VBS modifies NTFS permissions for a file folder through WMI

VBS modifies NTFS permissions for a file folder through WMI _vbs

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

To modify the NTFS permissions for a file folder using WMI, code:

Copy Code code as follows:

struser = "Guests"
strpath = "D:\\abc.txt"
RetVal = Addpermission (Struser,strpath, "R", True)

'-------------------------------------------------------------------------

' is used to add a permission setting to files and folders. Return Value: 0-Successful, 1-account does not exist, 2-path does not exist
' struser represents a user name or group name
' Strpath represents a folder path or file path
' Straccess represents a string that allows permission to be set, with a corresponding letter in the string that allows the appropriate permissions: R-Read, C-write, F-complete control
' Blinherit indicates whether the parent directory permissions are inherited. True is inherited, false is not inherited

Function addpermission (Struser,strpath,straccess,blinherit)
Set objWMIService = GetObject ("winmgmts:\\.\root\cimv2")
Set fso = CreateObject ("Scripting.FileSystemObject")
' Get win32_sid and determine if the user/group/built-in account exists
Set colusers = objWMIService.ExecQuery ("select * from Win32_account WHERE name= '" "&strUser&")
If colusers.count<>0 Then
For each objuser in Colusers
Strsid = Objuser.sid
Next
Else
Addpermission = 1
Exit Function
End If
Set Objsid = Objwmiservice.get ("Win32_SID. Sid= ' "&strSID&" "")
' Determine if a file/folder exists
PathType = ""
If fso.fileexists (strpath) Then pathtype = "FILE"
If fso.folderexists (strpath) Then pathtype = "folder"
If PathType = "" Then
Addpermission = 2
Exit Function
End If
' Set Trustee
Set objtrustee = Objwmiservice.get ("Win32_Trustee"). SpawnInstance_ ()
Objtrustee.domain = Objsid.referenceddomainname
Objtrustee.name = Objsid.accountname
Objtrustee.sid = Objsid.binaryrepresentation
Objtrustee.sidlength = Objsid.sidlength
objtrustee.sidstring = Objsid.sid
' Set Ace
Set objNewACE = Objwmiservice.get ("Win32_ACE"). SpawnInstance_ ()
objNewACE.Trustee = Objtrustee
Objnewace.acetype = 0
If InStr (UCase (straccess), "R") > 0 Then objnewace.accessmask = 1179817
If InStr (UCase (straccess), "C") > 0 Then objnewace.accessmask = 1245631
If InStr (UCase (straccess), "F") > 0 Then objnewace.accessmask = 2032127
If PathType = "FILE" and Blinherit = True Then objnewace.aceflags = 16
If PathType = "FILE" and Blinherit = False Then objnewace.aceflags = 0
If PathType = "folder" and Blinherit = True Then objnewace.aceflags = 19
If PathType = "folder" and Blinherit = False Then objnewace.aceflags = 3
' Set SD
Set objfilesecsetting = Objwmiservice.get ("win32_logicalfilesecuritysetting.path= '" &strPath& "")
Call Objfilesecsetting.getsecuritydescriptor (OBJSD)
blse_dacl_auto_inherited = True
If (Objsd.controlflags and &h400) = 0 Then
blse_dacl_auto_inherited = False
Objsd.controlflags = (objsd.controlflags Or &h400)
' Auto-inheritance position bit, if the directory or file you just created is not a bit, you need to place
End If
If Blinherit = True Then
Objsd.controlflags = (Objsd.controlflags and &AMP;HEFFF)
' Block Inheritance Reset
Else
Objsd.controlflags = (objsd.controlflags Or &h1400)
' Block inheritance position, automatically inherit position bit
End If
Objolddacl = Objsd.dacl
ReDim Objnewdacl (0)
Set objnewdacl (0) = objNewACE
If IsArray (OBJOLDDACL) Then
' Permission is empty Objolddacl is not a collection cannot traverse
For each objace in Objolddacl
If (Blse_dacl_auto_inherited=false and Blinherit=true) or (Objace.aceflags) >0 and (Blinherit=true) or (LCase (o BjACE.Trustee.Name) =lcase (struser)) Then
' Do nothing
' When the automatic inheritance position is 0 o'clock even if the inherited permissions are displayed as not inheritable, then all permissions are not set
' When the automatic inheritance position is 0 o'clock, the inherited permissions are not set when the parent directory permission is inherited. The account and the account that needs to be added permissions do not set permissions
Else
UBD = UBound (OBJNEWDACL)
ReDim Preserve Objnewdacl (ubd+1)
Set Objnewdacl (ubd+1) = objACE
End If
Next
End If

Objsd.dacl = Objnewdacl
' Submit settings changes
Call Objfilesecsetting.setsecuritydescriptor (OBJSD)
addpermission = 0
Set FSO = Nothing
End Function

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More