程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 編程語言 >> 更多編程語言 >> 更多關於編程 >> vbs通過WMI修改文件文件夾的NTFS權限

vbs通過WMI修改文件文件夾的NTFS權限

編輯:更多關於編程
    使用WMI修改文件文件夾的NTFS權限實現方法,需要的朋友可以參考下  

    使用WMI修改文件文件夾的NTFS權限, 代碼:

    復制代碼 代碼如下:


    strUser = "guests"
    strPath = "D:abc.txt"
    RetVal = AddPermission(strUser,strPath,"R",True)

    '-------------------------------------------------------------------------

    '用於給文件和文件夾添加一條權限設置.返回值: 0-成功,1-賬戶不存在,2-路徑不存在
    'strUser表示用戶名或組名
    'strPath表示文件夾路徑或文件路徑
    'strAccess表示允許權限設置的字符串,字符串中帶有相應字母表示允許相應權限: R-讀,C-讀寫,F-完全控制
    'blInherit表示是否繼承父目錄權限.True為繼承,False為不繼承

    Function AddPermission(strUser,strPath,strAccess,blInherit)
            Set objWMIService = GetObject("winmgmts:.rootCimv2")
            Set fso = CreateObject("Scripting.FileSystemObject")
            '得到Win32_SID並判斷用戶/組/內置賬戶是否存在
            Set colUsers = objWMIService.ExecQuery("SELECT * FROM Win32_Account WHERE Name='"&strUser&"'")
            If colUsers.count<>0 Then
                    For Each objUser In colUsers
                            strSID = objUser.SID
                    Next
            Else
                    AddPermission = 1
                    Exit Function
            End If
            Set objSID = objWMIService.Get("Win32_SID.SID='"&strSID&"'")
            '判斷文件/文件夾是否存在
            pathType = ""
            If fso.fileExists(strPath) Then pathType = "FILE"
            If fso.folderExists(strPath) Then pathType = "FOLDER"
            If pathType = "" Then
                    AddPermission = 2
                    Exit Function
            End If
            '設置Trustee
            Set objTrustee = objWMIService.Get("Win32_Trustee").SpawnInstance_()
            objTrustee.Domain = objSID.ReferencedDomainName
            objTrustee.Name = objSID.AccountName
            objTrustee.SID = objSID.BinaryRepresentation
            objTrustee.SidLength = objSID.SidLength
            objTrustee.SIDString = objSID.Sid
            '設置ACE
            Set objNewACE = objWMIService.Get("Win32_ACE").SpawnInstance_()
            objNewACE.Trustee = objTrustee
            objNewACE.AceType = 0
            If InStr(UCase(strAccess),"R") > 0 Then objNewACE.AccessMask = 1179817
            If InStr(UCase(strAccess),"C") > 0 Then objNewACE.AccessMask = 1245631
            If InStr(UCase(strAccess),"F") > 0 Then objNewACE.AccessMask = 2032127
            If pathType = "FILE" And blInherit = True Then objNewACE.AceFlags = 16
            If pathType = "FILE" And blInherit = False Then objNewACE.AceFlags = 0
            If pathType = "FOLDER" And blInherit = True Then objNewACE.AceFlags = 19
            If pathType = "FOLDER" And blInherit = False Then objNewACE.AceFlags = 3
            '設置SD
            Set objFileSecSetting = objWMIService.Get("Win32_LogicalFileSecuritySetting.Path='"&strPath&"'")
            Call objFileSecSetting.GetSecurityDescriptor(objSD)
            blSE_DACL_AUTO_INHERITED = True
            If (objSD.ControlFlags And &H400) = 0 Then
                    blSE_DACL_AUTO_INHERITED = False
                    objSD.ControlFlags = (objSD.ControlFlags Or &H400)               
        '自動繼承位置位,如果是剛創建的目錄或文件該位是不置位的,需要置位
            End If
            If blInherit = True Then
                    objSD.ControlFlags = (objSD.ControlFlags And &HEFFF)       
        '阻止繼承復位
            Else
                    objSD.ControlFlags = (objSD.ControlFlags Or &H1400)               
        '阻止繼承位置位,自動繼承位置位
            End If
            objOldDacl = objSD.Dacl
            ReDim objNewDacl(0)
            Set objNewDacl(0) = objNewACE
            If IsArray(objOldDacl) Then               
      '權限為空時objOldDacl不是集合不可遍歷
                    For Each objACE In objOldDacl
                            If (blSE_DACL_AUTO_INHERITED=False And blInherit=True) Or ((objACE.AceFlags And 16)>0 And (blInherit=True) Or (LCase(objACE.Trustee.Name)=LCase(strUser))) Then
                                    'Do nothing
                                    '當自動繼承位置位為0時即使時繼承的權限也會顯示為非繼承,這時所有權限都不設置
                                    '當自動繼承位置位為0時,在繼承父目錄權限的情況下不設置繼承的權限.賬戶和需要加權限的賬戶一樣時不設置權限
                            Else
                                    Ubd = UBound(objNewDacl)
                                    ReDim preserve objNewDacl(Ubd+1)
                                    Set objNewDacl(Ubd+1) = objACE
                            End If
                    Next
            End If

            objSD.Dacl = objNewDacl
            '提交設置修改
            Call objFileSecSetting.SetSecurityDescriptor(objSD)
            AddPermission = 0
            Set fso = Nothing
    End Function

    1. 上一頁:
    2. 下一頁:
    Copyright © 程式師世界 All Rights Reserved