF\Permissions.au3"

_InitiatePermissionResources()
$file= FileOpenDialog("Chose File", @ScriptDir, "All files (*.*)")
If Not @error Then $ret_Val = _DenyAllAccess($file, $SE_FILE_OBJECT)
If $ret_Val = 1 Then
    MsgBox(64, "Permission", "Successful.")
EndIf

If $ret_Val = 0 Then
    MsgBox(16, "Permission", "Failure.")
EndIf

_ClosePermissionResources()

 

171029 걸크러) 엉덩이(지아) 밀리오레신발 직캠.txt

[AdamUL]

It looks like the DLL call in _SetObjectSecurity uses SetNamedSecurityInfo, and does not use the Unicode function SetNamedSecurityInfoW.  Try the following updated function, and see if it work.  

expandcollapse popup

; #FUNCTION# ====================================================================================================================
; Name...........: _SetObjectSecurity
; Description ...: Sets the security info of an object
; Syntax.........: _SetObjectSecurity($oName, $_SE_OBJECT_TYPE, $SECURITY_INFORMATION, $pOwner = 0, $pGroup = 0, $Dacl = 0,$Sacl = 0)
; Parameters ....:  $oName   - The name or handle to the object. This can be a path to a file or folder, a registry key,
;                   + a service name, a process handle, etc. See the comments on the _SE_OBJECT_TYPE enum for more info.
;                   $_SE_OBJECT_TYPE - The type of the object to set permissions. This must be one of the values of the
;                   +_SE_OBJECT_TYPE enum. The default is $SE_FILE_OBJECT (a file or folder).
;                   $SECURITY_INFORMATION - A combination of the Security information constants. This combination must match the
;                   +info to set. ie, to set the owner and the Dacl it must be BitOR($OWNER_SECURITY_INFORMATION,$DACL_SECURITY_INFORMATION)
;                   $pOwner (Optional) - A pointer to a SID that identifies the owner of the object.
;                   $pGroup (Optional) - A pointer to a SID that identifies the primary group of the object.
;                   $Dacl (Optional) - A pointer to the new DACL for the object.
;                   $Sacl (Optional) - A pointer to the new SACL for the object.
; Return values .: Success      - 1
;                  Failure      - 0 and sets @error
; Author ........: FredAI
; Modified.......:
; Remarks .......:
; Related .......: _SetObjectSecurityDescriptor
; Link ..........:
; Example .......:
; ===============================================================================================================================
Func _SetObjectSecurity($oName, $_SE_OBJECT_TYPE, $SECURITY_INFORMATION, $pOwner = 0, $pGroup = 0, $Dacl = 0, $Sacl = 0)
    Local $aCall
    If $ResourcesState = 0 Then _InitiatePermissionResources()
    If $Dacl And Not _IsValidAcl($Dacl) Then Return 0
    If $Sacl And Not _IsValidAcl($Sacl) Then Return 0
    If IsPtr($oName) Then ; If it's a handle object
        $aCall = DllCall($h__Advapi32Dll,'dword','SetSecurityInfo','handle',$oName,'dword',$_SE_OBJECT_TYPE, _
        'dword',$SECURITY_INFORMATION,'ptr',$pOwner,'ptr',$pGroup,'ptr',$Dacl,'ptr',$Sacl)
    Else ;If it's a named object
        If $_SE_OBJECT_TYPE = $SE_REGISTRY_KEY Then $oName = _Security_RegKeyName($oName)
        $aCall = DllCall($h__Advapi32Dll,'dword','SetNamedSecurityInfoW','str',$oName,'dword',$_SE_OBJECT_TYPE, _
        'dword',$SECURITY_INFORMATION,'ptr',$pOwner,'ptr',$pGroup,'ptr',$Dacl,'ptr',$Sacl)
    EndIf
    If @error Then Return SetError(1,0,0)
    If $aCall[0] And $pOwner Then ; If failed, set owner and try again
        If _SetObjectOwner($oName, $_SE_OBJECT_TYPE,_SidToStringSid($pOwner)) Then _
        Return _SetObjectSecurity($oName, $_SE_OBJECT_TYPE, $SECURITY_INFORMATION - 1, 0, $pGroup, $Dacl, $Sacl)
    EndIf
    Return SetError($aCall[0] , 0, Number($aCall[0] = 0))
EndFunc ;==> _SetObjectSecurity

 

Adam

[Dellroc]

 

Please tell me where I was wrong. I can not assign a right to a service.

#include <Array.au3>
#include <Permissions.au3>
#include <Security.au3>

Opt('MustDeclareVars',1)
Opt('TrayIconHide',1)

Global $gDACL
Global $gPerm[0][3]
Global $tAr
Global $tAr = _Security__LookupAccountName('Test')
Global $tPerm[1][3]=[[$tAr[0],1,131581]]

;~ _ArrayDisplay($tPerm,'$tPerm')

If _SetObjectPermissions('AdobeARMservice', $SE_SERVICE, $tPerm) = 1 Then
    ConsoleWrite('Good'&@error&@CRLF)
Else
    ConsoleWrite('Bad '&@error&@CRLF)
EndIf

$gDACL = _GetObjectDACL('\\'&@ComputerName&'\AdobeARMservice',$SE_SERVICE)
_MergeDaclToArray($gDACL, $gPerm)
For $i=0 To UBound($gPerm)-1
    $gPerm[$i][0] = _Security__SidToStringSid($gPerm[$i][0])
    $tAr = _Security__LookupAccountSid($gPerm[$i][0])
    $gPerm[$i][0] = $tAr[1]&'\'&$tAr[0] ; Domain\Username
Next

_ArrayDisplay($gPerm,'$gPerm')

 

[YawStar]

Thank Adam.

I replaced

_SetObjectSecurity

  Function. But still not working.
 

[AdamUL]

Your welcome, sorry it didn't help.  

I did some more searching in the UDF, and there are quite a few DllCall function calls that are not using the Unicode function.  Right now, I do not have time to search through the whole UDF to find them.  You can search on DllCall in SciTE and then google the function name in the DLLCall.  You should get the MSDN page for the function, and at the bottom of the page it will tell if there is a Unicode version of the function.  Usually it will be the function name ending with a capital W.  If there is a Unicode version, replace function name with that one in the DllCall.  Usually you just have to add a capital "W" to the end of the name.  

Sorry, I can not do more right now.

 

Adam

 

Edited April 20, 2018 by AdamUL
missing words

[YawStar]

Thank. AdamUL

[AdamUL]

@YawStar  I tried updating the DllCalls with the Unicode function names, and it did not work.  After I updated the names, and started a test script, the script caused AutoIt to crash.  Most likely, there something else in the dll call that needs to be changed, but I'm not sure what that is.  

 

Adam

 

[AdamUL]

@YawStar  I changed the data types in the dll call, and was able to get some test scripts to work without issue.  I have attached the updated UDF.  Please test to see if it works for you.  

Permissions-Unicode.au3

 

Adam

 

Edited May 1, 2018 by AdamUL

[YawStar]

Thank @AdamUL It is working now. Have a nice day.

Edited April 25, 2018 by YawStar

[YawStar]

@AdamUL If you have time, may i have next question?

When I get Object Owner using this udf

$ObjOwner = _GetObjectOwner("D:\test.txt")

MsgBox(0, "Owner", $ObjOwner)

 

The Output Message is S-1-5-32-545

I know it is Administrators but how can i convert S-1-5-32-545 to Administrators.

I want to convert StringSid to String.

Edited April 25, 2018 by YawStar

[AdamUL]

Glad the UDF is working for you.  

Use _Security__LookupAccountSid.  Here's an example script.  

#RequireAdmin
#include <Security.au3>
#Include <Permissions.au3>

_InitiatePermissionResources()

Global $oOwner = _GetObjectOwner("D:\test.txt")
Global $aAcct = _Security__LookupAccountSid($oOwner)
Global $sAcct = ""
If IsArray($aAcct) Then $sAcct = ($aAcct[1] <> "" ? $aAcct[1] & "\" : "" ) & $aAcct[0]  

MsgBox(0, "Owner", $sAcct)

_ClosePermissionResources()

 

Adam

[YawStar]

Thank again @adam

It is working. Sorry for late.

[Shark007]

For quite some time now, Windows has locked-down most system files and many registry keys to TrustedInstaller. I had a need to disable some OS files (by adding .bak) and edit some Registry Keys and this UDF allowed that, with a few modifications to meet my needs.

 

Edited February 2, 2021 by Shark007

[Valnurat]

How do you use this UDF to get the permissions on a folder? I 'm looking for the groups and users added to a folder.

[AdamUL]

Sorry, but currently I do not know of any functions in this UDF that will give the individual permissions directly.  You can read them with the UDF.  I have examples in this thread that show how to search for a user or group and change their permissions.  Functions would need to be created to show the individual permissions.  

 

Adam