By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,607 Members | 1,972 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,607 IT Pros & Developers. It's quick & easy.

Setting folder permissions using VB.Net

P: n/a

I'm using WMI to set and remove folderpermissions and it sems to work
fine, sometimes. I start by having the folderpermissons manuly set to
Everyone and Everone has full rights. When I'm setting and removing
permissons on a mapped folder in the network it works fine but when
doing the same thing on a folder om my harddrive Everyone does not get
Does anyone have any idea how to fix this or how to set and remove
folderpermissons in another way.
Here is the code I'm using:

'Path to folder to change permissions for

Dim mp As New ManagementPath()

'mp.Server = "servername"

'mp.NamespacePath = "root\cimv2"

mp.RelativePath =
"\\MASCHINENAME\root\CIMV2:Win32_LogicalFileSecuri tySetting.Path=""u:\\jad\\root\\henrik
svensson""" '"Win32_LogicalFileSecuritySetting.Path='" +
path.Replace("\", "\\") + "'"

'\\ASPLUND\root\CIMV2:Win32_LogicalFileSecuritySet ting.Path="d:\\administatorfiles\\root"
'\\ASPLUND\root\CIMV2:Win32_LogicalFileSecuritySet ting.Path="u:\\jad\\root\\henrik

Dim objFile As New ManagementObject(mp)

Dim options As New InvokeMethodOptions(Nothing, New
TimeSpan(0, 0, 0, 5))

Dim outparams As ManagementBaseObject =
objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)

Dim securityDescriptor As ManagementBaseObject =

lblMessage.Text += "Got SD...<br>"

Dim dacl As ManagementBaseObject() =

Dim oldACE As ManagementBaseObject

Dim trustee As ManagementBaseObject

lblMessage.Text += "Print old DACL<br>"

For Each oldACE In dacl

trustee = CType(oldACE("Trustee"),

lblMessage.Text += trustee("Name").ToString() & " " &
oldACE("AccessMask").ToString() & " " & oldACE("AceType").ToString() &


Dim win32Trustee As New ManagementClass("Win32_Trustee")

'Create Trustee for User

Dim newTrusteeUser As ManagementObject =

Dim UserAcct As String = "CN=Anna
Hansson,OU=Stab,OU=Lund,DC=qliktech,DC=com" '"LDAP string to user in
AD (without LDAP://)"

Dim UserNamePath As String = "LDAP://" & UserAcct

Dim dirEnt As New DirectoryEntry(UserNamePath)

Dim UserName As String =

Dim UserSid As Byte() = dirEnt.Properties("objectsid")(0)


newTrusteeUser("Name") = UserName

newTrusteeUser("SID") = UserSid

newTrusteeUser("SIDLength") = UserSid.Length

'Create ACE for User

Dim win32Ace As New ManagementClass("Win32_ACE")

Dim newACEUser As ManagementObject =

newACEUser("Trustee") = newTrusteeUser

newACEUser("AceFlags") = 3

newACEUser("AceType") = 0

newACEUser("AccessMask") = 1179817

'Create Trustee for Domain Admin

Dim newTrusteeAdmin As ManagementObject =

Dim AdminAcct As String = "CN=Domain
Admins,CN=Users,DC=qliktech,DC=com" '"LDAP string to Domain Admins in
AD (without LDAP://)"

Dim AdminNamePath As String = "LDAP://" & AdminAcct

dirEnt = New DirectoryEntry(AdminNamePath)

Dim AdminName As String =

Dim adminSid As Byte() = dirEnt.Properties("objectsid")(0)


newTrusteeAdmin("Name") = AdminName

newTrusteeAdmin("SID") = adminSid

newTrusteeAdmin("SIDLength") = adminSid.Length

'Create ACE for Domain Admins

Dim newACEAdmin As ManagementObject =

newACEAdmin("Trustee") = newTrusteeAdmin

newACEAdmin("AceFlags") = 3

newACEAdmin("AceType") = 0

newACEAdmin("AccessMask") = 2032127

'set new dacl

Dim newAces() As ManagementBaseObject = New
ManagementBaseObject() {newACEUser, newACEAdmin}

securityDescriptor("DACL") = newAces

'call method, set sd

Dim args1() As Object = {securityDescriptor}

Dim retval As UInt32 =
objFile.InvokeMethod("SetSecurityDescriptor", args1)

lblMessage.Text += "<br>SetSecurityDescriptor ReturnStatus
= " & System.Convert.ToInt32(retval)
Catch ex As Exception

lblMessage.Text = "Setting permission failed: " &

End Try

End Sub
Nov 20 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.