I've swiped the following code pretty much directly from a technet
article, and modified it for my purposes. Something isn't working.
I'm trying to
1) create a share on a remote server (works)
2) Set an ACE on the SHARE of Full Control for CORP\Domain Admins
3) Set an ACE on the SHARE of Change for CORP\HelpDesks
When the code is done, there is an entry for full contol for System and
Administrators on the remote server - Nothing regarding what I actually
WANTED to add :(
Code:
private void ShareFolder(string path, string name, string
description)
{
//==0. Create Win32_Trustee
ManagementObject HDtrustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
HDtrustee["Domain"] = "CORP";
HDtrustee["Name"] = "HelpDesks";
ManagementObject Admintrustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
Admintrustee["Domain"] = "CORP";
Admintrustee["Name"] = "Domain Admins";
//==1. Create win32_ace
ManagementObject AdminACE = new ManagementClass(new
ManagementPath("Win32_Ace"), null);
AdminACE["AccessMask"] = AccessMasks.FullControl;
AdminACE["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE |
AceFlags.CONTAINER_INHERIT_ACE;
AdminACE["AceType"] = AceType.Allow;
AdminACE["Trustee"] = Admintrustee;
ManagementObject HelpDeskACE = new ManagementClass(new
ManagementPath("Win32_Ace"), null);
HelpDeskACE["AccessMask"] = AccessMasks.Modify;
HelpDeskACE["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE |
AceFlags.CONTAINER_INHERIT_ACE;
HelpDeskACE["AceType"] = AceType.Allow;
HelpDeskACE["Trustee"] = HDtrustee;
//==2. Create Win32_SecurityDescriptor
ManagementObject secDescriptor = new ManagementClass(new
ManagementPath("Win32_SecurityDescriptor"), null);
secDescriptor["ControlFlags"] = 4; //SE_DACL_PRESENT
//secDescriptor["DACL"] = new object[] { AdminACE };
secDescriptor["DACL"] = new object[] { HelpDeskACE,AdminACE
};
//==3. Using Win32_Share
ManagementClass classObj = new ManagementClass("\\\\" +
this.Server.Text + "\\root\\cimv2", "Win32_Share", null);
ManagementBaseObject inParams =
classObj.GetMethodParameters("Create");
inParams["Access"] = secDescriptor;
inParams["Description"] = description;
//inParams["MaximumAllowed"] = maxAllowed;
inParams["Name"] = name;
//inParams["Password"] = ""; //default is no password
inParams["Path"] = path;
inParams["Type"] = 0; //0: Disk Drive, 1: Print Queue ,2:
Device , 3: IPC
ManagementBaseObject outParams =
classObj.InvokeMethod("Create", inParams, null);
uint ret =
(uint)(outParams.Properties["ReturnValue"].Value);
}
Help?
Brian Hampson
System Administrator, North America
ALS Laboratory Group - Environmental Division
3  9402 
You need to supply the xxx["SID"] in addition to the Domain and Name
prooperties. I use the following line to define the "Everyone" SID:
EveryoneTrustee["SID"] = new uint[12] { 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0 };
"Brian Hampson" wrote:
I've swiped the following code pretty much directly from a technet
article, and modified it for my purposes. Something isn't working.
I'm trying to
1) create a share on a remote server (works)
2) Set an ACE on the SHARE of Full Control for CORP\Domain Admins
3) Set an ACE on the SHARE of Change for CORP\HelpDesks
When the code is done, there is an entry for full contol for System and
Administrators on the remote server - Nothing regarding what I actually
WANTED to add :(
Code:
private void ShareFolder(string path, string name, string
description)
{
//==0. Create Win32_Trustee
ManagementObject HDtrustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
HDtrustee["Domain"] = "CORP";
HDtrustee["Name"] = "HelpDesks";
ManagementObject Admintrustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
Admintrustee["Domain"] = "CORP";
Admintrustee["Name"] = "Domain Admins";
//==1. Create win32_ace
ManagementObject AdminACE = new ManagementClass(new
ManagementPath("Win32_Ace"), null);
AdminACE["AccessMask"] = AccessMasks.FullControl;
AdminACE["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE |
AceFlags.CONTAINER_INHERIT_ACE;
AdminACE["AceType"] = AceType.Allow;
AdminACE["Trustee"] = Admintrustee;
ManagementObject HelpDeskACE = new ManagementClass(new
ManagementPath("Win32_Ace"), null);
HelpDeskACE["AccessMask"] = AccessMasks.Modify;
HelpDeskACE["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE |
AceFlags.CONTAINER_INHERIT_ACE;
HelpDeskACE["AceType"] = AceType.Allow;
HelpDeskACE["Trustee"] = HDtrustee;
//==2. Create Win32_SecurityDescriptor
ManagementObject secDescriptor = new ManagementClass(new
ManagementPath("Win32_SecurityDescriptor"), null);
secDescriptor["ControlFlags"] = 4; //SE_DACL_PRESENT
//secDescriptor["DACL"] = new object[] { AdminACE };
secDescriptor["DACL"] = new object[] { HelpDeskACE,AdminACE
};
//==3. Using Win32_Share
ManagementClass classObj = new ManagementClass("\\\\" +
this.Server.Text + "\\root\\cimv2", "Win32_Share", null);
ManagementBaseObject inParams =
classObj.GetMethodParameters("Create");
inParams["Access"] = secDescriptor;
inParams["Description"] = description;
//inParams["MaximumAllowed"] = maxAllowed;
inParams["Name"] = name;
//inParams["Password"] = ""; //default is no password
inParams["Path"] = path;
inParams["Type"] = 0; //0: Disk Drive, 1: Print Queue ,2:
Device , 3: IPC
ManagementBaseObject outParams =
classObj.InvokeMethod("Create", inParams, null);
uint ret =
(uint)(outParams.Properties["ReturnValue"].Value);
}
Help?
Brian Hampson
System Administrator, North America
ALS Laboratory Group - Environmental Division
So, How can I get the SID of the user (in a bytearray format) given
that I know the name and domain?
Scewbedew wrote:
You need to supply the xxx["SID"] in addition to the Domain and Name
prooperties. I use the following line to define the "Everyone" SID:
EveryoneTrustee["SID"] = new uint[12] { 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0 };
"Brian Hampson" wrote:
I've swiped the following code pretty much directly from a technet
article, and modified it for my purposes. Something isn't working.
I'm trying to
1) create a share on a remote server (works)
2) Set an ACE on the SHARE of Full Control for CORP\Domain Admins
3) Set an ACE on the SHARE of Change for CORP\HelpDesks
When the code is done, there is an entry for full contol for System and
Administrators on the remote server - Nothing regarding what I actually
WANTED to add :(
Code:
private void ShareFolder(string path, string name, string
description)
{
//==0. Create Win32_Trustee
ManagementObject HDtrustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
HDtrustee["Domain"] = "CORP";
HDtrustee["Name"] = "HelpDesks";
ManagementObject Admintrustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
Admintrustee["Domain"] = "CORP";
Admintrustee["Name"] = "Domain Admins";
//==1. Create win32_ace
ManagementObject AdminACE = new ManagementClass(new
ManagementPath("Win32_Ace"), null);
AdminACE["AccessMask"] = AccessMasks.FullControl;
AdminACE["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE |
AceFlags.CONTAINER_INHERIT_ACE;
AdminACE["AceType"] = AceType.Allow;
AdminACE["Trustee"] = Admintrustee;
ManagementObject HelpDeskACE = new ManagementClass(new
ManagementPath("Win32_Ace"), null);
HelpDeskACE["AccessMask"] = AccessMasks.Modify;
HelpDeskACE["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE |
AceFlags.CONTAINER_INHERIT_ACE;
HelpDeskACE["AceType"] = AceType.Allow;
HelpDeskACE["Trustee"] = HDtrustee;
//==2. Create Win32_SecurityDescriptor
ManagementObject secDescriptor = new ManagementClass(new
ManagementPath("Win32_SecurityDescriptor"), null);
secDescriptor["ControlFlags"] = 4; //SE_DACL_PRESENT
//secDescriptor["DACL"] = new object[] { AdminACE };
secDescriptor["DACL"] = new object[] { HelpDeskACE,AdminACE
};
//==3. Using Win32_Share
ManagementClass classObj = new ManagementClass("\\\\" +
this.Server.Text + "\\root\\cimv2", "Win32_Share", null);
ManagementBaseObject inParams =
classObj.GetMethodParameters("Create");
inParams["Access"] = secDescriptor;
inParams["Description"] = description;
//inParams["MaximumAllowed"] = maxAllowed;
inParams["Name"] = name;
//inParams["Password"] = ""; //default is no password
inParams["Path"] = path;
inParams["Type"] = 0; //0: Disk Drive, 1: Print Queue ,2:
Device , 3: IPC
ManagementBaseObject outParams =
classObj.InvokeMethod("Create", inParams, null);
uint ret =
(uint)(outParams.Properties["ReturnValue"].Value);
}
Help?
Brian Hampson
System Administrator, North America
ALS Laboratory Group - Environmental Division
You can use the following code:
using System.Security.Principal;
NTAccount ntAccount = new NTAccount("Everyone"); // or whatever account you
will grant access
SecurityIdentifier sid = (SecurityIdentifier)ntAccount
..Translate(typeof(SecurityIdentifier));
byte[] sidArray = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidArray , 0);
ManagementObject Trustee = new ManagementClass(new
ManagementPath("Win32_Trustee"), null);
Trustee["SID"] = sidArray ;
When specifying the SID this way, neither the ["Domain"] nor the ["Name"]
properties are needed. I have not experienced that the ["SIDLength"] is ever
needed.
If the NTAccount constructor is not specifying a domain, the SAM on the
local system will be used.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: R Reyes |
last post by:
I am trying to code a file uploader (for forum/email attachments) from the
client computer to a remote web server via the PUT method (since POST is not
allowed ). However, the upload works ONLY...
|
by: Danko Greiner |
last post by:
Thanx Willy, this was very helpful.
But i also need (and want to know) how to do this from code.
Can you plase give me right topic in MSDN? is there good example?
Thanx
p.s. this is...
|
by: trialproduct2004 |
last post by:
hi all
i have one problem in windows service.
i have code as following:-
DirectoryInfo di = new DirectoryInfo(szfolder);
if(di.Exists==true)
eventLog1.WriteEntry("exist");
else
|
by: JR |
last post by:
I have a Web server running on Windows XP. On this Web server, I have a Web
site configured with its home directory on a network share. In the Web site,
there's a virtual folder pointing to a local...
|
by: Pavils Jurjans |
last post by:
Hello,
My ASP.NET hoster has made a separate folder in my hosting space and
configured it as separate application in IIS. Further, I created "bin"
folder in this directory, and put in my aspx...
|
by: nick |
last post by:
I have a problem and I've been using a cheezy work around and was
wondering if anyone else out there has a better solution.
The problem:
Let's say I have a web application appA. Locally, I set...
|
by: Johan |
last post by:
Hi
I'm using WMI to set and remove folderpermissions and it sems to work
fine, sometimes. I start by having the folderpermissons manuly set to
Everyone and Everone has full rights. When I'm...
|
by: desarrollo_cpd_gr |
last post by:
I need to know how to set a DACL in a folder using NTFS in order to establish
the permissions for the folder, I have already acomplished this with a share
object but I also want to put security in...
|
by: =?Utf-8?B?TGlhbSBNYWM=?= |
last post by:
Hi Folks,
I have embeded WMI scripting within a Visual Basic application to create
remote shares and set permissions, I'm now moving to vb.net environment and
having trouble getting my scripting...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
