RE: Using WMI to grant permissions to new users on folder..
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/28/05
- Previous message: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- In reply to: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- Next in thread: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- Reply: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 11:56:08 -0700
Hello scsharma,
i never tried it - just thought this could be helpful for you.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> One more thing, Dominick. Did this code work for you? I wrote a very
> simple
> code where i added and removed couple of trustees and then set the
> DACL back
> to security descriptor. I am surprise to see that the changes are not
> reflected on actual file.
> Here is the sample code
> string filename = ROOT_DIR+nameDirectory;
> SecurityDescriptor secDesc =
> SecurityDescriptor.GetFileSecurity("c:\temp",SECURITY_INFORMATION.DACL
> _SECURITY_INFORMATION);
> Dacl dAcl = secDesc.Dacl;
> dAcl.AddAce(new AceAccessAllowed(new
> Sid("ftpuser"),AccessType.GENERIC_READ));
> dAcl.RemoveAces(new Sid(@"BatchFTP"));
> foreach(Ace ace in dAcl) -- I am attaching output of following print
> statements at this end of this post.
> {
> Console.Write("ACE SID: {0} ", ace.Sid.CanonicalName);
> Console.Write("ACE Type: {0} ", ace.Type);
> Console.WriteLine("ACE AccessType: {0} (0x{0:X})",
> (EventAccessType)ace.AccessType);
> }
> secDesc.SetDacl(dAcl);
> ---Output of print statements----------------------
> ACE SID: BUILTIN\Administrators ACE Type:
> ACCESS_ALLOWED_ACE_TYPE ACE AccessType: 2032127 (0x001F01FF)
> ACE SID: NT AUTHORITY\SYSTEM ACE Type:
> ACCESS_ALLOWED_ACE_TYPE
> ACE AccessType: 2032127 (0x001F01FF)
> ACE SID: AOC\ssharma ACE Type: ACCESS_ALLOWED_ACE_TYPE
> ACE
> AccessType: 2032127 (0x001F01FF)
> ACE SID: CREATOR OWNER ACE Type: ACCESS_ALLOWED_ACE_TYPE
> ACE
> AccessType: GENERIC_ALL (0x10000000)
> ACE SID: BUILTIN\Users ACE Type: ACCESS_ALLOWED_ACE_TYPE
> ACE
> AccessType: 1179817 (0x001200A9)
> ACE SID: BUILTIN\Users ACE Type: ACCESS_ALLOWED_ACE_TYPE
> ACE
> AccessType: 4 (0x00000004)
> ACE SID: BUILTIN\Users ACE Type: ACCESS_ALLOWED_ACE_TYPE
> ACE
> AccessType: EVENT_MODIFY_STATE (0x00000002)
> ACE SID: SSHARMA\f4 ACE Type: ACCESS_ALLOWED_ACE_TYPE ACE
> AccessType: GENERIC_READ (0x80000000)
> --------End of print
> Am i missing something? The output has all the trustees that i had
> added but when i check the permission on file using file
> properties->Security Tab, I still see "BatchFTP" group though i have
> removed that in above code. Also, user "ssharma\f4" is not there.
>
> Thanks
> SCS
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello [MSFT],
>>
>> have you tried that?
>>
>> http://www.leastprivilege.com/ACLSupportForNET.aspx
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Hello,
>>>
>>> I also suspect this issue a bug. The key line may be:
>>>
>>> Descriptor.Properties["Dacl"].Value = DaclObject;
>>>
>>> and
>>>
>>> ManagementBaseObject ret = lfs.InvokeMethod("SetSecurityDescriptor",
>>> inParams, null);
>>>
>>> The old values is not replaced but appended.
>>>
>>> I will record this and hope it can be fixed in later version.
>>>
>>> Luke
>>>
- Previous message: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- In reply to: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- Next in thread: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- Reply: scsharma: "RE: Using WMI to grant permissions to new users on folder.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
