Valnurat Posted May 18, 2020 Posted May 18, 2020 @AdamUL I'm only interested who has access - like groups and users - not what the access is. I can read that from the name of the groups. So if it is possible just to find the groups with this UDF, it would be great. Yours sincerely Kenneth.
water Posted May 18, 2020 Posted May 18, 2020 I have written a skript to get the ACL listing and display the result in a TreeView. It's about 10 years old, written in German and uses the old Excel UDF - so it definitely needs a brush up. But if you are interested ... My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
ptrex Posted May 18, 2020 Posted May 18, 2020 Since 2011 the scripting world has evolved a lot ! In Powershell this is 6 lines of code and runs lightning fast... If you persist in using AutoIT, you can run the PS code using the .NET Common Language Runtime (CLR) Framework If you are interested ... Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New
AdamUL Posted May 18, 2020 Posted May 18, 2020 @Valnurat Here is you an example, using the UDF. expandcollapse popup#include <Debug.au3> #include <Security.au3> #include 'Permissions.au3' Global $sFile = @ScriptDir & '\test.txt' FileWrite($sFile, 'test') MsgBox(0, "File", "Created") _InitiatePermissionResources() ;Get the file's DACL. ;Do not include inherited permissions. ;~ $pDACL = _GetObjectDacl($sFile) ;~ If @error Then Exit MsgBox(16, "ERROR", "Error _GetObjectDacl") ;Include inherited permissions. $pDACL = _GetObjectDaclIncludeInherit($sFile) If @error Then MsgBox(16, "ERROR", "Error _GetObjectDaclIncludeInherit") ;Create an empty array to fill with the DACL read from the object. Global $aPerm[0][4] $iRet = _MergeDaclToArray($pDACL, $aPerm) ;If there are no explicit permissions, and only inherited, the return valuse will be 0, if you used _GetObjectDacl. MsgBox(0, '', '_MergeDaclToArray return value: ' & $iRet) If $iRet = 0 Then Exit 2 ;SIDs are DLL structs so they show up as blank strings in the array. Pemissions show up as signed integers. ;$array[n][0] - SID structure. ;$array[n][1] - The access type. A value of 1 grants acecess, 0 denies access. ;$array[n][2] - The access mask. _DebugArrayDisplay($aPerm, $sFile) ;Show users and groups in the DACL array as strings. Global $aAcct Global $pAcct Global $sAcct For $i = 0 To UBound($aPerm, 1) - 1 $pAcct = DllStructGetPtr($aPerm[$i][0]) ;Convert SIDs to users and groups strings. $aAcct = _Security__LookupAccountSid($pAcct) If Not IsArray($aAcct) Then $aPerm[$i][0] = _Security__SidToStringSid($pAcct) ;Put SID string for unknown SID. ContinueLoop EndIf $sAcct = ($aAcct[1] <> "" ? $aAcct[1] & "\" : "" ) & $aAcct[0] ConsoleWrite($sAcct & " _Security__IsValidSid: " & _Security__IsValidSid($pAcct) & @CRLF) ;Replace struct with string. $aPerm[$i][0] = $sAcct Next _ClosePermissionResources() ;User and group names changed to strings to be viewable and searchable. _DebugArrayDisplay($aPerm, $sFile) FileDelete($sFile) MsgBox(0, "File", "Deleted") @ptrex I would like to see and example using Powershell. If possible, I would like to see how to get the users' or groups' specific permissions. Thanks. Adam
Valnurat Posted May 20, 2020 Posted May 20, 2020 I get this error: error: _GetObjectDaclIncludeInherit(): undefined function. Yours sincerely Kenneth.
ptrex Posted May 20, 2020 Posted May 20, 2020 Maybe here ? Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New
AdamUL Posted May 20, 2020 Posted May 20, 2020 @Valnurat Sorry about that. I forgot that some function were not in the original UDF. The one ptrex linked is the one. I updated the UDF to use Unicode. That is the one I'm using. Here is the link. Adam
Valnurat Posted May 25, 2020 Posted May 25, 2020 Thank you for your support. But I'm sorry, I now get this message as attached. Yours sincerely Kenneth.
Valnurat Posted May 29, 2020 Posted May 29, 2020 On 5/18/2020 at 1:18 PM, water said: I have written a skript to get the ACL listing and display the result in a TreeView. It's about 10 years old, written in German and uses the old Excel UDF - so it definitely needs a brush up. But if you are interested ... @water - Yes, I would be interested. Yours sincerely Kenneth.
Valnurat Posted May 29, 2020 Posted May 29, 2020 On 5/25/2020 at 8:13 AM, Valnurat said: Thank you for your support. But I'm sorry, I now get this message as attached. @AdamUL - I'm sorry, but do you know why I get this error? I get error because I tried to use the "_GetObjectDacl" If I tried to use the "_GetObjectDaclIncludeInherit", I get this error: Yours sincerely Kenneth.
water Posted May 31, 2020 Posted May 31, 2020 On 5/29/2020 at 9:27 AM, Valnurat said: @water - Yes, I would be interested. I had a look at my code archive and unfortunately I can't find the preparation code for my two-step approach: First step retrieves a list of permissions for the selected path by running something like CACLS, processes the output and writes it to a file. The second step displays the file in a TreeView and adds some additional features (search, export ...) But without the code for step one this doesn't help much. I did a Google search and found some (free) tools to display permissions: https://blog.netwrix.com/2017/08/18/top-5-free-tools-for-ntfs-permissions-reporting/ Maybe there is something that fits your needs? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Jemboy Posted May 6, 2021 Posted May 6, 2021 I have been the whole day looking for an easy way to set registry permissions. Most scripts do not what I want (just add "users" and grant it full rights. I also have been looking for hours at the permissions.udf, but I really do not get the grasp of it. I know permissions is not something easy, but the permission.udf has not made setting permissions easy to understand. Shouldn't the way calcs or icalcs use their parameters be easier ? After a brief test with SetACL, I have decided to use this 3rd party tool, to get my script finished So, is there an easy Autoit way to set permissions on registry keys other then using permissions.udf ? What do you all think of a function AddPermission (object (registry/file/folder), useraccount/sid, Permission (read/write/change etc, Inherit options) with siblings ChangePermission, RemovePermission.
Shark007 Posted May 6, 2021 Posted May 6, 2021 Using the UDF posted by AdamUL Here is an example that I created - Try modifying it to meet your needs. PermissionsExample.au3
Jemboy Posted May 10, 2021 Posted May 10, 2021 @Shark007Thanks both you for the example and also @AdamUL for his permissions.udf. Your example has made it more clearly how to use the UDF. My script is already finished using SetACL.exe and I am going forward with other work and scripts. However I have archived your example for future use.☺️ From simplicty sake, what would you think about the following implementation ? AddPermission (object (registry/file/folder), useraccount/sid, Permission (read/write/change etc, Inherit options) ChangePermission(object (registry/file/folder), useraccount/sid, Permission (read/write/change etc, Inherit options) RemovePermission(object (registry/file/folder), useraccount/sid, Permission (read/write/change etc, Inherit options) With your example, I could probably create the above. Made also a mental note to do this in a future far far away 😉
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now