Jump to content

Set Acl permissions UDF


Recommended Posts

1 hour ago, Bowmore said:

@Biatu

Does this give you what you are looking for?

$sName = ObjName()

 

Basically im creating a wrapper for this UDF so I can use it via console, I should have clarified lol, is there a way to get the SE_OBJECT_TYPE from a string (command line arg) detecting a file/path and registry are pretty straight forward, but I was wonding if there was a way to automatically detect the type before calling GrantAll

Edited by Biatu

What is what? What is what.

Link to post
Share on other sites
  • 11 months later...
  • Replies 193
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Hi. I've been working on this for a while. I think now it's good enough to post it here. Functions to do most everything with the DACL and ownership on all types of objects: Files or folders, Regist

@Terenz Now with the change to the UDF above mentioned above.  Here is an example that I think will do what you need.   #RequireAdmin #include 'Permissions.au3' _InitiatePermi

@Terenz I just noticed an issue with the script I posted for you.  I didn't have the return value for _EditObjectPermissions in the MsgBox.  I edited my post to add this.   I think I was able to

Posted Images

It looks like you forgot _InitiatePermissionResources and _ClosePermissionResources function calls at the beginning and ending of your script.  Give this a try.  

#Include <Permissions.au3>

_InitiatePermissionResources()

$ret_Val = _DenyAllAccess(@ScriptDir & "\#Apink's Eunji Tuto! DAILY BEST Video   YouTube.mp4")
If $ret_Val = 1 Then
    MsgBox(0, "Permission", "Successful.")
EndIf

If $ret_Val = 0 Then
    MsgBox(16, "Permission", "Failure.")
EndIf

_ClosePermissionResources()

 

Adam

 

Link to post
Share on other sites

Sorry for late. I have traveled to no internet region. I tried with your suggest script. But not working. I added #RequireAdmin ,  _InitiatePermissionResources() and _ClosePermissionResources() in my second script but not working. And then I added FileOpenDialog(). When i chose "171029 걸크러) 엉덩이(지아) 밀리오레신발 직캠.txt" in ScriptDir, the return value is 0. But when i change file name "171029 걸크러) 엉덩이(지아) 밀리오레신발 직캠.txt" to "English File Name Changed.txt", the return value is 1.

My OS is Windows 10 RS4 (x64)

My Autoit Version is 3.3.14.5

Can permission.au3 used in Window 10 RS 4 (x64)? I have no test other windows.

Here is my second Script

#NoTrayIcon
#RequireAdmin
#include "RESOURCES\UDF\Permissions.au3"

_InitiatePermissionResources()
$file= FileOpenDialog("Chose File", @ScriptDir, "All files (*.*)")
If Not @error Then $ret_Val = _DenyAllAccess($file, $SE_FILE_OBJECT)
If $ret_Val = 1 Then
    MsgBox(64, "Permission", "Successful.")
EndIf

If $ret_Val = 0 Then
    MsgBox(16, "Permission", "Failure.")
EndIf

_ClosePermissionResources()

 

171029 걸크러) 엉덩이(지아) 밀리오레신발 직캠.txt

Link to post
Share on other sites

It looks like the DLL call in _SetObjectSecurity uses SetNamedSecurityInfo, and does not use the Unicode function SetNamedSecurityInfoW.  Try the following updated function, and see if it work.  

; #FUNCTION# ====================================================================================================================
; Name...........: _SetObjectSecurity
; Description ...: Sets the security info of an object
; Syntax.........: _SetObjectSecurity($oName, $_SE_OBJECT_TYPE, $SECURITY_INFORMATION, $pOwner = 0, $pGroup = 0, $Dacl = 0,$Sacl = 0)
; Parameters ....:  $oName   - The name or handle to the object. This can be a path to a file or folder, a registry key,
;                   + a service name, a process handle, etc. See the comments on the _SE_OBJECT_TYPE enum for more info.
;                   $_SE_OBJECT_TYPE - The type of the object to set permissions. This must be one of the values of the
;                   +_SE_OBJECT_TYPE enum. The default is $SE_FILE_OBJECT (a file or folder).
;                   $SECURITY_INFORMATION - A combination of the Security information constants. This combination must match the
;                   +info to set. ie, to set the owner and the Dacl it must be BitOR($OWNER_SECURITY_INFORMATION,$DACL_SECURITY_INFORMATION)
;                   $pOwner (Optional) - A pointer to a SID that identifies the owner of the object.
;                   $pGroup (Optional) - A pointer to a SID that identifies the primary group of the object.
;                   $Dacl (Optional) - A pointer to the new DACL for the object.
;                   $Sacl (Optional) - A pointer to the new SACL for the object.
; Return values .: Success      - 1
;                  Failure      - 0 and sets @error
; Author ........: FredAI
; Modified.......:
; Remarks .......:
; Related .......: _SetObjectSecurityDescriptor
; Link ..........:
; Example .......:
; ===============================================================================================================================
Func _SetObjectSecurity($oName, $_SE_OBJECT_TYPE, $SECURITY_INFORMATION, $pOwner = 0, $pGroup = 0, $Dacl = 0, $Sacl = 0)
    Local $aCall
    If $ResourcesState = 0 Then _InitiatePermissionResources()
    If $Dacl And Not _IsValidAcl($Dacl) Then Return 0
    If $Sacl And Not _IsValidAcl($Sacl) Then Return 0
    If IsPtr($oName) Then ; If it's a handle object
        $aCall = DllCall($h__Advapi32Dll,'dword','SetSecurityInfo','handle',$oName,'dword',$_SE_OBJECT_TYPE, _
        'dword',$SECURITY_INFORMATION,'ptr',$pOwner,'ptr',$pGroup,'ptr',$Dacl,'ptr',$Sacl)
    Else ;If it's a named object
        If $_SE_OBJECT_TYPE = $SE_REGISTRY_KEY Then $oName = _Security_RegKeyName($oName)
        $aCall = DllCall($h__Advapi32Dll,'dword','SetNamedSecurityInfoW','str',$oName,'dword',$_SE_OBJECT_TYPE, _
        'dword',$SECURITY_INFORMATION,'ptr',$pOwner,'ptr',$pGroup,'ptr',$Dacl,'ptr',$Sacl)
    EndIf
    If @error Then Return SetError(1,0,0)
    If $aCall[0] And $pOwner Then ; If failed, set owner and try again
        If _SetObjectOwner($oName, $_SE_OBJECT_TYPE,_SidToStringSid($pOwner)) Then _
        Return _SetObjectSecurity($oName, $_SE_OBJECT_TYPE, $SECURITY_INFORMATION - 1, 0, $pGroup, $Dacl, $Sacl)
    EndIf
    Return SetError($aCall[0] , 0, Number($aCall[0] = 0))
EndFunc ;==> _SetObjectSecurity

 

Adam

Link to post
Share on other sites

 

Please tell me where I was wrong. I can not assign a right to a service.

#include <Array.au3>
#include <Permissions.au3>
#include <Security.au3>

Opt('MustDeclareVars',1)
Opt('TrayIconHide',1)

Global $gDACL
Global $gPerm[0][3]
Global $tAr
Global $tAr = _Security__LookupAccountName('Test')
Global $tPerm[1][3]=[[$tAr[0],1,131581]]

;~ _ArrayDisplay($tPerm,'$tPerm')

If _SetObjectPermissions('AdobeARMservice', $SE_SERVICE, $tPerm) = 1 Then
    ConsoleWrite('Good'&@error&@CRLF)
Else
    ConsoleWrite('Bad '&@error&@CRLF)
EndIf

$gDACL = _GetObjectDACL('\\'&@ComputerName&'\AdobeARMservice',$SE_SERVICE)
_MergeDaclToArray($gDACL, $gPerm)
For $i=0 To UBound($gPerm)-1
    $gPerm[$i][0] = _Security__SidToStringSid($gPerm[$i][0])
    $tAr = _Security__LookupAccountSid($gPerm[$i][0])
    $gPerm[$i][0] = $tAr[1]&'\'&$tAr[0] ; Domain\Username
Next

_ArrayDisplay($gPerm,'$gPerm')

 

Link to post
Share on other sites

Your welcome, sorry it didn't help.  

I did some more searching in the UDF, and there are quite a few DllCall function calls that are not using the Unicode function.  Right now, I do not have time to search through the whole UDF to find them.  You can search on DllCall in SciTE and then google the function name in the DLLCall.  You should get the MSDN page for the function, and at the bottom of the page it will tell if there is a Unicode version of the function.  Usually it will be the function name ending with a capital W.  If there is a Unicode version, replace function name with that one in the DllCall.  Usually you just have to add a capital "W" to the end of the name.  

Sorry, I can not do more right now.

 

Adam

 

Edited by AdamUL
missing words
Link to post
Share on other sites

@YawStar  I tried updating the DllCalls with the Unicode function names, and it did not work.  After I updated the names, and started a test script, the script caused AutoIt to crash.  Most likely, there something else in the dll call that needs to be changed, but I'm not sure what that is.  

 

Adam

 

Link to post
Share on other sites

@AdamUL If you have time, may i have next question?

When I get Object Owner using this udf

$ObjOwner = _GetObjectOwner("D:\test.txt")

MsgBox(0, "Owner", $ObjOwner)

 

The Output Message is S-1-5-32-545

I know it is Administrators but how can i convert S-1-5-32-545 to Administrators.

I want to convert StringSid to String.

Edited by YawStar
Link to post
Share on other sites

Glad the UDF is working for you.  

Use _Security__LookupAccountSid.  Here's an example script.  

#RequireAdmin
#include <Security.au3>
#Include <Permissions.au3>

_InitiatePermissionResources()

Global $oOwner = _GetObjectOwner("D:\test.txt")
Global $aAcct = _Security__LookupAccountSid($oOwner)
Global $sAcct = ""
If IsArray($aAcct) Then $sAcct = ($aAcct[1] <> "" ? $aAcct[1] & "\" : "" ) & $aAcct[0]  

MsgBox(0, "Owner", $sAcct)

_ClosePermissionResources()

 

Adam

Link to post
Share on other sites
  • 1 year later...

For quite some time now, Windows has locked-down most system files and many registry keys to TrustedInstaller. I had a need to disable some OS files (by adding .bak) and edit some Registry Keys and this UDF allowed that, with a few modifications to meet my needs.

 

Edited by Shark007
Link to post
Share on other sites
  • 5 months later...

Sorry, but currently I do not know of any functions in this UDF that will give the individual permissions directly.  You can read them with the UDF.  I have examples in this thread that show how to search for a user or group and change their permissions.  Functions would need to be created to show the individual permissions.  

 

Adam

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...