Re: Unable to see client permissions in ESM tool!!
- From: Raj <Raj@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Sep 2006 09:49:02 -0700
Eureka!!!....
I was not cleaning 1.3 and 5 th bit of everyone!!!!
Regards
Rajesh
"Raj" wrote:
Hi I am posting security descriptors here... I made it so simple so that only.
one user and 'Everyone' the first one what i recved from Excahnge server and
the everone role was 'contributor'. The second one I set back to the excahnge
server and role of everyone is 'Owner'. Could you please check and tell me
where i am wrong.
<S:effective_aces>
<S:access_allowed_ace S:inherited="0">
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace S:inherited="0">
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace S:inherited="0">
<S:access_mask>1208ab</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:type>well_known_group</S:type>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
</S:sid>
</S:access_allowed_ace>
</S:effective_aces>
<S:subcontainer_inheritable_aces>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>1208ab</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:type>well_known_group</S:type>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
</S:sid>
</S:access_allowed_ace>
</S:subcontainer_inheritable_aces>
<S:subitem_inheritable_aces>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>1f0fbf</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:type>user</S:type>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:ad_object_guid>{568039be-04e3-4773-b069-749d960ed647}</S:ad_object_guid>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_allowed_ace S:inherited="0" S:no_propagate_inherit="0">
<S:access_mask>0</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:type>well_known_group</S:type>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:ad_object_guid>{f1787194-e062-456c-8791-dfd7c3719139}</S:ad_object_guid>
</S:sid>
</S:access_allowed_ace>
</S:subitem_inheritable_aces>
SD I set back to excahnge server
<S:effective_aces xmlns:S="http://schemas.microsoft.com/security/";>
<S:access_allowed_ace>
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace>
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace>
<S:access_mask>1fc9bf</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:type>well_known_group</S:type>
<S:display_name>\\Everyone</S:display_name>
</S:sid>
</S:access_allowed_ace>
</S:effective_aces>
<S:subcontainer_inheritable_aces
xmlns:S="http://schemas.microsoft.com/security/";>
<S:access_allowed_ace>
<S:access_mask>1208af</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_denied_ace>
<S:access_mask>dc910</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_denied_ace>
<S:access_allowed_ace>
<S:access_mask>1fc9bf</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:type>well_known_group</S:type>
<S:display_name>\\Everyone</S:display_name>
</S:sid>
</S:access_allowed_ace>
</S:subcontainer_inheritable_aces>
<S:subitem_inheritable_aces xmlns:S="http://schemas.microsoft.com/security/";>
<S:access_allowed_ace><S:access_mask>1f0fbf</S:access_mask>
<S:sid>
<S:string_sid>S-1-5-21-436374069-1326574676-682003330-31989</S:string_sid>
<S:nt4_compatible_name>EURTest\\AMABCDE</S:nt4_compatible_name>
<S:type>user</S:type>
<S:display_name>Rajesh</S:display_name>
</S:sid>
</S:access_allowed_ace>
<S:access_allowed_ace>
<S:access_mask>1f0fbf</S:access_mask>
<S:sid>
<S:string_sid>S-1-1-0</S:string_sid>
<S:nt4_compatible_name>\\Everyone</S:nt4_compatible_name>
<S:type>well_known_group</S:type>
<S:display_name>\\Everyone</S:display_name>
</S:sid>
</S:access_allowed_ace>
</S:subitem_inheritable_aces>
Thanks
Rajesh
"Raj" wrote:
Hi Henning,
This is happening only when I change the role of "\\EveryONe"(SID S-1-1-0)
- I can change all other users. DO you know the reason might be?
Regards
Rajesh
"Henning Krause" wrote:
Hello,
no, the order is the same.
But if you get an invalid window handle error, then you have definitely
messed up your security descriptor.
If you are working with .NET 2.0, you could try my exchange package.. it
should handle Security descriptors correctly.
Best regards,
Henning Krause
----------------------------------------------------------------------------
Visit my website: http://www.infinitec.de
Exchange access library -
http://www.infinitec.de/software/nettoolbox/infinitec.exchange.aspx
"Raj" <Raj@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B2B416B0-3777-4251-9FC2-D748D383A9AD@xxxxxxxxxxxxxxxx
Well,
That was working before with client account. Do i have to use different
ordering algorithm when I connect using Admin account.
Interesting thing is when I try to add a user i get a window handle
error!... I didnt change anything in the code except used admin URL to
get/set SD.
My colleque is trying to view using outlook.
please help
Thanks
Rajesh
"Henning Krause" wrote:
Hello,
can you see the correct permissions when you view them via Outlook?
Have you ordered your modified security descriptor correctly?
Best regards,
Henning Krause
----------------------------------------------------------------------------
Visit my website: http://www.infinitec.de
Exchange access library -
http://www.infinitec.de/software/nettoolbox/infinitec.exchange.aspx
"Raj" <Raj@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BB08336A-0BFB-4EBF-8609-522CA25DC369@xxxxxxxxxxxxxxxx
Hi All,
This is a question related to my last post 'PF Admin Tools &
Administrative
Rights'
Using WebDav and Admin account, I am able to change client member roles
and
rights. But after updating client members , If I try to see the client
permissions through ESM tool, I get empty list in the 'Client
permission'
dialog box! I am NOT getting any error or anything... but when I get
the
Security Descriptor(SD) through the code, I get the correct one what I
set.
The code I used to get/set SD was working before when I use client
account
to update the folder. Also I was able to see client permissions through
ESM
when I update SD of folders using client account and client URL. There
was
no
change to the code and only change is rather than using Client URL, I
used
admin URL. Also I used admin Permanant URL to update the folders.
Please help me on this.... If you need more information please ask.
Thanks
Rajesh
- References:
- Re: Unable to see client permissions in ESM tool!!
- From: Henning Krause
- Re: Unable to see client permissions in ESM tool!!
- From: Raj
- Re: Unable to see client permissions in ESM tool!!
- From: Henning Krause
- Re: Unable to see client permissions in ESM tool!!
- From: Raj
- Re: Unable to see client permissions in ESM tool!!
- From: Raj
- Re: Unable to see client permissions in ESM tool!!
- Prev by Date: Re: Unable to see client permissions in ESM tool!!
- Next by Date: Re: Mail Enable : Discovering non-Mail enabled users
- Previous by thread: Re: Unable to see client permissions in ESM tool!!
- Next by thread: retriving <mail:htmldescription>
- Index(es):
Relevant Pages
|
