Det har jeg ikke selv fået kigget på, men det kan lade sig gøre ved hjælp af
ADSI
jeg har et par tekst dokumenter hvori der står noget
de er vedhæfter her
**************
'Konstanter i forbindelse med NTFS permissions:
ADS_RIGHT_DELETE = 0x10000,
ADS_RIGHT_READ_CONTROL = 0x20000,
ADS_RIGHT_WRITE_DAC = 0x40000,
ADS_RIGHT_WRITE_OWNER= 0x80000,
ADS_RIGHT_SYNCHRONIZE= 0x100000,
ADS_RIGHT_ACCESS_SYSTEM_SECURITY = 0x1000000,
ADS_RIGHT_GENERIC_READ = 0x80000000,
ADS_RIGHT_GENERIC_WRITE = 0x40000000,
ADS_RIGHT_GENERIC_EXECUTE= 0x20000000,
ADS_RIGHT_GENERIC_ALL= 0x10000000,
ADS_RIGHT_DS_CREATE_CHILD= 0x1,
ADS_RIGHT_DS_DELETE_CHILD= 0x2,
ADS_RIGHT_ACTRL_DS_LIST = 0x4,
ADS_RIGHT_DS_SELF= 0x8,
ADS_RIGHT_DS_READ_PROP = 0x10,
ADS_RIGHT_DS_WRITE_PROP = 0x20,
ADS_RIGHT_DS_DELETE_TREE = 0x40,
ADS_RIGHT_DS_LIST_OBJECT = 0x80,
ADS_RIGHT_DS_CONTROL_ACCESS = 0x100
'Forklaring:
ADS_RIGHT_DELETE
The right to delete the object.
ADS_RIGHT_READ_CONTROL
The right to read information from the security descriptor of the object,
not including the information in the SACL.
ADS_RIGHT_WRITE_DAC
The right to modify the discretionary access-control list (DACL) in the
object's security descriptor.
ADS_RIGHT_WRITE_OWNER
The right to assume ownership of the object. The user must be a trustee of
the object. The user cannot transfer the ownership to other users.
ADS_RIGHT_SYNCHRONIZE
The right to use the object for synchronization. This enables a thread to
wait until the object is in the signaled state.
ADS_RIGHT_ACCESS_SYSTEM_SECURITY
The right to get or set the SACL in the object's security descriptor.
ADS_RIGHT_GENERIC_READ
The right to read from the security descriptor, examine the object as well
as its children, and read all properties.
ADS_RIGHT_GENERIC_WRITE
The right to write all the properties and write to the DACL. The user can
add and remove the object to and from the directory.
ADS_RIGHT_GENERIC_EXECUTE
The right to list children of this object.
ADS_RIGHT_GENERIC_ALL
The right to create or delete children, delete a subtree, read and write
properties, examine children and the object itself, add and remove the
object from the directory, and read or write with an extended right.
ADS_RIGHT_DS_CREATE_CHILD
The right to create children of the object. The ObjectType member of an ACE
can contain a GUID that identifies the type of child object whose creation
is being controlled. If ObjectType does not contain a GUID, the ACE controls
the creation of all child object types.
ADS_RIGHT_DS_DELETE_CHILD
The right to delete children of the object. The ObjectType member of an ACE
can contain a GUID that identifies a type of child object whose deletion is
being controlled. If ObjectType does not contain a GUID, the ACE controls
the deletion of all child object types.
ADS_RIGHT_ACTRL_DS_LIST
The right to list children of this object.
ADS_RIGHT_DS_SELF
The right to modify the group membership of a group object.
ADS_RIGHT_DS_READ_PROP
The right to read properties of the object. The ObjectType member of an ACE
can contain a GUID that identifies a property set or property. If ObjectType
does not contain a GUID, the ACE controls the right to read all of the
object's properties.
ADS_RIGHT_DS_WRITE_PROP
The right to write properties of the object. The ObjectType member of an ACE
can contain a GUID that identifies a property set or property. If ObjectType
does not contain a GUID, the ACE controls the right to write all of the
object's properties.
ADS_RIGHT_DS_DELETE_TREE
The right to delete all children of this object, regardless of the
permission on the children.
ADS_RIGHT_DS_LIST_OBJECT
The right to list a particular object. If the user is not granted such a
right, the object is hidden from the user.
ADS_RIGHT_DS_CONTROL_ACCESS
The right to perform an operation controlled by an extended access right.
The ObjectType member of an ACE can contain a GUID that identifies the
extended right. If ObjectType does not contain a GUID, the ACE controls the
right to perform all extended right operations associated with the object.
************************
Setting file permission examples
'----Visual Basic----
Dim sec As New ADsSecurity
Dim sd As IADsSecurityDescriptor
Dim dacl As IADsAccessControlList
Dim ace As IADsAccessControlEntry
Dim newAce As New AccessControlEntry
Set sd = sec.GetSecurityDescriptor("FILE://\\srv01\public")
Set dacl = sd.DiscretionaryAcl
'----Show the ACEs in the DACL----
For Each ace In dacl
Debug.Print ace.Trustee
Debug.Print ace.AccessMask
Debug.Print ace.AceType
Next
Debug.Print dacl.AceCount
'----Add a new ace for Jsmith----
newAce.Trustee = "ARCADIABAY\jsmith"
newAce.AccessMask = ADS_RIGHT_GENERIC_READ Or ADS_RIGHT_GENERIC_EXECUTE
newAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED
dacl.AddAce newAce
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd
'----VBSCript----
Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000
Const ADS_ACETYPE_ACCESS_ALLOWED = 0
Set sec = CreateObject("ADsSecurity")
Set sd = sec.GetSecurityDescriptor("FILE://c:\public\specs")
Set dacl = sd.DiscretionaryAcl
'-- Show the ACEs in the DACL ----
For Each ace In dacl
wscript.echo ace.Trustee
wscript.echo ace.AccessMask
wscript.echo ace.AceType
Next
'--- Add a new ACE so that JSmith can read/execute this file
Set ace = CreateObject("AccessControlEntry")
ace.Trustee = "ARCADIABAY\jsmith"
ace.AccessMask = ADS_RIGHT_GENERIC_READ Or ADS_RIGHT_GENERIC_EXECUTE
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd
'----File System Object----
Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000
Const ADS_ACETYPE_ACCESS_ALLOWED = 0
Set sec = CreateObject("ADsSecurity")
'Getting File System Security Descriptor from FSO
Set fso = CreateObject("Scripting.FileSystemObject")
Set fs = fso.GetFile("c:\public\specs\movetree.doc")
Set sd = sec.GetSecurityDescriptor(fs)
Set dacl = sd.DiscretionaryAcl
'----Show the ACEs in the DACL----
For Each ace In dacl
wscript.echo ace.Trustee
wscript.echo ace.AccessMask
wscript.echo ace.AceType
Next
'----Add a new ACE so that JSmith can read and execute this file----
Set ace = CreateObject("AccessControlEntry")
ace.Trustee = "ARCADIABAY\jsmith"
ace.AccessMask = ADS_RIGHT_GENERIC_READ Or ADS_RIGHT_GENERIC_EXECUTE
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd
SetSecurityDescriptor
****************
"Niels Henriksen" <nh@netopcomdanmark.dk> skrev i en meddelelse
news:tti6cgmgsam604@corp.supernews.com...
> "Jan Damkjær Dahl" <jdd@worldonline.dk> wrote in message
> news:BAYB7.150$tI2.26527@news000.worldonline.dk...
> > Tænker du på NTFS eller Share rettigheder
> >
> Jeg tænker på NTFS. Security rettigheder for Everyone osv.
>
>
> --
> Niels Henriksen
> Systemudvikler
> -
www.ryttersnak.dk
>
>