To modify the NTFS permissions for a file folder using WMI, code:
Copy Code code as follows:
struser = "Guests"
strpath = "D:\\abc.txt"
RetVal = Addpermission (Struser,strpath, "R", True)
'-------------------------------------------------------------------------
' is used to add a permission setting to files and folders. Return Value: 0-Successful, 1-account does not exist, 2-path does not exist
' struser represents a user name or group name
' Strpath represents a folder path or file path
' Straccess represents a string that allows permission to be set, with a corresponding letter in the string that allows the appropriate permissions: R-Read, C-write, F-complete control
' Blinherit indicates whether the parent directory permissions are inherited. True is inherited, false is not inherited
Function addpermission (Struser,strpath,straccess,blinherit)
Set objWMIService = GetObject ("winmgmts:\\.\root\cimv2")
Set fso = CreateObject ("Scripting.FileSystemObject")
' Get win32_sid and determine if the user/group/built-in account exists
Set colusers = objWMIService.ExecQuery ("select * from Win32_account WHERE name= '" "&strUser&")
If colusers.count<>0 Then
For each objuser in Colusers
Strsid = Objuser.sid
Next
Else
Addpermission = 1
Exit Function
End If
Set Objsid = Objwmiservice.get ("Win32_SID. Sid= ' "&strSID&" "")
' Determine if a file/folder exists
PathType = ""
If fso.fileexists (strpath) Then pathtype = "FILE"
If fso.folderexists (strpath) Then pathtype = "folder"
If PathType = "" Then
Addpermission = 2
Exit Function
End If
' Set Trustee
Set objtrustee = Objwmiservice.get ("Win32_Trustee"). SpawnInstance_ ()
Objtrustee.domain = Objsid.referenceddomainname
Objtrustee.name = Objsid.accountname
Objtrustee.sid = Objsid.binaryrepresentation
Objtrustee.sidlength = Objsid.sidlength
objtrustee.sidstring = Objsid.sid
' Set Ace
Set objNewACE = Objwmiservice.get ("Win32_ACE"). SpawnInstance_ ()
objNewACE.Trustee = Objtrustee
Objnewace.acetype = 0
If InStr (UCase (straccess), "R") > 0 Then objnewace.accessmask = 1179817
If InStr (UCase (straccess), "C") > 0 Then objnewace.accessmask = 1245631
If InStr (UCase (straccess), "F") > 0 Then objnewace.accessmask = 2032127
If PathType = "FILE" and Blinherit = True Then objnewace.aceflags = 16
If PathType = "FILE" and Blinherit = False Then objnewace.aceflags = 0
If PathType = "folder" and Blinherit = True Then objnewace.aceflags = 19
If PathType = "folder" and Blinherit = False Then objnewace.aceflags = 3
' Set SD
Set objfilesecsetting = Objwmiservice.get ("win32_logicalfilesecuritysetting.path= '" &strPath& "")
Call Objfilesecsetting.getsecuritydescriptor (OBJSD)
blse_dacl_auto_inherited = True
If (Objsd.controlflags and &h400) = 0 Then
blse_dacl_auto_inherited = False
Objsd.controlflags = (objsd.controlflags Or &h400)
' Auto-inheritance position bit, if the directory or file you just created is not a bit, you need to place
End If
If Blinherit = True Then
Objsd.controlflags = (Objsd.controlflags and &HEFFF)
' Block Inheritance Reset
Else
Objsd.controlflags = (objsd.controlflags Or &h1400)
' Block inheritance position, automatically inherit position bit
End If
Objolddacl = Objsd.dacl
ReDim Objnewdacl (0)
Set objnewdacl (0) = objNewACE
If IsArray (OBJOLDDACL) Then
' Permission is empty Objolddacl is not a collection cannot traverse
For each objace in Objolddacl
If (Blse_dacl_auto_inherited=false and Blinherit=true) or (Objace.aceflags) >0 and (Blinherit=true) or (LCase (o BjACE.Trustee.Name) =lcase (struser)) Then
' Do nothing
' When the automatic inheritance position is 0 o'clock even if the inherited permissions are displayed as not inheritable, then all permissions are not set
' When the automatic inheritance position is 0 o'clock, the inherited permissions are not set when the parent directory permission is inherited. The account and the account that needs to be added permissions do not set permissions
Else
UBD = UBound (OBJNEWDACL)
ReDim Preserve Objnewdacl (ubd+1)
Set Objnewdacl (ubd+1) = objACE
End If
Next
End If
Objsd.dacl = Objnewdacl
' Submit settings changes
Call Objfilesecsetting.setsecuritydescriptor (OBJSD)
addpermission = 0
Set FSO = Nothing
End Function