Re: Modify advanced permissions using wsh on W2K Server

From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 04/08/04 

Date: Wed, 7 Apr 2004 21:49:29 -0600

"sharon" <sharon@athoc.com> wrote in message
news:8425d061.0404060825.1cbae01b@posting.google.com...
> hmmm... although i think my question was pretty straight forward let
> me try and ask it again...

Most of us understood your original question as (well) written. Our friend
"name" has a penchant for misunderstanding others, seeming to misunderstand
them, and/or posting randomly generated responses that defy the
understanding of some of the rest of us.

> I want to know if there is a way in WSH (Windows Scripting Host) to
> change the advanced permission of a specific folder (advanced
> permission meaning the attributes you have when you go to the folder's
> properties window in windows 2000 Server, click the security tab and
> click the advanced button).

I think the reason you did not get an answer was that none of us wanted to
tell you the short answer (yes), because the long answer is much less
trivial...

One way is do get a copy of aDSsecurity.dll and register it on your system.
See:

    http://tinyurl.com/3bbwo

This approach is extremely granular, and (imho) far from intuitive. As well,
as I understand it, the checkbox that applies changes made to a folder to
child objects it may contain is something that would have to be
programmatically done. Other advanced features (of XP, mind - I left my w2k
at work), including modifying auditing and ownership are not necessarily
handled by this dll.

When I discovered this stuff I thought it would be simple to use in script
to modify file and folder permissions as needed to my heart's content, but
have found otherwise. My main use is in a vbscript I wrote to enumerate the
ACL's on a set of files and/or folders. Works great, but the resulting data
is raw - hex masks instead of mnemonical symbols like R/W, Change, RWED, and
etc. The main use of this tool is to see at a glance "who" has access, and
for this purpose it works reasonably well.

Another way is to .run the cacls or xcacls program, passing it the
parameters it requires to accomplish your permissions changes. I think this
needs care as well, because of the differences introduced by the version of
NTFS that comes with w2k. Also, it might not be able to set all of the
permissions actually possible.

Finally, I believe tehre is a way to do this with WMI.

    http://tinyurl.com/363w5

Certainly not much simpler than aDSsecurity.dll.

/Al

> "name" <nospam@user.com> wrote in message
news:<uy6KKftGEHA.1268@TK2MSFTNGP12.phx.gbl>...
> > "Programmatically"
> >
> > means 1 to N
> > or
> > M to N
> >
> > ============
> > How did you get into this?
> > ==================
> > Owners/Admins own their envir totally.
> > ----------------------------------------------------
> >
> > There are thousands of readers that could anwser your question.
> >
> > Problem is that your description is so vague, that it could match
> > any Os. Or any Menubar of any MS released sample software
> > released under their finger nails.
> >
> > You would not hate this forum to become an elite hypnotists resort
> > of do all can do all ? Look at the "dashboard" and other crap !
> >
> > "W2K Server" is well recieved, but your context is intelectually
> > overreaching
> > and those unfamiliar with basic WINDOWS OS 32 nomen klatur will cringe.
> >
> > If you can not mention the .exe or .dll or name of product, please make
> > the most obvious a verbatime in your question.
> >
> > Two lines of your gifted experience with windows
> > are insufficent to address people in this group. Please .
> >
> > =============
> >
> > You can set all Internet Browser Properties in Registry as (however
later)
> > documented by Microsoft.
> >
> > Use a file monitor or registry monitor as available form e.g.
> > sysinternals.com
> > to see, whether an unidentified call takes place.
> >
> > E.G.
> >
> > If in the form of some (hex) entry without obvious root.
> >
> > Then you can not rely on script but must rely on windows itself.
> >
> > =====
> >
> > Windows is not much of anything else but of an event listener.
> >
> >
> > -----------
> >
> > In the event you had not unchecked the daylight savings time box
> > they would interrupt your machine to tell you the time on Sunday Morning
> > April %, 100X.
> >
> >
> >
> >
> >
> >
> > "sharon" <sharon@athoc.com> wrote in message
> > news:8425d061.0404041203.4203809a@posting.google.com...
> > > Is there a way to Programmatically modify advanced permissions
> > > (Properties -> Security -> Advanced) for a specific directory using
> > > WSH?