Re: SACL again
From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 10/04/02
- Next message: Eric Fitzgerald [MS]: "Re: Audit Logs."
- Previous message: Eric Fitzgerald [MS]: "Re: How would you log logins?"
- In reply to: jbanek: "SACL again"
- Next in thread: jbanek: "Re: SACL again"
- Reply: jbanek: "Re: SACL again"
- Reply: jbanek: "Re: SACL again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com> Date: Thu, 3 Oct 2002 20:06:33 -0700
Hey John,
1. You should set the security mask first to request SACL info:
oADsSecurity.SecurityMask = 8 ' ADS_SECURITY_INFO_SACL
2. To read the SACL, you must have the SE_SECURITY_PRIVILEGE enabled (aka
SE_SECURITY_NAME). I don't know if you can do this in VBS.
3. You had the wrong syntax for GetSecurityDescriptor, try this:
Set sd1 = oADsSecurity.GetSecurityDescriptor("d:\temp\test3.txt", 1, 1)
Here is another suggestion from our dev team:
Use the supported IADsSecurityUtility interface as opposed to the interface
from the Resource Kit utility ADSSecutiry.dll. By default
IADsSecurityUtility sets SecurityMask to Owner, Group and DACL. You need to
change the security mask to include SACL, then set SD.sytemACL to point to
the new sacl and then call SetSecurityDescriptor. You are mixing oacl and
osacl in your example.
Eric
"jbanek" <jbanek@email.msn.com> wrote in message
news:#lJAaq9ZCHA.1888@tkmsftngp12...
> I am trying to set SACL on folder c:\test3. Script below runs, there is no
> error but SACL is not set.
> Values for Ace.Flags and AccessMask are taken from first setting SACL on
> directory
> and then just list all properties using different script.
> What am i doing wrong?
>
> set fsoObject=CreateObject("Scripting.FileSystemObject")
> set oADsSecurity = CreateObject("ADsSecurity")
> set oTargetSD = oADsSecurity.GetSecurityDescriptor("file://c:\test3")
> set oSacl = oTargetSD.SystemAcl
> set oAcl = createobject("AccessControlList")
> oAcl.AceCount = 1
> oAcl.AclRevision = 4
> set oAce = CreateObject("AccessControlEntry")
> oAce.Trustee = "BUILTIN\Administrators"
> oAce.AceType = 2
> oAce.AccessMask = 851968
> oAce.AceFlags = 195
> 'If I use statement belove I will get an error that oSacl object does not
> exist, which is OK because by default SACL is not set.
> ' oSacl.AddAce oAce
> oacl.AddAce oAce
> oTargetSD.SystemAcl = oacl
> oADsSecurity.SetSecurityDescriptor oTargetSD
>
> Regards,
> John
>
>
- Next message: Eric Fitzgerald [MS]: "Re: Audit Logs."
- Previous message: Eric Fitzgerald [MS]: "Re: How would you log logins?"
- In reply to: jbanek: "SACL again"
- Next in thread: jbanek: "Re: SACL again"
- Reply: jbanek: "Re: SACL again"
- Reply: jbanek: "Re: SACL again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
