A
Amit Desai
Guys. I need to set the file permissions of a folder on a remote fileserver
for a user I have just created using the web app I am writing.
I have the users account name and SID, the name of the file server and the
physical path to the parent folder.
This is what I have so far.. but cant get it to work.. I get various
exceptions with the wmi calls.. Can someone look it over and point out the
obvious mistakes? Also.. I am not sure about my process of converting the
users sid into a byte array to assign to the trustee. I have the SID in the
form of a string and also a Int_Ptr
//Create Trustee (user identifier)
ManagementScope managementscope = new ManagementScope(@"\\" + serverName +
@"\root\cimv2",connOp);
ManagementPath managementpath = new ManagementPath("Win32_Process");
ManagementClass mangagementclass = new
ManagementClass(managementscope,managementpath,null);
//Create Trustee (user identifier)
ManagementObject Trustee = new ManagementClass(managementscope,new
ManagementPath("Win32_Trustee"),null).CreateInstance();
//Set SID of trustee to new users sid
byte [] SID = null;
int SidLen = ((int)user.SID.ToSIDPtr()) / (int)Math.Pow(2,8);
SID = new byte[SidLen];
Marshal.Copy(user.SID.ToSIDPtr(),SID,0,SidLen);
Trustee["SID"] = SID;
Trustee["Name"] = user.AccountName;
//Set ACE for user
ManagementObject Ace = new ManagementClass(managementscope,new
ManagementPath("Win32_ACE"),null).CreateInstance();
//Set Permissions
//AccessMasks : Full Control = 2032127, Change = 1245631, Read = 1179785
Ace["AccessMask"] = "1245631";
//Set Ace flags : Bit flags that specify inheritance of the ACE
Ace["AceFlags"] = "3";
//Set AceType : Allowed = 0, Denied = 1, Audit = 2
Ace["AceType"] = 0;
//Set Trustee to apply ACEs to
Ace["Trustee"] = Trustee;
//Create Security Descriptor to assign to the folder
ManagementObject SecurityDescriptor = new
ManagementClass(managementscope,new
ManagementPath("Win32_SecurityDescriptor"),null).CreateInstance();
//Set Control Flag : SE_DACL_PRESENT indicates a security descriptor
containing a DACL.
SecurityDescriptor["ControlFlags"] = "4";
//Set DACL : Array of ACEs
SecurityDescriptor["DACL"] = new object[1]{Ace};
//Assign the security descriptor to the directory
string dirClassPath = @"Win32_Directory='" + physicalpath + user.AccountName
+ "'";
ManagementClass Win32Directory = new ManagementClass(managementscope,new
ManagementPath(dirClassPath),null);
//Get Input params
ManagementBaseObject inParams =
Win32Directory.GetMethodParameters("ChangeSecurityPermissions");
//Set Options : 4 = CHANGE_DACL_SECURITY_INFORMATION : Change the
discretionary access control list (DACL) of the logical file.
inParams["Option"] = "4";
inParams["SecurityDescriptor"] = SecurityDescriptor;
ManagementBaseObject outParams =
Win32Directory.InvokeMethod("ChangeSecurityPermissions", inParams, null);
uint errorcode = (uint)outParams["returnValue"];
Thanks Amit
for a user I have just created using the web app I am writing.
I have the users account name and SID, the name of the file server and the
physical path to the parent folder.
This is what I have so far.. but cant get it to work.. I get various
exceptions with the wmi calls.. Can someone look it over and point out the
obvious mistakes? Also.. I am not sure about my process of converting the
users sid into a byte array to assign to the trustee. I have the SID in the
form of a string and also a Int_Ptr
//Create Trustee (user identifier)
ManagementScope managementscope = new ManagementScope(@"\\" + serverName +
@"\root\cimv2",connOp);
ManagementPath managementpath = new ManagementPath("Win32_Process");
ManagementClass mangagementclass = new
ManagementClass(managementscope,managementpath,null);
//Create Trustee (user identifier)
ManagementObject Trustee = new ManagementClass(managementscope,new
ManagementPath("Win32_Trustee"),null).CreateInstance();
//Set SID of trustee to new users sid
byte [] SID = null;
int SidLen = ((int)user.SID.ToSIDPtr()) / (int)Math.Pow(2,8);
SID = new byte[SidLen];
Marshal.Copy(user.SID.ToSIDPtr(),SID,0,SidLen);
Trustee["SID"] = SID;
Trustee["Name"] = user.AccountName;
//Set ACE for user
ManagementObject Ace = new ManagementClass(managementscope,new
ManagementPath("Win32_ACE"),null).CreateInstance();
//Set Permissions
//AccessMasks : Full Control = 2032127, Change = 1245631, Read = 1179785
Ace["AccessMask"] = "1245631";
//Set Ace flags : Bit flags that specify inheritance of the ACE
Ace["AceFlags"] = "3";
//Set AceType : Allowed = 0, Denied = 1, Audit = 2
Ace["AceType"] = 0;
//Set Trustee to apply ACEs to
Ace["Trustee"] = Trustee;
//Create Security Descriptor to assign to the folder
ManagementObject SecurityDescriptor = new
ManagementClass(managementscope,new
ManagementPath("Win32_SecurityDescriptor"),null).CreateInstance();
//Set Control Flag : SE_DACL_PRESENT indicates a security descriptor
containing a DACL.
SecurityDescriptor["ControlFlags"] = "4";
//Set DACL : Array of ACEs
SecurityDescriptor["DACL"] = new object[1]{Ace};
//Assign the security descriptor to the directory
string dirClassPath = @"Win32_Directory='" + physicalpath + user.AccountName
+ "'";
ManagementClass Win32Directory = new ManagementClass(managementscope,new
ManagementPath(dirClassPath),null);
//Get Input params
ManagementBaseObject inParams =
Win32Directory.GetMethodParameters("ChangeSecurityPermissions");
//Set Options : 4 = CHANGE_DACL_SECURITY_INFORMATION : Change the
discretionary access control list (DACL) of the logical file.
inParams["Option"] = "4";
inParams["SecurityDescriptor"] = SecurityDescriptor;
ManagementBaseObject outParams =
Win32Directory.InvokeMethod("ChangeSecurityPermissions", inParams, null);
uint errorcode = (uint)outParams["returnValue"];
Thanks Amit