欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

vbs通过WMI修改文件文件夹的NTFS权限

程序员文章站 2022-04-10 13:42:18
使用wmi修改文件文件夹的ntfs权限, 代码:复制代码 代码如下:struser = "guests"strpath = "d:\\abc.txt"retval = ad...

使用wmi修改文件文件夹的ntfs权限, 代码:

复制代码 代码如下:

struser = "guests"
strpath = "d:\\abc.txt"
retval = addpermission(struser,strpath,"r",true)

'-------------------------------------------------------------------------

'用于给文件和文件夹添加一条权限设置.返回值: 0-成功,1-账户不存在,2-路径不存在
'struser表示用户名或组名
'strpath表示文件夹路径或文件路径
'straccess表示允许权限设置的字符串,字符串中带有相应字母表示允许相应权限: r-读,c-读写,f-完全控制
'blinherit表示是否继承父目录权限.true为继承,false为不继承

function addpermission(struser,strpath,straccess,blinherit)
        set objwmiservice = getobject("winmgmts:\\.\root\cimv2")
        set fso = createobject("scripting.filesystemobject")
        '得到win32_sid并判断用户/组/内置账户是否存在
        set colusers = objwmiservice.execquery("select * from win32_account where name='"&struser&"'")
        if colusers.count<>0 then
                for each objuser in colusers
                        strsid = objuser.sid
                next
        else
                addpermission = 1
                exit function
        end if
        set objsid = objwmiservice.get("win32_sid.sid='"&strsid&"'")
        '判断文件/文件夹是否存在
        pathtype = ""
        if fso.fileexists(strpath) then pathtype = "file"
        if fso.folderexists(strpath) then pathtype = "folder"
        if pathtype = "" then
                addpermission = 2
                exit function
        end if
        '设置trustee
        set objtrustee = objwmiservice.get("win32_trustee").spawninstance_()
        objtrustee.domain = objsid.referenceddomainname
        objtrustee.name = objsid.accountname
        objtrustee.sid = objsid.binaryrepresentation
        objtrustee.sidlength = objsid.sidlength
        objtrustee.sidstring = objsid.sid
        '设置ace
        set objnewace = objwmiservice.get("win32_ace").spawninstance_()
        objnewace.trustee = objtrustee
        objnewace.acetype = 0
        if instr(ucase(straccess),"r") > 0 then objnewace.accessmask = 1179817
        if instr(ucase(straccess),"c") > 0 then objnewace.accessmask = 1245631
        if instr(ucase(straccess),"f") > 0 then objnewace.accessmask = 2032127
        if pathtype = "file" and blinherit = true then objnewace.aceflags = 16
        if pathtype = "file" and blinherit = false then objnewace.aceflags = 0
        if pathtype = "folder" and blinherit = true then objnewace.aceflags = 19
        if pathtype = "folder" and blinherit = false then objnewace.aceflags = 3
        '设置sd
        set objfilesecsetting = objwmiservice.get("win32_logicalfilesecuritysetting.path='"&strpath&"'")
        call objfilesecsetting.getsecuritydescriptor(objsd)
        blse_dacl_auto_inherited = true
        if (objsd.controlflags and &h400) = 0 then
                blse_dacl_auto_inherited = false
                objsd.controlflags = (objsd.controlflags or &h400)               
    '自动继承位置位,如果是刚创建的目录或文件该位是不置位的,需要置位
        end if
        if blinherit = true then
                objsd.controlflags = (objsd.controlflags and &hefff)       
    '阻止继承复位
        else
                objsd.controlflags = (objsd.controlflags or &h1400)               
    '阻止继承位置位,自动继承位置位
        end if
        objolddacl = objsd.dacl
        redim objnewdacl(0)
        set objnewdacl(0) = objnewace
        if isarray(objolddacl) then               
  '权限为空时objolddacl不是集合不可遍历
                for each objace in objolddacl
                        if (blse_dacl_auto_inherited=false and blinherit=true) or ((objace.aceflags and 16)>0 and (blinherit=true) or (lcase(objace.trustee.name)=lcase(struser))) then
                                'do nothing
                                '当自动继承位置位为0时即使时继承的权限也会显示为非继承,这时所有权限都不设置
                                '当自动继承位置位为0时,在继承父目录权限的情况下不设置继承的权限.账户和需要加权限的账户一样时不设置权限
                        else
                                ubd = ubound(objnewdacl)
                                redim preserve objnewdacl(ubd+1)
                                set objnewdacl(ubd+1) = objace
                        end if
                next
        end if

        objsd.dacl = objnewdacl
        '提交设置修改
        call objfilesecsetting.setsecuritydescriptor(objsd)
        addpermission = 0
        set fso = nothing
end function