Назначаются права на папку, добавление и удаление пользователей имеют доступ на эту папку. RRS feed

  • Общие обсуждения


    Добрый день господа.


    Помогите разобраться с тем как назначаются права на папку, разбираясь с назначением парав за опснову взят пример с MSDN , в нем меня интересует как к этому примеру применить, добавление и удаление пользователей которые имеют доступ на эту папку и удаление лишних пользователей. И интересует вопрос сможет этот скрипт работать с сетевыми папками?


    Пример кода.


    ' Example Code
    ' The following VBScript example assumes that a folder named testfolder exists on C:\.
    ' The script obtains the security for this folder and changes the access permissions
    ' all the access control entries. For more information on security entities,
    ' see the Platform SDK section on Security. No error checking or handling is shown.

    ' The folder named "testfolder" must exist on the C:\ drive.
    ' Connect to WMI and get the file security object for the testfolder directory
    Set wmiFileSecSetting = GetObject ("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\wwww'")

    ' Use the Win32_LogicalFileSecuritySetting Caption property to create a simple header before
    ' dumping the discretionary access control list (DACL).
    Wscript.Echo "Caption: "& wmiFileSecSetting.Caption ' & ":" & VbCrLf
    Wscript.Echo "ControlFlags: " & wmiFileSecSetting.ControlFlags
    WScript.Echo "Description: " & wmiFileSecSetting.Description
    WScript.Echo "OwnerPermissions: " & wmiFileSecSetting.OwnerPermissions
    WScript.Echo "Path: " & wmiFileSecSetting.Path
    WScript.Echo "SettingID: " & wmiFileSecSetting.SettingID
    WScript.Echo "-------------------------------------------------------------"
    ' #region Persistent fold region
    ' Call the Win32_LogicalFileSecuritySetting GetSecurityDescriptor
    ' method to retrieve an instance of the Win32_SecurityDescriptor class
    ' for the target object, that is, C:\TestFolder. Note that this is achieved by
    ' passing an empty variable to GetSecurityDescriptor, which
    ' GetSecurityDescriptor in turn initializes with an instance of the
    ' Win32_SecurityDescriptor class that corresponds to the security
    ' descriptor for the target object.' #endregion

    RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
    Wscript.Echo "RetVal: "&RetVal
    ' Retrieve the content of Win32_SecurityDescriptor DACL property.
    ' The DACL is an array of Win32_ACE objects.
    DACL = wmiSecurityDescriptor.DACL

    ' Display the control flags in the descriptor.
    Wscript.Echo "Control Flags:  " & wmiSecurityDescriptor.ControlFlags
    WScript.Echo "-----------------------------------------------------------------"
    ' Obtain the trustee for each access control entry (ACE) and change the permissions
    ' in the AccessMask for each ACE to read, write, and delete.
    For Each wmiAce in DACL
    ' Get Win32_Trustee object from ACE
        Set Trustee = wmiAce.Trustee
        wscript.echo "Trustee Domain: "  & Trustee.Domain
        wscript.echo "Trustee Name: "    & Trustee.Name
        wscript.echo "Access Mask: "     & wmiAce.AccessMask
    ' Make access for every trustee read (1), write (2), and delete (65536) access
        wmiAce.AccessMask = 1245631
        wscript.echo "Access Mask: "     & wmiAce.AccessMask           

    ' Call the Win32_LogicalFileSecuritySetting.SetSecurityDescriptor method
    ' to write the new security descriptor.
    RetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
    WScript.Echo "-----------------------------------------------------------------"
    Wscript.Echo "ReturnValue is RetVal:  " & RetVal

    7 апреля 2008 г. 7:38

Все ответы