Sign in to follow this  
Followers 0
Terenz

Set owner and permission

7 posts in this topic

#1 ·  Posted (edited)

Hello guys,

In some scenario i need to move-delete file which i don't have permission ( sometime also system file from others PCs ) so i need to make a script for set the owner to my admin user, give to him full access and finally! move-delete the file. The most important part is i don't want to use any Windows or third-part tool for do this task since can be done without them and my line is avoid if is unnecessary. I have ask the same question in the 'Set Acl permissions UDF' but unfortunately without answer. I'll hope someone can provide an example. Thanks.

Using API, the best way

https://msdn.microsoft.com/it-it/library/windows/desktop/aa379579(v=vs.85).aspx

With WMI:

https://blogs.msdn.microsoft.com/alejacma/2010/01/13/how-to-change-ownership-and-give-full-permissions-to-a-user-on-a-folder-vbscript/

https://technet.microsoft.com/en-us/magazine/2006.05.scriptingguy.aspx

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites



So are you saying the links you posted work? If so, what have you done to convert the vbscript to AutoIt? Or the WMI script in the last link? You have been around long enough to know you're not going to be spoon-fed code without showing what you have tried on your own.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I have try on my own, trust me, i have spend a lot of time with that from the post on the example forum of July to this. I don't have nothing to show because my attempt only fail ( and when it fail goes directly to trashcan lol ) so i don't have any working or kind-of working code to let you see this time. About the links:

SetNamedSecurityInfo in theory work since that is on MSDN but i don't have personally tried. No example on the forum about that function but seems promising

Set Acl permissions UDF, _SetObjectOwner + _SetObjectSecurityDescriptor don't do nothing on the file also if the function return 1. The example with a newly created file work, on the "real file" don't do nothing...

I'm not here to ask a full code, just a point to start

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

SetNamedSecurityInfo in theory work since that is on MSDN but i don't have personally tried.

Why not?

 start point would be the VBScript code you link to (second link). Download it, does it work yes or no?

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

About SetNamedSecurityInfo, my C++ knowledge is very little ( equal to zero ) and i'm not able to convert it in autoit, there isn't any executable to test ( on other project there are a debug exe but this is not the case ) so for this reason i don't have tried it. The only thread on the forum is this and is incomplete:

 

I have download the VBScript, that example return the file permission but not set it. Thanks for asking

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

4 hours ago, Terenz said:

i don't want to use any Windows ... tool

not that i don't sympathize with this approach, but here there is not really a need to limit yourself. takeown.exe and icacls.exe are distributed with every supported version of Windows and i can't think of any reason or scenario they would be missing or limited in use. no admin with their right mind will cripple them, as they are extremely useful and a dependency for many administrative operations; and if a technical failure cripples them, you better take care of that failure first. you can also of course use FileInstall to redistribute them with your script, as long as you know which version of Windows they are supposed to run on.

that said, if you want to accomplish that with direct API calls, bear in mind there is a considerable studying in order. you must make yourself deeply familiar with NTFS ACL concepts and their implementation, which can get tricky at times. recently i had to establish a directory structure where users have RW access to the contents of a folder, but cannot change (delete/rename/move) the folder itself. although that is a pretty straight-forward scenario, it took me a while to learn the caveats of special NTFS permissions until i figured it out.

so, good luck here, but my best advice for fast and simple solution would be to use takeown and icacls.

Edited by orbs

Share this post


Link to post
Share on other sites
10 hours ago, orbs said:

takeown.exe and icacls.exe are distributed with every supported version of Windows and i can't think of any reason or scenario they would be missing or limited in use

Supported...unfortunately here we have many PCs with XP and we need to manage them for this reason i'm always prefer to use API supported by both system and SetNamedSecurityInfo / SetSecurityInfo are both supported by Windows XP. I think this case is different from yours, here we have example both "ready" to be used we don't need to write from zero:

Modifying the ACLs of an Object in C++

Taking Object Ownership in C++

Some of the function are already included in autoit ( _Security__OpenProcessToken, _WinAPI_GetCurrentProcess etc. ) but i don't have the knowledge to convert it all so i'm hope someone can help me with that. Thanks


Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0