vbs通过WMI修改文件文件夹的NTFS权限
使用wmi修改文件文件夹的ntfs权限, 代码:
struser = "guests"
strpath = "d:\\abc.txt"
retval = addpermission(struser,strpath,"r",true)
'-------------------------------------------------------------------------
'用于给文件和文件夹添加一条权限设置.返回值: 0-成功,1-账户不存在,2-路径不存在
'struser表示用户名或组名
'strpath表示文件夹路径或文件路径
'straccess表示允许权限设置的字符串,字符串中带有相应字母表示允许相应权限: r-读,c-读写,f-完全控制
'blinherit表示是否继承父目录权限.true为继承,false为不继承
function addpermission(struser,strpath,straccess,blinherit)
set objwmiservice = getobject("winmgmts:\\.\root\cimv2")
set fso = createobject("scripting.filesystemobject")
'得到win32_sid并判断用户/组/内置账户是否存在
set colusers = objwmiservice.execquery("select * from win32_account where name='"&struser&"'")
if colusers.count<>0 then
for each objuser in colusers
strsid = objuser.sid
next
else
addpermission = 1
exit function
end if
set objsid = objwmiservice.get("win32_sid.sid='"&strsid&"'")
'判断文件/文件夹是否存在
pathtype = ""
if fso.fileexists(strpath) then pathtype = "file"
if fso.folderexists(strpath) then pathtype = "folder"
if pathtype = "" then
addpermission = 2
exit function
end if
'设置trustee
set objtrustee = objwmiservice.get("win32_trustee").spawninstance_()
objtrustee.domain = objsid.referenceddomainname
objtrustee.name = objsid.accountname
objtrustee.sid = objsid.binaryrepresentation
objtrustee.sidlength = objsid.sidlength
objtrustee.sidstring = objsid.sid
'设置ace
set objnewace = objwmiservice.get("win32_ace").spawninstance_()
objnewace.trustee = objtrustee
objnewace.acetype = 0
if instr(ucase(straccess),"r") > 0 then objnewace.accessmask = 1179817
if instr(ucase(straccess),"c") > 0 then objnewace.accessmask = 1245631
if instr(ucase(straccess),"f") > 0 then objnewace.accessmask = 2032127
if pathtype = "file" and blinherit = true then objnewace.aceflags = 16
if pathtype = "file" and blinherit = false then objnewace.aceflags = 0
if pathtype = "folder" and blinherit = true then objnewace.aceflags = 19
if pathtype = "folder" and blinherit = false then objnewace.aceflags = 3
'设置sd
set objfilesecsetting = objwmiservice.get("win32_logicalfilesecuritysetting.path='"&strpath&"'")
call objfilesecsetting.getsecuritydescriptor(objsd)
blse_dacl_auto_inherited = true
if (objsd.controlflags and &h400) = 0 then
blse_dacl_auto_inherited = false
objsd.controlflags = (objsd.controlflags or &h400)
'自动继承位置位,如果是刚创建的目录或文件该位是不置位的,需要置位
end if
if blinherit = true then
objsd.controlflags = (objsd.controlflags and &hefff)
'阻止继承复位
else
objsd.controlflags = (objsd.controlflags or &h1400)
'阻止继承位置位,自动继承位置位
end if
objolddacl = objsd.dacl
redim objnewdacl(0)
set objnewdacl(0) = objnewace
if isarray(objolddacl) then
'权限为空时objolddacl不是集合不可遍历
for each objace in objolddacl
if (blse_dacl_auto_inherited=false and blinherit=true) or ((objace.aceflags and 16)>0 and (blinherit=true) or (lcase(objace.trustee.name)=lcase(struser))) then
'do nothing
'当自动继承位置位为0时即使时继承的权限也会显示为非继承,这时所有权限都不设置
'当自动继承位置位为0时,在继承父目录权限的情况下不设置继承的权限.账户和需要加权限的账户一样时不设置权限
else
ubd = ubound(objnewdacl)
redim preserve objnewdacl(ubd+1)
set objnewdacl(ubd+1) = objace
end if
next
end if
objsd.dacl = objnewdacl
'提交设置修改
call objfilesecsetting.setsecuritydescriptor(objsd)
addpermission = 0
set fso = nothing
end function
上一篇: 迁移图片目录的bat代码
下一篇: VBE decoder