tatane Posted June 12, 2013 Share Posted June 12, 2013 Hi, I would like to know how to set (or get) ACL on a shared folder on Windows Server. I found a VBA script here : http://gallery.technet.microsoft.com/scriptcenter/b3961e31-3843-4163-9e39-633518d3a362 It seems it can do what I want. I tryed to convert it but unfortunatly I'm blocked on the line "SecDesc.Properties_.Item("DACL") = Array(ACE)". I don't know how to handle the array function. My goal is to develop a soft which can manipulate Active Directory (create/modify/delete users/groups) and create shared folders with rights. I played with the AD UDF. It is perfect. Now I'm looking for shared folder rights. I'll be happy if you can help me . Thank you in advance. Link to comment Share on other sites More sharing options...
spudw2k Posted June 12, 2013 Share Posted June 12, 2013 The Array func in vbscript creates an array object on-the-fly. I think you can just create the array and feed it to the object function. $arr[1]=["ACE"] SecDesc.Properties_.Item("DACL") = $arr Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
tatane Posted June 12, 2013 Author Share Posted June 12, 2013 Indeed you're right. Thanks. Here is the code : expandcollapse popup$Foldername="d:\test" ;folder to share $sharename="Partage de test" ;Share Name $strDesc="Un petit test réussi." ;Share Description $strUser="beau" ;User to set permissions for $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2") ; Connects to the WMI service with security privileges $SecDescClass = $objWMIService.Get("Win32_SecurityDescriptor") ; Need an instance of the Win32_SecurityDescriptor so we can create an instance of a Security Descriptor. $SecDesc = $SecDescClass.SpawnInstance_() ; Create an instance of a Security Descriptor. $colWinAcc = $objWMIService.ExecQuery("SELECT * FROM Win32_ACCOUNT WHERE Name='" & $strUser & "'") If $colWinAcc.Count < 1 Then ConsoleWrite("User " & $strUser & "Not Found - quitting"&@cr) EndIf ; Find the WMI representation of a particular Windows Account For $refItem in $colWinAcc $refSID = $objWMIService.Get("Win32_SID='" & $refItem.SID & "'") ; Get the SID for the choosen Windows account. Next $refTrustee = $objWMIService.Get("Win32_Trustee").spawnInstance_() ; Creates an instance of a Windows Security Trustee (usually a user but anything with a SID I guess...) With $refTrustee .Domain = $refSID.ReferencedDomainName .Name = $refSID.AccountName .SID = $refSID.BinaryRepresentation .SidLength = $refSID.SidLength .SIDString = $refSID.SID EndWith ; Sets the trustee object up with the SID & all that malarkey from the user object we have choosen to work on $ACE = $objWMIService.Get("Win32_Ace").SpawnInstance_ ; Creates an instance of an Access Control Entry Object(this will be one entry on the access list on an object) $ACE.Properties_.Item("AccessMask") = 2032127 ; This is full Control ; (bitflag) full list here: http://blogs.msdn.com/b/helloworld/archive/2008/06/10/common-accessmask-value-when-configuring-share-permission-programmatically.aspx $ACE.Properties_.Item("AceFlags") = 3 ; what to apply ACE to inc ; inhehitance 3 - means files & folders get permssions & pass onto children $ACE.Properties_.Item("AceType") = 0 ; 0=allow access 1=deny access $ACE.Properties_.Item("Trustee") = $refTrustee ; Set the Trustee (user) that this Access control Entry will refer to. Local $array[1] = [$ACE] $SecDesc.Properties_.Item("DACL") = $array ; Get the DACL property of the Security Descriptor object ; Add the ACE to the Dynamic Access Control List on the object (an array) it will overwrite the old entries ; unless you retreive & save 'em first & add them to a big array with the new entry as well as the old ones $Share = $objWMIService.Get("Win32_Share") ; Get a WMI share Object $InParam = $Share.Methods_("Create").InParameters.SpawnInstance_() ; Create an instance of a WMI input Parameters object $InParam.Properties_.Item("Access") = $SecDesc ; Set the Access Parameter to the Security Descriptor Object we configured above $InParam.Properties_.Item("Description") = $strDesc $InParam.Properties_.Item("Name") = $ShareName $InParam.Properties_.Item("Path") = $FolderName $InParam.Properties_.Item("Type") = 0 $outParams=$Share.ExecMethod_("Create", $InParam) ; Create the share with all the parameters we have set up ConsoleWrite("OUT: " & $outParams.returnValue&@cr) If $outParams.returnValue <> 0 Then ConsoleWrite("Failed to Create Share, return Code:" & $outParams.returnValue&@cr) Else ConsoleWrite("Folder " & $Foldername & " sucessfully shared as: " & $sharename & " with FULL CONTROL Permissions for user " & $strUser&@cr) EndIf This script creates a shared folder and applies Shared Rights from the specified user to it. But like I said it is the Shared Rights and not the NTFS Rights. Do you know a way to set NTFS rights permission ? Link to comment Share on other sites More sharing options...
blckpythn Posted June 12, 2013 Share Posted June 12, 2013 Do you know a way to set NTFS rights permission ? Running the cacls command will do that for you. Link to comment Share on other sites More sharing options...
tatane Posted June 12, 2013 Author Share Posted June 12, 2013 I know this tool (or SetACL.exe/COM) but I would like to do it with AutoIt. It seems I'm not far from what i'm looking for with the above code... Link to comment Share on other sites More sharing options...
BrewManNH Posted June 12, 2013 Share Posted June 12, 2013 >This UDF might be of some use to you. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
tatane Posted June 12, 2013 Author Share Posted June 12, 2013 Thanks ! I'll check this UDF. Link to comment Share on other sites More sharing options...
FreeBeing Posted March 3, 2016 Share Posted March 3, 2016 Hi, I was interested in the fact of set ACL on a shared folder, but I think WMI way is too complicated. I tried another way I didn't know until now : "net share" With that, you can create a shared folder, and grant users you want. Example with an existing folder "C:\MyShare" and if I wish to have "Administrators" group with full rights and "Everyone" Read only. net share ExampleShare="C:\MyShare" /GRANT:Administrators:FULL /GRANT:Everyone,READ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now