Sign in to follow this  
Followers 0
water

Query ACL

3 posts in this topic

Hi AutoIt3-Gurus,

I would like to query the ACLs of some network folders. I've seen how to change ACLs but this approach uses an external program that I would have to install on every computer where my AutoIt script should run.

Is there an easier way to query ACLs when running Windows XP SP3?

Thanks in advnace

Thomas


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites



@water

Maybe this can get you going.

$strComputer = "."
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

$colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_LogicalShareSecuritySetting', "WQL", 48)

For $objItem in $colItems

$strShareName = $objItem.name
    
Dim $wmiSecurityDescriptor

$wmiFileSecSetting = ObjGet("winmgmts:{impersonationLevel=impersonate}!//" & $strComputer & _
                            "/root/cimv2:Win32_LogicalShareSecuritySetting.Name='" & $strShareName & "'")
    
$RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)
    If @Error Then
        ConsoleWrite("GetSecurityDescriptor failed on " & $strShareName & @CRLF)
    Else
        ConsoleWrite("GetSecurityDescriptor succeeded for " & $strShareName & @CRLF)
    EndIf

    ; Retrieve the DACL array of Win32_ACE objects.
    $DACL = $wmiSecurityDescriptor.DACL
    
    $strsid = ""

    For $wmiAce in $DACL

        ConsoleWrite( "-----------------------" & @CRLF)
        ConsoleWrite("Found ACE" & @CRLF)
        ConsoleWrite( "-----------------------" & @CRLF)
        ConsoleWrite( "Access Mask: " & $wmiAce.AccessMask & @CRLF)
        ConsoleWrite( "ACE Type: " & $wmiAce.AceType & @CRLF)

        ; Get Win32_Trustee object from ACE
        $Trustee = $wmiAce.Trustee
        ConsoleWrite( "Trustee Domain: " & $Trustee.Domain & @CRLF)
        ConsoleWrite( "Trustee Name: " & $Trustee.Name & @CRLF)

        ; Get SID as array from Trustee
        $SID = $Trustee.SID

        For $i = 0 To UBound($SID) - 1
            $strsid &= $SID[$i] & ","
        Next
        
        ConsoleWrite( "Trustee SID: {" & $strsid & "}" & @CRLF)
        ConsoleWrite(@CRLF)
    Next
Next

regards,

ptrex

Share this post


Link to post
Share on other sites

Hi ptrex,

I tried your script but unfortunately it doesnt return anything.

Line: @error-@extended: Line syntax
0001: 0-0: #AutoIt3Wrapper_Run_Debug_Mode=y
0002: 0-0: $strComputer = "."
0003: 0-0: $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
0005: 0-0: $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_LogicalShareSecuritySetting", "WQL", 48)
0007: 0-0: For $objItem in $colItems

What I would like to do is present the user with a treeview (as in MS Windows Explorer) and when he clicks a network folder or subfolder or subsubfolder ... I show the Security Settings (Group- and Usernames) and in another window all the groups resolved to the Usernames.

I hope I could make myself a bit clear. I'm no native speaker and no Active Directory guru.

Thanks

Thomas


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0