Hello.
I am writing some code that accepts a DFS Link and Username and grants that
User permissions to the physical directory that the DFS Link corresponds to.
I am using the System.Manageme nt namespace and WMI queries.
When I run the code below and check the Security tab of the folder , I find
that all entries have been cleared – which is ok and this is expected, main
problem is that the User that I have set up the Trustee and ACE object for,
has not been added. Interestingly (just before I set the permissions) I
retrieve the first ACE in the access list and then add it back into the
DACL[] property of the SecurityDescrip tor object. In the code below, this
where I add ‘firstAce’ to the DACL property instead of ‘Ace’. When I check
the folder, the entry is added to the list.
I can probably assume that the code that actually sets the permissions does
work. What must be going wrong is either the way I have configured the
Trustee or the ACE object. The user to which we need to set permissions for
can be identified by the SID. I recover the SIDString using a WMI query,
passing in the Username and Domain, and then convert the resultant string
value into a byte array (SID needs to be in this format). I do this
conversion using the ASCIIEncoding class of System.Text, perhaps this is
where things are going wrong. Is there a more effective way of converting
from String to Byte Array?
Any thoughts on where there could be issues ?
Thanks,
Praveen.
Here is the code below:
//***TRUSTEE***
//Create Trustee management object (Win32_Trustee) setting the SID
(converted to byte array) and Username
ManagementObjec t Trustee = new ManagementClass (new
ManagementPath( "Win32_Trustee" ),null).CreateI nstance();
Trustee["SID"] = bSID; //SID as a byte array
//***ACE***
//Create ACE management object (Win32_ACE) setting the AccessMask, AceFlags,
AceType and Trustee (to Trustee object)
ManagementObjec t Ace = new ManagementClass (new
ManagementPath( "Win32_ACE"),nu ll).CreateInsta nce();
Ace["AccessMask "] = "2032127";
Ace["AceFlags"] = "3";
Ace["AceType"] = 0;
Ace["Trustee"] = Trustee;
//***SecurityDesc riptor***
//Retrieve the Security Descriptor passing in the path to the physical
directory
string dirClassPath1 = @"Win32_Logical FileSecuritySet ting='" + strDFSLink +
"'";
ManagementObjec t Win32LogicalFil eSecuritySettin g = new ManagementObjec t(new
ManagementPath( dirClassPath1), null);
ManagementBaseO bject outParams1 =
Win32LogicalFil eSecuritySettin g.InvokeMethod( "GetSecurityDes criptor",null,
null);
ManagementBaseO bject SecurityDescrip tor1 = (ManagementBase Object)
outParams1["Descriptor "];
//Get the first ACE in the existing DACL for this folder
ManagementBaseO bject firstAce = ((ManagementBas eObject[])
SecurityDescrip tor1["DACL"])[0];
//Set parameters for Security Descriptor
SecurityDescrip tor1["ControlFla gs"] = "4";
SecurityDescrip tor1["DACL"] = new object[1]{Ace};
//ALTERNATIVELY SET TO THE FIRST ENTRY IN THE EXISTING DACL
//SecurityDescrip tor1["DACL"] = new object[1]{firstAce};
//***Set Permissions
string dirClassPath2 = @"Win32_Directo ry='" + strDFSLink + "'";
ManagementObjec t Win32Directory = new ManagementObjec t(new
ManagementPath( dirClassPath2), null);
ManagementBaseO bject inParams2 =
Win32Directory. GetMethodParame ters("ChangeSec urityPermission s");
inParams2["Option"] = "4";
inParams2["SecurityDescri ptor"] = SecurityDescrip tor1;
ManagementBaseO bject outParams2 =
Win32Directory. InvokeMethod("C hangeSecurityPe rmissions", inParams2, null); 0 2338 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Fran Tirimo |
last post by:
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company 1&1 with only limited server
configuration via a web based control panel.
My query relates to the ASP security model and how it relates to FrontPage
options for setting file access on a database file. If you know of any
online documentation...
|
by: Maximus |
last post by:
Hi,
Does anybody know how I can programatically set modify permissions on a
folder for the aspnet user.
Any help will be appreciated.
Thanks.
|
by: Johan |
last post by:
Hi
I'm using WMI to set and remove folderpermissions and it sems to work
fine, sometimes. I start by having the folderpermissons manuly set to
Everyone and Everone has full rights. When I'm setting and removing
permissons on a mapped folder in the network it works fine but when
doing the same thing on a folder om my harddrive Everyone does not get
removed.
Does anyone have any idea how to fix this or how to set and remove...
|
by: Jeremy Winchell |
last post by:
I have an applications that imports new AD users. It creates a folder to store the user profile information, and a folder for their home directory.
I would like to set the Permissions on these two folder objects, but I am unsure how. I am fairly new to this side of things so I'm looking for some help or guidance on how to do this.
I haven't worked with ACL's much, so I'm not sure what kind of interfaces to tools are available to help set...
|
by: Phil Hey |
last post by:
I am trying to set permissions on a folder programmatically, and have
success fully used the code below for knowledge base article 266461 : How
To: Programmatically Set NTFS File System Folder Permissions Using Microsoft
Visual Basic . NET
However I need to set the permissions to Read Only rather than Full Control,
can any one help me with this.
Dim objADsSec As ADsSecurity
| |
by: Praveen |
last post by:
Hello.
I am writing some code that accepts a DFS Link and Username and grants that
User permissions to the physical directory that the DFS Link corresponds to.
I am using the System.Management namespace and WMI queries.
When I run the code below and check the Security tab of the folder , I find
that all entries have been cleared – which is ok and this is expected, main
problem is that the User that I have set up the Trustee and ACE...
|
by: steggun |
last post by:
Hello,
I'm writing a C# windows form application and need some guidance on a couple
of issues.
First, my application needs to change the permissions on a folder. The
application creates a local group and I need to give that group Full Control
permissions to a folder on the file system. Would anyone know how to
accomplish this?
|
by: =?Utf-8?B?TGlhbSBNYWM=?= |
last post by:
Hi Folks,
I have embeded WMI scripting within a Visual Basic application to create
remote shares and set permissions, I'm now moving to vb.net environment and
having trouble getting my scripting to work, I have search the net for vb.net
code to create shared folders and set permsission but no joy, if anyone can
help or recommend good web sites on this or is there anyway I can get my
exisiting code to work in vb.net please see code below...
|
by: daokfella |
last post by:
I have a custom web.config section similar to the following:
<CustomAuthSettings attr1="" attr2="">
<Locations RedirectUrl="Invalid.aspx">
<add Path="test.aspx" Roles="1,2,3" Permissions="4,5,6" />
</Locations>
</CustomAuthSettings>
Everything seems to work just fine. When I have config files in nested
folders, Attr1 and Attr2 of the CustomAuthSettings section correctly
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |