here is the VB script i am converting.code:
You can also use WMI. Here's the example from the
Win32_LogicalFileSecuritySetting docs...
' The folder named "testfolder" must exist on the C:\ drive.
' Connect to WMI and get the file security object for the testfolder
directory
Set wmiFileSecSetting = GetObject
("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\testfolder'")' Use the Win32_LogicalFileSecuritySetting Caption property to create a
simple header before
' dumping the discretionary access control list (DACL)
Wscript.Echo wmiFileSecSetting.Caption & ":" & vbCrLf
' Call the Win32_LogicalFileSecuritySetting GetSecurityDescriptor
' method to retrieve an instance of the Win32_SecurityDescriptor class
' for the target object, that is, C:\TestFolder. Note that this is achieved
by
' passing an empty variable to GetSecurityDescriptor, which
' GetSecurityDescriptor in turn initializes with an instance of the
' Win32_SecurityDescriptor class that corresponds to the security
' descriptor for the target object.
RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
' After the security descriptor is retrieved, you can use the properties
provided by the
' Win32_SecurityDescriptor class to dissect the security descriptor's access
control lists
' (DACL and SACL) and access control entries (ACEs).
' Retrieve the content of Win32_SecurityDescriptor DACL property.
' The DACL is an array of Win32_ACE objects.
DACL = wmiSecurityDescriptor.DACL
For each wmiAce in DACL
wscript.echo "Access Mask: " & wmiAce.AccessMask
wscript.echo "ACE Type: " & wmiAce.AceType
' Get Win32_Trustee object from ACE
Set Trustee = wmiAce.Trustee
wscript.echo "Trustee Domain: " & Trustee.Domain
wscript.echo "Trustee Name: " & Trustee.Name
' Get SID as array from Trustee
SID = Trustee.SID
For i = 0 To UBound(SID) - 1
strsid = strsid & SID(i) & ","
Next
strsid = strsid & SID(i)
wscript.echo "Trustee SID: {" & strsid & "}"
Next
wscript.echo "ReturnValue is: " & RetVal
Requirements
here is what i have in kix so far.
code:
$wmiFileSecSetting = GetObject("winmgmts:Win32_LogicalFileSecuritySetting.path='%temp%'")
$wmiFileSecSetting.Caption ?
; Call the Win32_LogicalFileSecuritySetting GetSecurityDescriptor
; method to retrieve an instance of the Win32_SecurityDescriptor class
; for the target object, that is, C:\TestFolder. Note that this is achievedby
; passing an empty variable to GetSecurityDescriptor, which
; GetSecurityDescriptor in turn initializes with an instance of the
; Win32_SecurityDescriptor class that corresponds to the security
; descriptor for the target object.
$RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)
; After the security descriptor is retrieved, you can use the properties
; provided by the Win32_SecurityDescriptor class to dissect the security
; descriptor's access control lists (DACL and SACL) and access control
; entries (ACEs).
; Retrieve the content of Win32_SecurityDescriptor DACL property.
; The DACL is an array of Win32_ACE objects.
$DACL = $wmiSecurityDescriptor.DACL
the problem is that this line
$RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)
is supposed to return an object named $wmiSecurityDescriptor, but i can not figure out why it is not. $RetVal is just a return code that equals 0 if successful a number if not. I am getting successful return codes both @error and $RetVal = 0, but my object handle is no where to be found.
Bryce
