Re: Benutzerrechte auf Ordner zuweisen

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Holger Schwichtenberg [MVP, .NET Code Wise]" <please_reply_to_group@xxxxxxxxxxxxx>
• Date: Wed, 27 Apr 2005 19:17:07 +0200

---

Ich habe gerade nur ein Beispiel (mit mehreren Optionen) zur Hand, wie man
das mit VB.NET und WMI (System.Management) macht.
Mit ein wenig VBS-Kenntnissen sollte aber die Transformation auf VBS
gelingen.
Zu VBS hätte ich sonst noch ein Beispiel mit der adssecurity.dll.

---
Dr. Holger Schwichtenberg
http://www.windows-scripting.de
Windows Scripting, 4. Auflage, Addison Wesley, 2005
Windows Scripting Lernen, 2. Auflage, Addison Wesley, 2004
COM-Komponenten-Handbuch, Addison-Wesley, 2001



Imports System.Management

Module DateisystemMgmt

Public Const DELETE = &H10000
Public Const READ_CONTROL = &H20000
Public Const WRITE_DAC = &H40000
Public Const WRITE_OWNER = &H80000
Public Const SYNCHRONIZE = &H100000

Public Const STANDARD_RIGHTS_REQUIRED = &HF0000

Public Const STANDARD_RIGHTS_READ = &H20000
Public Const STANDARD_RIGHTS_WRITE = &H20000
Public Const STANDARD_RIGHTS_EXECUTE = &H20000

Public Const STANDARD_RIGHTS_ALL = &H1F0000

Public Const SPECIFIC_RIGHTS_ALL = &HFFFF

' Identifiers for the IADsAccessControlEntry.AccessMask property for
file and
' file share objects.
Public Const FILE_READ_DATA = &H1 ' file & pipe
Public Const FILE_LIST_DIRECTORY = &H1 ' directory

Public Const FILE_WRITE_DATA = &H2 ' file & pipe
Public Const FILE_ADD_FILE = &H2 ' directory

Public Const FILE_APPEND_DATA = &H4 ' file
Public Const FILE_ADD_SUBDIRECTORY = &H4 ' directory
Public Const FILE_CREATE_PIPE_INSTANCE = &H4 ' named pipe

Public Const FILE_READ_EA = &H8 ' file & directory

Public Const FILE_WRITE_EA = &H10 ' file & directory

Public Const FILE_EXECUTE = &H20 ' file
Public Const FILE_TRAVERSE = &H20 ' directory

Public Const FILE_DELETE_CHILD = &H40 ' directory

Public Const FILE_READ_ATTRIBUTES = &H80 ' all

Public Const FILE_WRITE_ATTRIBUTES = &H100 ' all

Public Const FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE
Or &H1FF

Public Const FILE_GENERIC_READ = STANDARD_RIGHTS_READ Or _
FILE_READ_DATA Or _
FILE_READ_ATTRIBUTES Or _
FILE_READ_EA Or _
SYNCHRONIZE

Public Const FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE Or _
FILE_WRITE_DATA Or _
FILE_WRITE_ATTRIBUTES Or _
FILE_WRITE_EA Or _
FILE_APPEND_DATA Or _
SYNCHRONIZE

Public Const FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE Or _
FILE_READ_ATTRIBUTES Or _
FILE_EXECUTE Or _
SYNCHRONIZE

' Doku:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fs/file_security_and_access_rights.asp

Sub CreatePermissions(ByVal dirpfad As String, ByVal domain As String,
ByVal benutzer As String, ByVal rechte As Long)
' ==== Schritte 1 bis 3 in Unterroutine
Dim ace As ManagementObject = CreateACE(domain, benutzer, rechte)
' ==== 4. Schritt: DACL erstellen
Dim DACL As Object()
DACL = New Object() {ace}
print("ACL erstellt...")
' === Schritte 5 und 6
SetPermissions(dirpfad, DACL)
End Sub

Sub AddPermissions(ByVal dirpfad As String, ByVal domain As String,
ByVal benutzer As String, ByVal rechte As Long)

Dim dir As New
ManagementObject("\\.\root\cimv2:Win32_LogicalFileSecuritySetting.Path='" &
dirpfad & "'")
Dim outParams As ManagementBaseObject =
dir.InvokeMethod("GetSecurityDescriptor", Nothing, Nothing)
Dim SD As ManagementBaseObject =
(outParams.Properties("Descriptor").Value)
Dim Dacl() As ManagementBaseObject
Dacl = SD.Properties("DACL").Value
Dim ace As ManagementObject = CreateACE(domain, benutzer, rechte)

ReDim Preserve Dacl(Dacl.GetUpperBound(0) + 1)
Dacl(Dacl.GetUpperBound(0)) = ace

SetPermissions(dirpfad, Dacl)
End Sub

Private Function CreateACE(ByVal Domain As String, ByVal Benutzer As
String, ByVal rechte As Long) As ManagementObject

' ==== 1. Schritt: BenutzerSID ermitteln
Dim user As DirectoryEntry =
GetUserWithSamAccountName("LDAP://server";, Benutzer)
If user Is Nothing Then Throw New Exception("Benutzer nicht
gefunden!")
Dim sid() As Byte = user.Properties("objectSID")(0)
print("SID ermittelt...")

' ==== 2. Schritt: Trustee erstellen
Dim trusteeclass As New ManagementClass("Win32_trustee")
Dim trustee As ManagementObject = trusteeclass.CreateInstance()
trustee.Properties("sid").Value = sid
print("Trustee erstellt...")

' ==== 3. Schritt: ACE erstellen
Dim aceclass As New ManagementClass("Win32_ACE")
Dim ace As ManagementObject = aceclass.CreateInstance()
ace.Properties("trustee").Value = trustee
ace.Properties("AccessMask").Value = rechte
ace.Properties("AceType").Value = 0 ' 0 = Allowed! 1 = DENIED!!!
ace.Properties("AceFlags").Value = 3 ' 2 = Inherit --> 3 "Full
access!"
print("ACE erstellt...")
Return ace

End Function

Private Sub SetPermissions(ByVal dirpfad As String, ByVal dacl As
Object())
' ==== 5. Schritt: SD erstellen
Dim sdclass As New ManagementClass("Win32_SecurityDescriptor")
Dim sd As ManagementObject = sdclass.CreateInstance()
sd.Properties("DACL").Value = dacl
print("SD erstellt...")

' ==== 6. Schritt: SD zuweisen an Verzeichnis
Dim dir As New
ManagementObject("\\.\root\cimv2:Win32_Directory.Name='" & dirpfad & "'")
dir.InvokeMethod("ChangeSecurityPermissions", New Object() {sd, 4})
print("Rechte gesetzt!")
End Sub

Sub ReadPermissions(ByVal dirpfad As String)

Dim dir As New
ManagementObject("\\.\root\cimv2:Win32_LogicalFileSecuritySetting.Path='" &
dirpfad & "'")
Dim outParams As ManagementBaseObject =
dir.InvokeMethod("GetSecurityDescriptor", Nothing, Nothing)
Dim SD As ManagementBaseObject =
(outParams.Properties("Descriptor").Value)
Dim acl() As ManagementBaseObject
acl = SD.Properties("DACL").Value
For Each ace As ManagementBaseObject In acl
Dim trustee As ManagementBaseObject =
ace.Properties("trustee").Value
print(trustee.Properties("Name").Value & " hat Rechte: " &
ace.Properties("AccessMask").Value.ToString() & ":" &
ace.Properties("AceFlags").Value.ToString())
Next


End Sub

End Module



"Peter" <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E3025E64-A60D-44F5-B101-729952DE422A@xxxxxxxxxxxxxxxx
> Hallo,
> ich weiss es ist sicher mal wieder eine Newbie Frage, aber irgendwie
bekomme
> ich das nicht hin?
>
> Meine Frage ist wie kann ich in die Rechte auf einem Ordner per VBS
ändern?
> Ich finde im Netz irgendwie zwar 100.000 Dinge aber nichts was auf meiner
> Domaine funktioniert....
>



.

---

• References:
  • Benutzerrechte auf Ordner zuweisen
    • From: Peter

• Prev by Date: Re: Scripten in VS 2003?
• Next by Date: Registry: Wert ermiiteln, umbenennen, sp#ter wieder reinschreiben
• Previous by thread: Re: Benutzerrechte auf Ordner zuweisen
• Next by thread: Dateien älter als xx Stunden löschen
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Timer tickt nicht richtig ... 'wenn Datensatz in DataGrid selektiert ist, TabelleDG2 gefiltert ... Sub LoadDataset(ByVal OleDBConn As OleDb.OleDbConnection, ... ByVal Criteria2 As String, _ ... End If ... (microsoft.public.de.german.entwickler.dotnet.vb) Re: Zwischenablage in Userform =?ISO-8859-1?Q?einf=FCgen?= ... ' ByVal Button As Integer, ByVal Shift As Integer, _ ... ' If CcpMouseUpThen Exit Sub ... 'End Sub ... (microsoft.public.de.excel) Re: Prinzip-Frage Graphik ... Private Sub Form_Load ... End Sub ... Public Type RECT: L As Long: T As Long: R As Long: B As Long: End Type ... ByVal ySrc&, ByVal dwRop&) ... (microsoft.public.de.vb) Re: Bitmaps auf einen Formzeichnen ... Public Icons as New Collection ... End Function ... Private Sub Form_Load ... ByVal ySrc&, ByVal dwRop&) ... (microsoft.public.de.vb) Re: Webzugriff ... End Function ... (ByVal S&, Addr As Any, ByVal ALen&) ... Private Sub Form_Load ... (microsoft.public.de.vb)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > German  > microsoft.public.de.german.scripting.wsh  > 2005-04