tatane Posted June 13, 2013 Posted June 13, 2013 (edited) Hi, Thank you for this great UDF ! I'm wondering if it's possible to grant permission access to Active Directory users/groups ? Must I specify the name of the AD user like local account user ? Group too ? Here is a example with AD account : ; testDIR was created before the script execution $TI = TimerInit() Dim $aPerm[1][3] $aPerm[0][0] = 'ADuser' $aPerm[0][1] = 1 $aPerm[0][2] = BitOr($ACTRL_DIR_TRAVERSE, $ACTRL_DIR_LIST) $ret = _EditObjectPermissions(@ScriptDir&'testDIR',$aPerm) $erreur = @error $TD = TimerDiff($TI) MsgBox(0,'','Add access aces: '&$aPerm[0][0]&@CRLF&@CRLF& _ '_EditObjectPermissions return value: '&$ret&' erreur='&$erreur&' Time: '&Round($TD,2)&' miliseconds.'&@CRLF& _ 'Check the file permissons before closing the message box.') With this script, I keep geting a return code = 0 and @error = 0. Am I doing something wrong ? EDIT : It was my fault. It is not @ScriptDir&'testDIR' but @ScriptDir&''&'testDIR' The AD user name or AD group name works too. Yet I've got something strange with permissions. All permissions I add are set in "Specials Permissions". Is it normal ? EDIT 2 : OK I get it. Permissions in the Security Tab are combined special permissions. eg : $LIST_FOLDER_CONTENTS = BitOR($FILE_TRAVERSE, $FILE_READ_DATA, $FILE_READ_ATTRIBUTES, $FILE_READ_EA, $GENERIC_READ) Edited June 13, 2013 by tatane
tatane Posted June 13, 2013 Posted June 13, 2013 New question : Is it possible to set Share Folder Permissions with this UDF ? - Full control - Modify - Read
RCB Posted July 15, 2013 Posted July 15, 2013 Very nice UDF. But either I don't understood something, or there is something missing (at least an example). I need to know if an user (in fact, "Everyone" or to be correct SID "{S-1-1-0}") have full access to a specific folder. Currently, I use (i)cacls to check this but it's an awfully ugly code that needs to capture the stdout of the process. I didn't find in the UDF a "_GetObjectPermissions" method (found "_Set" and "_Edit" only). Can you help me by either adding a "_GetObjectPermissions" function and add an example of how to use it? Thanks anyway, nice work and a lot of efforts to do such an UDF. BTW, examples are not portable at all and won't work on non-english Windows. Examples are given directly with english names instead of using the special SID (ex: "Everyone" => replace with "_Security__LookupAccountSid($SID_EVERYONE)"). Sad, because it deserves this great work.
stamandster Posted August 15, 2013 Posted August 15, 2013 (edited) I'm probably just really stupid (but I don't want to screw up my services just "testing")... does anyone have an example of setting Service security?? i'm looking to mimic the command using SUBINACL subinacl.exe /service SERVICE_NAME /grant="DOMAINGROUP"=TOP TOP just means Start, Stop, Pause/Continue will be granted (added for) the group. It will keep all existing security set on the service. Edited August 15, 2013 by stamandster
Spiff59 Posted August 21, 2013 Posted August 21, 2013 (edited) Hello Fred, The $ACCESS_SYSTEM_SECURITY constant is now defined in the Beta version of SecurityConstants.au3. To avoid an error, at some point, it will need to be deleted from Permissions.au3. Thanks. Edit: Fred hasn't been online since the end of May, so y'all may be wantin' to individually apply this fix. Edited August 21, 2013 by Spiff59
tuffnet Posted November 12, 2013 Posted November 12, 2013 Hi I cant get permission to win8, windows/web/screen -folder. _InitiatePermissionResources() GrantAdministratorsAccess_1($win8screen, @UserName) GrantAllAccess($win8screen, @UserName)
Marcel789 Posted November 23, 2013 Posted November 23, 2013 Can i block a file with this script ? If yes, how ?
BrewManNH Posted November 23, 2013 Posted November 23, 2013 Block? What do you mean by block? That could mean anything. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator
Marcel789 Posted November 24, 2013 Posted November 24, 2013 Block a file like this: http://img6.imagebanana.com/img/xa3fc4f4/1.png Translated with google: File access denied.
Developers Jos Posted November 24, 2013 Developers Posted November 24, 2013 Block a file like this: http://img6.imagebanana.com/img/xa3fc4f4/1.png Translated with google: File access denied. You can change the security settings of a file and can set the file access anyway you want. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Marcel789 Posted November 24, 2013 Posted November 24, 2013 You can change the security settings of a file and can set the file access anyway you want. Jos Yes, but how ? Have you a example for me ?
Developers Jos Posted November 24, 2013 Developers Posted November 24, 2013 Have you tried anything yet and do you understand how security works in Windows? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Marcel789 Posted November 24, 2013 Posted November 24, 2013 (edited) Yes, Sir. Edited November 24, 2013 by Marcel789
dummptyhummpty Posted December 19, 2013 Posted December 19, 2013 Maybe I'm approaching this wrong, but I want to give a user access to a folder without changing the existing permissions. The folder has two inherited users and one explicitly added user. I'm trying to add a fourth user, but the following results in only the new user having access on the folder. Global $aPermissions[1][3] $aPermissions[0][0] = "[uSER]" $aPermissions[0][1] = 1 $aPermissions[0][2] = $FILE_USERS_DEFAULT _EditObjectPermissions("[FOLDER PATH]", $aPermissions, $SE_FILE_OBJECT, '', 0, 1, $SUB_CONTAINERS_AND_OBJECTS_INHERIT) On another note, is a there a function to recursively set the owner on sub files and directories or do I need to write that on my own?
Sundance Posted January 26, 2014 Posted January 26, 2014 Just saw two little errors in _GetSecurityDescriptorOwner and _GetSecurityDescriptorGroup. Within those functions there was a line: If $format= but it should be If $Format=
water Posted January 26, 2014 Posted January 26, 2014 AutoIt is not case sensitive. So no difference. Taken from the help file: "Note that all variable names are case insensitive: MyVariable() is the same as MyvARiAblE()" My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
zhangyc Posted February 7, 2014 Posted February 7, 2014 (edited) hi ,,i'm not run the udf not found Global Const help me.. >"E:autoit3SciTEACNWrapperACNWrapper.exe" /run /ErrorStdOut /in "C:Documents and SettingsAdministratorMy DocumentsDownloads新建 AutoIt v3 脚本.au3" /autoit3dir "E:autoit3" /UserParams +>05:08:41 开始执行 ACNWrapper v.1.0.1.0 +> ============================================ +>执行环境: +> CPU构架: X64 +> 系统构架: X86 +> 系统语言: 0804 +> 键盘布局: 00000804 +> 内存总量: 3324MB +> 内存剩余: 2540MB +> 操作系统: WIN_XP/Service Pack 3 +> AU3版本: 3.3.7.15 +> ============================================ >运行 AU3Check (1.54.21.0) 开始目录:E:autoit3 C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(188,107) : WARNING: $READ_CONTROL: 使用前并未进行声明. Global Const $REG_GENERIC_READ = BitOR($ACTRL_REG_QUERY,$ACTRL_REG_LIST,$ACTRL_REG_NOTIFY,$READ_CONTROL) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,72) : WARNING: $WRITE_DAC: 使用前并未进行声明. $aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,85) : WARNING: $WRITE_OWNER: 使用前并未进行声明. $aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC,$WRITE_OWNER) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(785,30) : WARNING: $DENY_ACCESS: 使用前并未进行声明. $AccessMode = $DENY_ACCESS ~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(787,29) : WARNING: $SET_ACCESS: 使用前并未进行声明. $AccessMode = $SET_ACCESS ~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(188,107) : 错误: $READ_CONTROL: 未声明的全局变量. Global Const $REG_GENERIC_READ = BitOR($ACTRL_REG_QUERY,$ACTRL_REG_LIST,$ACTRL_REG_NOTIFY,$READ_CONTROL) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,72) : 错误: $WRITE_DAC: 未声明的全局变量. $aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,85) : 错误: $WRITE_OWNER: 未声明的全局变量. $aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC,$WRITE_OWNER) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(785,30) : 错误: $DENY_ACCESS: 未声明的全局变量. $AccessMode = $DENY_ACCESS ~~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(787,29) : 错误: $SET_ACCESS: 未声明的全局变量. $AccessMode = $SET_ACCESS ~~~~~~~~~~~~~~~~~~~~~~~~~^ C:Documents and SettingsAdministratorMy DocumentsDownloads新建 AutoIt v3 脚本.au3 - 5 错误, 5 警告 ctPe!>05:08:41 AU3Check 完成::2+>05:08:42 ACNWrapper 完成.. >退出代码: 0 运行时间: 1.507 秒 Edited February 7, 2014 by zhangyc
Factfinder Posted February 26, 2014 Posted February 26, 2014 (edited) This is a great script. Thank you for providing it. Edited April 19, 2014 by Factfinder
step887 Posted May 8, 2014 Posted May 8, 2014 I have been using this UDF and it is awesome, I ran into an issue on win 7 64 bit 32 bit compiled app does not modify reg permissions on HKLM64 $out = _GrantAllAccess('HKEY_LOCAL_MACHINE64SOFTWAREtest',4) returns 0 $out = _GrantAllAccess('HKEY_LOCAL_MACHINESOFTWAREtest',4) returns 1 but modifies HKEY_LOCAL_MACHINESOFTWAREWow6432Nodetest any ideas
topten Posted May 10, 2014 Posted May 10, 2014 Sorry if I was inattentive while reading posts, could you please explain, how can I solve this Say, I have running program "test.exe" . How can I prevent user killing this process in the tskmngr? I was trying this example #RequireAdmin #include 'Permissions.au3' _InitiatePermissionResources() $TI = TimerInit() Local $Hndl = _Permissions_OpenProcess(@AutoItPID) Local $SDBefore = _GetObjectStringSecurityDescriptor($Hndl,$SE_KERNEL_OBJECT) Local $CODRet = _ClearObjectDacl($Hndl,$SE_KERNEL_OBJECT) Local $DARet = _DenyAllAccess($Hndl,$SE_KERNEL_OBJECT) Local $SDAfter = _GetObjectStringSecurityDescriptor($Hndl,$SE_KERNEL_OBJECT) $TD = Round(TimerDiff($TI),2) MsgBox(0,'', 'Deny everyone access to the current process:'&@CRLF&@CRLF& _ '@AutoItPID original security descriptor: '&@CRLF&$SDBefore&@CRLF&@CRLF& _ '_ClearObjectDacl return value: '&$CODRet&@CRLF&@CRLF& _ '_DenyAllAccess_ return value: '&$DARet&@CRLF&@CRLF& _ 'New @AutoItPID security descriptor: '&@CRLF& _ $SDAfter&@CRLF&@CRLF& 'Time taken: '&$TD&' miliseconds.') _Permissions_CloseHandle($Hndl) But anyway, if I write this code into my test.exe and then run it and then if I try killing in tskmngr- it is killed very easily. Thanx in advance!!!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now