tatane Posted June 12, 2013 Posted June 12, 2013 Hi, I would like to know how to set (or get) ACL on a shared folder on Windows Server. I found a VBA script here : http://gallery.technet.microsoft.com/scriptcenter/b3961e31-3843-4163-9e39-633518d3a362 It seems it can do what I want. I tryed to convert it but unfortunatly I'm blocked on the line "SecDesc.Properties_.Item("DACL") = Array(ACE)". I don't know how to handle the array function. My goal is to develop a soft which can manipulate Active Directory (create/modify/delete users/groups) and create shared folders with rights. I played with the AD UDF. It is perfect. Now I'm looking for shared folder rights. I'll be happy if you can help me . Thank you in advance.
spudw2k Posted June 12, 2013 Posted June 12, 2013 The Array func in vbscript creates an array object on-the-fly. I think you can just create the array and feed it to the object function. $arr[1]=["ACE"] SecDesc.Properties_.Item("DACL") = $arr Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
tatane Posted June 12, 2013 Author Posted June 12, 2013 Indeed you're right. Thanks. Here is the code : expandcollapse popup$Foldername="d:\test" ;folder to share $sharename="Partage de test" ;Share Name $strDesc="Un petit test réussi." ;Share Description $strUser="beau" ;User to set permissions for $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2") ; Connects to the WMI service with security privileges $SecDescClass = $objWMIService.Get("Win32_SecurityDescriptor") ; Need an instance of the Win32_SecurityDescriptor so we can create an instance of a Security Descriptor. $SecDesc = $SecDescClass.SpawnInstance_() ; Create an instance of a Security Descriptor. $colWinAcc = $objWMIService.ExecQuery("SELECT * FROM Win32_ACCOUNT WHERE Name='" & $strUser & "'") If $colWinAcc.Count < 1 Then ConsoleWrite("User " & $strUser & "Not Found - quitting"&@cr) EndIf ; Find the WMI representation of a particular Windows Account For $refItem in $colWinAcc $refSID = $objWMIService.Get("Win32_SID='" & $refItem.SID & "'") ; Get the SID for the choosen Windows account. Next $refTrustee = $objWMIService.Get("Win32_Trustee").spawnInstance_() ; Creates an instance of a Windows Security Trustee (usually a user but anything with a SID I guess...) With $refTrustee .Domain = $refSID.ReferencedDomainName .Name = $refSID.AccountName .SID = $refSID.BinaryRepresentation .SidLength = $refSID.SidLength .SIDString = $refSID.SID EndWith ; Sets the trustee object up with the SID & all that malarkey from the user object we have choosen to work on $ACE = $objWMIService.Get("Win32_Ace").SpawnInstance_ ; Creates an instance of an Access Control Entry Object(this will be one entry on the access list on an object) $ACE.Properties_.Item("AccessMask") = 2032127 ; This is full Control ; (bitflag) full list here: http://blogs.msdn.com/b/helloworld/archive/2008/06/10/common-accessmask-value-when-configuring-share-permission-programmatically.aspx $ACE.Properties_.Item("AceFlags") = 3 ; what to apply ACE to inc ; inhehitance 3 - means files & folders get permssions & pass onto children $ACE.Properties_.Item("AceType") = 0 ; 0=allow access 1=deny access $ACE.Properties_.Item("Trustee") = $refTrustee ; Set the Trustee (user) that this Access control Entry will refer to. Local $array[1] = [$ACE] $SecDesc.Properties_.Item("DACL") = $array ; Get the DACL property of the Security Descriptor object ; Add the ACE to the Dynamic Access Control List on the object (an array) it will overwrite the old entries ; unless you retreive & save 'em first & add them to a big array with the new entry as well as the old ones $Share = $objWMIService.Get("Win32_Share") ; Get a WMI share Object $InParam = $Share.Methods_("Create").InParameters.SpawnInstance_() ; Create an instance of a WMI input Parameters object $InParam.Properties_.Item("Access") = $SecDesc ; Set the Access Parameter to the Security Descriptor Object we configured above $InParam.Properties_.Item("Description") = $strDesc $InParam.Properties_.Item("Name") = $ShareName $InParam.Properties_.Item("Path") = $FolderName $InParam.Properties_.Item("Type") = 0 $outParams=$Share.ExecMethod_("Create", $InParam) ; Create the share with all the parameters we have set up ConsoleWrite("OUT: " & $outParams.returnValue&@cr) If $outParams.returnValue <> 0 Then ConsoleWrite("Failed to Create Share, return Code:" & $outParams.returnValue&@cr) Else ConsoleWrite("Folder " & $Foldername & " sucessfully shared as: " & $sharename & " with FULL CONTROL Permissions for user " & $strUser&@cr) EndIf This script creates a shared folder and applies Shared Rights from the specified user to it. But like I said it is the Shared Rights and not the NTFS Rights. Do you know a way to set NTFS rights permission ?
blckpythn Posted June 12, 2013 Posted June 12, 2013 Do you know a way to set NTFS rights permission ? Running the cacls command will do that for you.
tatane Posted June 12, 2013 Author Posted June 12, 2013 I know this tool (or SetACL.exe/COM) but I would like to do it with AutoIt. It seems I'm not far from what i'm looking for with the above code...
BrewManNH Posted June 12, 2013 Posted June 12, 2013 >This UDF might be of some use to you. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator
FreeBeing Posted March 3, 2016 Posted March 3, 2016 Hi, I was interested in the fact of set ACL on a shared folder, but I think WMI way is too complicated. I tried another way I didn't know until now : "net share" With that, you can create a shared folder, and grant users you want. Example with an existing folder "C:\MyShare" and if I wish to have "Administrators" group with full rights and "Everyone" Read only. net share ExampleShare="C:\MyShare" /GRANT:Administrators:FULL /GRANT:Everyone,READ
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now