Re: Modify advanced permissions using wsh on W2K Server

From: sharon (sharon_at_athoc.com)
Date: 04/19/04 

Date: 19 Apr 2004 11:10:32 -0700

Thanks Al! I use the xcacls program and it works great.

"Al Dunbar [MS-MVP]" <alan-no-drub-spam@hotmail.com> wrote in message news:<u55UByRHEHA.2556@TK2MSFTNGP12.phx.gbl>...
> "sharon" <sharon@athoc.com> wrote in message
> news:8425d061.0404060825.1cbae01b@posting.google.com...
> > hmmm... although i think my question was pretty straight forward let
> > me try and ask it again...
>
> Most of us understood your original question as (well) written. Our friend
> "name" has a penchant for misunderstanding others, seeming to misunderstand
> them, and/or posting randomly generated responses that defy the
> understanding of some of the rest of us.
>
> > I want to know if there is a way in WSH (Windows Scripting Host) to
> > change the advanced permission of a specific folder (advanced
> > permission meaning the attributes you have when you go to the folder's
> > properties window in windows 2000 Server, click the security tab and
> > click the advanced button).
>
> I think the reason you did not get an answer was that none of us wanted to
> tell you the short answer (yes), because the long answer is much less
> trivial...
>
> One way is do get a copy of aDSsecurity.dll and register it on your system.
> See:
>
> http://tinyurl.com/3bbwo
>
> This approach is extremely granular, and (imho) far from intuitive. As well,
> as I understand it, the checkbox that applies changes made to a folder to
> child objects it may contain is something that would have to be
> programmatically done. Other advanced features (of XP, mind - I left my w2k
> at work), including modifying auditing and ownership are not necessarily
> handled by this dll.
>
> When I discovered this stuff I thought it would be simple to use in script
> to modify file and folder permissions as needed to my heart's content, but
> have found otherwise. My main use is in a vbscript I wrote to enumerate the
> ACL's on a set of files and/or folders. Works great, but the resulting data
> is raw - hex masks instead of mnemonical symbols like R/W, Change, RWED, and
> etc. The main use of this tool is to see at a glance "who" has access, and
> for this purpose it works reasonably well.
>
> Another way is to .run the cacls or xcacls program, passing it the
> parameters it requires to accomplish your permissions changes. I think this
> needs care as well, because of the differences introduced by the version of
> NTFS that comes with w2k. Also, it might not be able to set all of the
> permissions actually possible.
>
> Finally, I believe tehre is a way to do this with WMI.
>
> http://tinyurl.com/363w5
>
> Certainly not much simpler than aDSsecurity.dll.
>
>
> /Al
>
> > "name" <nospam@user.com> wrote in message
> news:<uy6KKftGEHA.1268@TK2MSFTNGP12.phx.gbl>...
> > > "Programmatically"
> > >
> > > means 1 to N
> > > or
> > > M to N
> > >
> > > ============
> > > How did you get into this?
> > > ==================
> > > Owners/Admins own their envir totally.
> > > ----------------------------------------------------
> > >
> > > There are thousands of readers that could anwser your question.
> > >
> > > Problem is that your description is so vague, that it could match
> > > any Os. Or any Menubar of any MS released sample software
> > > released under their finger nails.
> > >
> > > You would not hate this forum to become an elite hypnotists resort
> > > of do all can do all ? Look at the "dashboard" and other crap !
> > >
> > > "W2K Server" is well recieved, but your context is intelectually
> > > overreaching
> > > and those unfamiliar with basic WINDOWS OS 32 nomen klatur will cringe.
> > >
> > > If you can not mention the .exe or .dll or name of product, please make
> > > the most obvious a verbatime in your question.
> > >
> > > Two lines of your gifted experience with windows
> > > are insufficent to address people in this group. Please .
> > >
> > > =============
> > >
> > > You can set all Internet Browser Properties in Registry as (however
> later)
> > > documented by Microsoft.
> > >
> > > Use a file monitor or registry monitor as available form e.g.
> > > sysinternals.com
> > > to see, whether an unidentified call takes place.
> > >
> > > E.G.
> > >
> > > If in the form of some (hex) entry without obvious root.
> > >
> > > Then you can not rely on script but must rely on windows itself.
> > >
> > > =====
> > >
> > > Windows is not much of anything else but of an event listener.
> > >
> > >
> > > -----------
> > >
> > > In the event you had not unchecked the daylight savings time box
> > > they would interrupt your machine to tell you the time on Sunday Morning
> > > April %, 100X.
> > >
> > >
> > >
> > >
> > >
> > >
> > > "sharon" <sharon@athoc.com> wrote in message
> > > news:8425d061.0404041203.4203809a@posting.google.com...
> > > > Is there a way to Programmatically modify advanced permissions
> > > > (Properties -> Security -> Advanced) for a specific directory using
> > > > WSH?