VBSCript之GenerateSDDL函数(权限设置)

function generatesddl(accountname, accessflag, accesstype, accessmask)
 dim accounts, objwmi, objsid, objtru, objace
 const set_dacl_present = &h8004

 set objwmi = getobject("winmgmts:" & "{impersonationlevel=impersonate, (security)}!\\.\root\cimv2")

 set accounts = objwmi.execquery("select * from win32_account where name='" & accountname & "'")
 for each account in accounts
  strsid = account.sid
 next
 set objsid = objwmi.get("win32_sid.sid='"& strsid &"'")

 set objtru = objwmi.get("win32_trustee").spawninstance_()
 objtru.domain  = objsid.referenceddomainname
 objtru.name   = objsid.accountname
 objtru.sid   = objsid.binaryrepresentation
 objtru.sidlength = objsid.sidlength
 objtru.sidstring = objsid.sid

 set objace = objwmi.get("win32_ace").spawninstance_()
 objace.trustee   = objtru
 objace.acetype   = accesstype
 objace.accessmask  = accessmask
 objace.aceflags  = accessflag

 set generatesddl = objwmi.get("win32_securitydescriptor").spawninstance_()
 generatesddl.owner   = objtru
 generatesddl.dacl   = array(objace)
 generatesddl.controlflags = set_dacl_present
end function

strpath = "d:\\1.txt"
set objwmi = getobject("winmgmts:" & "{impersonationlevel=impersonate, (security)}!\\.\root\cimv2")
set objsec = objwmi.get("win32_logicalfilesecuritysetting.path='" & strpath & "'")
objsec.setsecuritydescriptor(generatesddl("everyone", &h0, &h1, &h100e0))