473,326 Members | 2,680 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Network share permissions with WMI

Hi guys,

So far I've spent about a week hacking away at this code, and I just
can't get it to add an ACE to a the DACL for a network share using WMI.

Just to set the scene, I'm trying to add an ACL from machine A
(workstation; Saturn) and set it to a UNC path
(\\Mercury\Inetpub\Websites\LocalUser\Test) on machine B (server;
Mercury).

Neither of these machines are on a domain, and the trustee for the new
ACL is a local user on machine B (server; Mercury), lets call him
'test' for now.

I don't want to use xcacls because it's a bit of a hack, and the ADSI
code from Microsoft looks a little offputting as it uses COM
(http://support.microsoft.com/kb/899553/EN-US/).

At this point I'm able to use the following code to apply permissions
to a local resource on machine A (e.g. C:\Test), however when I try it
on a UNC path it throws a ManagementException with the message "Not
Found", which isn't very useful.

I can only presume it's complaing about the UNC path. I've tried
doubling up the slashes, and just having single slashes (which makes no
difference).

// Works when server name is ".", "SATURN" but not "MERCURY".
ManagementScope scope = new ManagementScope(@"\\" + ServerName +
@"\root\cimv2");

// Works when fileName is local directory, but not UNC path.
ManagementPath path = new ManagementPath();
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path="
+ "'" + fileName + "'";

ManagementObject fileSecurity = new ManagementObject(
scope, path, null);

// When used with UNC path, exception with "Not Found" is thrown.
ManagementBaseObject outParams =
(ManagementBaseObject)fileSecurity.InvokeMethod(
"GetSecurityDescriptor", null, null);

// Get security descriptor and DACL for specified file.
ManagementBaseObject descriptor =
(ManagementBaseObject)outParams.Properties["Descriptor"].Value;
ManagementBaseObject[] dacl =
(ManagementBaseObject[])descriptor.Properties["Dacl"].Value;

// Get the user account to be trustee.
ManagementObject userAccount = new ManagementClass(scope,
new ManagementPath("Win32_Trustee"), null);
userAccount.Properties["Name"].Value = account;

// Create a new ACE for the descriptor.
ManagementObject newAce = new ManagementClass(scope,
new ManagementPath("Win32_ACE"), null);
newAce.Properties["Trustee"].Value = userAccount;

// Low level ace flags.
int FILE_READ_DATA = 0x0;
int FILE_WRITE_DATA = 0x1;
int FILE_APPEND_DATA = 0x4;
int DELETE = 0x10000;

// Translate FileSystemRights to flags.
switch (accessRights)
{
case FileSystemRights.Read:
newAce.Properties["AccessMask"].Value = FILE_READ_DATA;
break;

case FileSystemRights.Modify:
newAce.Properties["AccessMask"].Value = FILE_READ_DATA
| FILE_WRITE_DATA | FILE_APPEND_DATA | DELETE;
break;
}

// ACL will be inherited.
newAce.Properties["AceFlags"].Value = 0x10;

// Allow access to resource.
newAce.Properties["AceType"].Value = 0;

// Add ACE to DACL and set to descriptor.
ArrayList daclArray = new ArrayList(dacl);
daclArray.Add(newAce);

descriptor.Properties["Dacl"].Value = daclArray.ToArray();

// User SetSecurityDescriptor to apply the descriptor.
ManagementBaseObject inParams =
fileSecurity.GetMethodParameters("SetSecurityDescr iptor");
inParams["Descriptor"] = descriptor;
fileSecurity.InvokeMethod("SetSecurityDescriptor", inParams, null);

Jan 10 '06 #1
2 14936
If you connect to MERCURY using ManagementScope, you are effectively
accessing MERCURY's local drives. That means that you should specify the
local path and not a UNC path when executing path.RelativePath =
@"Win32_LogicalFileSecuritySetting.Path=...

If you need to set the ACL's on the "share" you need to query the share
using it's name and look for it's associated
Win32_LogicalShareSecuritySetting. Once you have this one you can set the
security for the share using the same technique as for a local filz objzct.
Willy.

<ma**@rensoft.net> wrote in message
news:11*********************@g43g2000cwa.googlegro ups.com...
| Hi guys,
|
| So far I've spent about a week hacking away at this code, and I just
| can't get it to add an ACE to a the DACL for a network share using WMI.
|
| Just to set the scene, I'm trying to add an ACL from machine A
| (workstation; Saturn) and set it to a UNC path
| (\\Mercury\Inetpub\Websites\LocalUser\Test) on machine B (server;
| Mercury).
|
| Neither of these machines are on a domain, and the trustee for the new
| ACL is a local user on machine B (server; Mercury), lets call him
| 'test' for now.
|
| I don't want to use xcacls because it's a bit of a hack, and the ADSI
| code from Microsoft looks a little offputting as it uses COM
| (http://support.microsoft.com/kb/899553/EN-US/).
|
| At this point I'm able to use the following code to apply permissions
| to a local resource on machine A (e.g. C:\Test), however when I try it
| on a UNC path it throws a ManagementException with the message "Not
| Found", which isn't very useful.
|
| I can only presume it's complaing about the UNC path. I've tried
| doubling up the slashes, and just having single slashes (which makes no
| difference).
|
| // Works when server name is ".", "SATURN" but not "MERCURY".
| ManagementScope scope = new ManagementScope(@"\\" + ServerName +
| @"\root\cimv2");
|
| // Works when fileName is local directory, but not UNC path.
| ManagementPath path = new ManagementPath();
| path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path="
| + "'" + fileName + "'";
|
| ManagementObject fileSecurity = new ManagementObject(
| scope, path, null);
|
| // When used with UNC path, exception with "Not Found" is thrown.
| ManagementBaseObject outParams =
| (ManagementBaseObject)fileSecurity.InvokeMethod(
| "GetSecurityDescriptor", null, null);
|
| // Get security descriptor and DACL for specified file.
| ManagementBaseObject descriptor =
| (ManagementBaseObject)outParams.Properties["Descriptor"].Value;
| ManagementBaseObject[] dacl =
| (ManagementBaseObject[])descriptor.Properties["Dacl"].Value;
|
| // Get the user account to be trustee.
| ManagementObject userAccount = new ManagementClass(scope,
| new ManagementPath("Win32_Trustee"), null);
| userAccount.Properties["Name"].Value = account;
|
| // Create a new ACE for the descriptor.
| ManagementObject newAce = new ManagementClass(scope,
| new ManagementPath("Win32_ACE"), null);
| newAce.Properties["Trustee"].Value = userAccount;
|
| // Low level ace flags.
| int FILE_READ_DATA = 0x0;
| int FILE_WRITE_DATA = 0x1;
| int FILE_APPEND_DATA = 0x4;
| int DELETE = 0x10000;
|
| // Translate FileSystemRights to flags.
| switch (accessRights)
| {
| case FileSystemRights.Read:
| newAce.Properties["AccessMask"].Value = FILE_READ_DATA;
| break;
|
| case FileSystemRights.Modify:
| newAce.Properties["AccessMask"].Value = FILE_READ_DATA
| | FILE_WRITE_DATA | FILE_APPEND_DATA | DELETE;
| break;
| }
|
| // ACL will be inherited.
| newAce.Properties["AceFlags"].Value = 0x10;
|
| // Allow access to resource.
| newAce.Properties["AceType"].Value = 0;
|
| // Add ACE to DACL and set to descriptor.
| ArrayList daclArray = new ArrayList(dacl);
| daclArray.Add(newAce);
|
| descriptor.Properties["Dacl"].Value = daclArray.ToArray();
|
| // User SetSecurityDescriptor to apply the descriptor.
| ManagementBaseObject inParams =
| fileSecurity.GetMethodParameters("SetSecurityDescr iptor");
| inParams["Descriptor"] = descriptor;
| fileSecurity.InvokeMethod("SetSecurityDescriptor", inParams, null);
|
Jan 10 '06 #2
Hi Willy,

Sorry, I just realised that share security exists as well as file
security. I actually meant altering a Win32_LogicalFileSecuritySetting
through a UNC path.

I'm trying to produce the software in such a way that it will run
completely over UNC and not local file paths. This is so I can develop
on a workstation using a virtual server for testing. But then, roll the
application out on to a production server. I'd like to avoid using
local file paths to keep everything simple... Is a good idea?

Also, I tried accessing the Win32_LogicalFileSecuritySetting via a UNC
path, without specifying a server and it threw the same "Not Found"
error as before.

Perhaps you could show me a snippet of code to enumerate the DACL via a
UNC path?

Thanks Willy.

Nick

Jan 10 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Rick Csucsai | last post by:
I have an ASP app that calls an object on the web server which goes out to a mapped network drive to retrieve a file from a W2K file server. My current web server is a W2K. The share on the file...
1
by: brian.oneil2 | last post by:
Is there a way to install this onto a network file share and allow a team to access it? I would say share a CD from a networked CD drive, but there are multiple CD's that would have to be inserted....
1
by: edge | last post by:
hi, here it is my problem. My console app, reads a text file where it grabs username/password. Next, my app creates a .BAT file to trigger the command ftp:\\user:password@ftphomeaddress. ...
4
by: Scott Nicholson | last post by:
I've got a site set up that uses a network share as it's home directory. Simple stuff is working fine. When I try to put a database in there, though, I run into problems. I'm using: dim...
5
by: Josh Rolfe | last post by:
I have a page in classic asp that accces a network drive, The code is as follows: <% dim fso dim objFolder set fso=server.createObject("Scripting.FileSystemObject") set...
2
by: Johnny Fugazzi | last post by:
I would like to access a network share from my vb.net application. I do not want to map a drive to the share, however. I would also like to specifiy a user credential to use when connecting to...
3
by: musosdev | last post by:
Hi guys Okay, I've setup my projects to open and compile fine in VS2005 using FPSE and remote web, but it's *really* slow. So I thought I'd have a go at doing it the normal way, by loading from...
2
by: Michael | last post by:
We have an ASP.NET 2.0 web application running on a Windows 2003 domain controller. Part of that application needs to read and write files from and to a network share ( living on a MAC Xserveraid)...
1
by: =?Utf-8?B?aGVjc2FuMDc=?= | last post by:
Hello I am fairly new to .NET Development. I need to query folders within a network drive and return some metadata related to the directories. For instance, I might have the following path:...
1
by: Raymond Du | last post by:
Hi, I try to use ASP.Net 2.0 FileUpload control to upload files. The page is working fine when I upload files and save them into my local computer, but fails when the files are to be saved to...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.