PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Microsoft DotNet > Microsoft Dot NET > ACE order in ACL

Reply
Thread Tools Rate Thread

ACE order in ACL

 
 
Steve
Guest
Posts: n/a
 
      7th Mar 2005
Even when I add (or think I do!) a new ACL in the correct order
according to http://support.microsoft.com/default...b;en-us;269159
I still get errors when trying to view the security permissions on
newley created child objects on XP. I've been twekaing the constants
all day with mixed results, but not once have I not got the "The
permissions on xxx are incorrectly ordered..." message, what am I
doing wrong??? Here's my code (what for line breaks)...

Module StartUp
Const defaultAccessMask As ActiveDs.ADS_RIGHTS_ENUM =
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_READ +
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_WRITE +
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_EXECUTE +
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DELETE
Const defaultAceFlags As ActiveDs.ADS_ACEFLAG_ENUM =
ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERIT_ACE
Const defaultAceType As ActiveDs.ADS_ACETYPE_ENUM =
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED

Sub Main()
Call PermissionFolder("C:\Program Files\test",
"somedomain\user1234", defaultAccessMask, defaultAceFlags,
defaultAceType)
Call ListACEs("C:\Program Files\test")
End Sub

Sub PermissionFolder(ByVal folderPath As String, ByVal trustee As
String, ByVal accessMask As ActiveDs.ADS_RIGHTS_ENUM, ByVal aceFlags
As ActiveDs.ADS_ACEFLAG_ENUM, ByVal aceType As
ActiveDs.ADS_ACETYPE_ENUM)
Dim adsSecurity As New ActiveDs.ADsSecurityUtilityClass
Dim adsDescriptor As ActiveDs.SecurityDescriptor
Dim folderACL As ActiveDs.AccessControlList
Dim newACE As New ActiveDs.AccessControlEntry

adsDescriptor = adsSecurity.GetSecurityDescriptor(folderPath,
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
folderACL = adsDescriptor.DiscretionaryAcl()

newACE.Trustee = trustee
newACE.AccessMask = accessMask
newACE.AceFlags = aceFlags
newACE.AceType = aceType

folderACL.AddAce(newACE)
adsDescriptor.DiscretionaryAcl = OrderACL(folderACL)
adsSecurity.SetSecurityDescriptor(folderPath,
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE, adsDescriptor,
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
End Sub

Function OrderACL(ByVal dacl As ActiveDs.AccessControlList) As
ActiveDs.AccessControlList
Dim impDenyDACL As New ActiveDs.AccessControlList
Dim impDenyObjectDACL As New ActiveDs.AccessControlList
Dim impAllowDACL As New ActiveDs.AccessControlList
Dim impAllowObjectDACL As New ActiveDs.AccessControlList
Dim inheritedDACL As New ActiveDs.AccessControlList
Dim ace As ActiveDs.AccessControlEntry
Dim returnDACL As New ActiveDs.AccessControlList

For Each ace In dacl

If ace.AceFlags =
ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERITED_ACE Then
inheritedDACL.AddAce(ace)
Else

Select Case ace.AceType
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED
impAllowDACL.AddAce(ace)
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED
impDenyDACL.AddAce(ace)
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
impAllowObjectDACL.AddAce(ace)
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED_OBJECT
impDenyObjectDACL.AddAce(ace)
End Select

End If

Next

For Each ace In impDenyDACL
returnDACL.AddAce(ace)
Next

For Each ace In impDenyObjectDACL
returnDACL.AddAce(ace)
Next

For Each ace In impAllowDACL
returnDACL.AddAce(ace)
Next

For Each ace In impAllowObjectDACL
returnDACL.AddAce(ace)
Next

For Each ace In inheritedDACL
returnDACL.AddAce(ace)
Next

returnDACL.AclRevision = dacl.AclRevision

Return returnDACL
End Function

Sub ListACEs(ByVal folderPath As String)
Dim securityObj As New ActiveDs.ADsSecurityUtilityClass
Dim descriptorObj As ActiveDs.SecurityDescriptor
Dim aclObj As ActiveDs.AccessControlList
Dim aceObj As ActiveDs.AccessControlEntry
Dim aceOutput As String

descriptorObj = securityObj.GetSecurityDescriptor(folderPath,
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
aclObj = descriptorObj.DiscretionaryAcl()

For Each aceObj In aclObj
aceOutput = aceOutput & aceObj.Trustee & vbTab &
aceObj.AccessMask & vbTab & aceObj.AceFlags & vbTab & aceObj.AceType &
vbTab & aceObj.InheritedObjectType & vbCrLf
Next

MessageBox.Show(aceOutput)
End Sub
End Module
 
Reply With Quote
 
 
 
Reply

« embed a VB Standard EXE in a .Net Windows app - in-place activatio | Install C# Explorer Band »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
For chart syles, why doesn't color order match series order? AMiller Microsoft Excel Charting 1 29th Oct 2009 12:02 AM
How stop Excel file UK date order changing to US order in m.merge =?Utf-8?B?Um9nZXIgQWxkcmlkZ2U=?= Microsoft Excel Misc 1 9th Oct 2007 11:52 PM
Daily Macro to Download Data, Order and paste in order Iarla Microsoft Excel Programming 1 17th Nov 2004 11:55 AM
Graph reverse order changes series order but not legend order biddlea Microsoft Excel Misc 0 13th Aug 2004 12:48 PM
Newbie: Missing the link between Order Entry in a form and the actual Order Details Bryan Anderson Microsoft Access Getting Started 1 17th Feb 2004 01:57 AM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 09:08 PM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top