Jump to content

Recommended Posts

Posted (edited)

Hi,

Thank you for this great UDF !

I'm wondering if it's possible to grant permission access to Active Directory users/groups ?

Must I specify the name of the AD user like local account user ? Group too ?

Here is a example with AD account :

; testDIR was created before the script execution
$TI = TimerInit()
Dim $aPerm[1][3]
$aPerm[0][0] = 'ADuser'
$aPerm[0][1] = 1
$aPerm[0][2] = BitOr($ACTRL_DIR_TRAVERSE, $ACTRL_DIR_LIST)
$ret = _EditObjectPermissions(@ScriptDir&'testDIR',$aPerm)
$erreur = @error
$TD = TimerDiff($TI)
MsgBox(0,'','Add access aces: '&$aPerm[0][0]&@CRLF&@CRLF& _
'_EditObjectPermissions return value: '&$ret&'    erreur='&$erreur&'   Time: '&Round($TD,2)&' miliseconds.'&@CRLF& _
'Check the file permissons before closing the message box.')

With this script, I keep geting a return code = 0 and @error = 0. Am I doing something wrong ?

 

EDIT : It was my fault. It is not @ScriptDir&'testDIR' but @ScriptDir&''&'testDIR'

           The AD user name or AD group name works too.

Yet I've got something strange with permissions. All permissions I add are set in "Specials Permissions". Is it normal ?

EDIT 2 : OK I get it. Permissions in the Security Tab are combined special permissions.

             eg : $LIST_FOLDER_CONTENTS = BitOR($FILE_TRAVERSE, $FILE_READ_DATA, $FILE_READ_ATTRIBUTES, $FILE_READ_EA, $GENERIC_READ)

Edited by tatane
  • 1 month later...
Posted

Very nice UDF. But either I don't understood something, or there is something missing (at least an example).

I need to know if an user (in fact, "Everyone" or to be correct SID "{S-1-1-0}") have full access to a specific folder. Currently, I use (i)cacls to check this but it's an awfully ugly code that needs to capture the stdout of the process. I didn't find in the UDF a "_GetObjectPermissions" method (found "_Set" and "_Edit" only).

Can you help me by either adding a "_GetObjectPermissions" function and add an example of how to use it?

Thanks anyway, nice work and a lot of efforts to do such an UDF.

BTW, examples are not portable at all and won't work on non-english Windows. Examples are given directly with english names instead of using the special SID (ex: "Everyone" => replace with "_Security__LookupAccountSid($SID_EVERYONE)"). Sad, because it deserves this great work.

  • 1 month later...
Posted (edited)

I'm probably just really stupid (but I don't want to screw up my services just "testing")... does anyone have an example of setting Service security??

i'm looking to mimic the command using SUBINACL

subinacl.exe /service SERVICE_NAME /grant="DOMAINGROUP"=TOP

TOP just means Start, Stop, Pause/Continue will be granted (added for) the group. It will keep all existing security set on the service.

Edited by stamandster
Posted (edited)

Hello Fred,

The $ACCESS_SYSTEM_SECURITY constant is now defined in the Beta version of SecurityConstants.au3.

To avoid an error, at some point, it will need to be deleted from Permissions.au3.

Thanks.

Edit: Fred hasn't been online since the end of May, so y'all may be wantin' to individually apply this fix.

Edited by Spiff59
  • 2 months later...
  • 2 weeks later...
Posted

Block? What do you mean by block? That could mean anything.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

  • Developers
Posted

Block a file like this:

http://img6.imagebanana.com/img/xa3fc4f4/1.png

Translated with google: File access denied.

 

You can change the security settings of a file and can set the file access anyway you want.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

  • 4 weeks later...
Posted

Maybe I'm approaching this wrong, but I want to give a user access to a folder without changing the existing permissions. The folder has two inherited users and one explicitly added user. I'm trying to add a fourth user, but the following results in only the new user having access on the folder.

Global $aPermissions[1][3]
$aPermissions[0][0] = "[uSER]"
$aPermissions[0][1] = 1
$aPermissions[0][2] = $FILE_USERS_DEFAULT
 
_EditObjectPermissions("[FOLDER PATH]", $aPermissions, $SE_FILE_OBJECT, '', 0, 1, $SUB_CONTAINERS_AND_OBJECTS_INHERIT)
 
On another note, is a there a function to recursively set the owner on sub files and directories or do I need to write that on my own?
  • 1 month later...
Posted

Just saw two little errors in _GetSecurityDescriptorOwner and _GetSecurityDescriptorGroup.

Within those functions there was a line:  If $format=     but it should be   If $Format=

Posted

AutoIt is not case sensitive. So no difference.

Taken from the help file: "Note that all variable names are case insensitive: MyVariable() is the same as MyvARiAblE()"

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

  • 2 weeks later...
Posted (edited)

hi ,,i'm not run the udf 

not found Global Const  

help me..

>"E:autoit3SciTEACNWrapperACNWrapper.exe" /run /ErrorStdOut /in "C:Documents and SettingsAdministratorMy DocumentsDownloads新建 AutoIt v3 脚本.au3" /autoit3dir "E:autoit3" /UserParams    
+>05:08:41 开始执行 ACNWrapper v.1.0.1.0
+> ============================================
+>执行环境:
+> CPU构架: X64
+> 系统构架: X86
+> 系统语言: 0804
+> 键盘布局: 00000804
+> 内存总量: 3324MB
+> 内存剩余: 2540MB
+> 操作系统: WIN_XP/Service Pack 3
+> AU3版本: 3.3.7.15
+> ============================================
>运行 AU3Check (1.54.21.0)  开始目录:E:autoit3
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(188,107) : WARNING: $READ_CONTROL: 使用前并未进行声明.
Global Const $REG_GENERIC_READ = BitOR($ACTRL_REG_QUERY,$ACTRL_REG_LIST,$ACTRL_REG_NOTIFY,$READ_CONTROL)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,72) : WARNING: $WRITE_DAC: 使用前并未进行声明.
$aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,85) : WARNING: $WRITE_OWNER: 使用前并未进行声明.
$aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC,$WRITE_OWNER)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(785,30) : WARNING: $DENY_ACCESS: 使用前并未进行声明.
$AccessMode = $DENY_ACCESS
~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(787,29) : WARNING: $SET_ACCESS: 使用前并未进行声明.
$AccessMode = $SET_ACCESS
~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(188,107) : 错误: $READ_CONTROL: 未声明的全局变量.
Global Const $REG_GENERIC_READ = BitOR($ACTRL_REG_QUERY,$ACTRL_REG_LIST,$ACTRL_REG_NOTIFY,$READ_CONTROL)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,72) : 错误: $WRITE_DAC: 未声明的全局变量.
$aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(509,85) : 错误: $WRITE_OWNER: 未声明的全局变量.
$aPerm[0][2] = BitOR($ACTRL_REG_SET,$ACTRL_REG_CREATE_CHILD,$WRITE_DAC,$WRITE_OWNER)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(785,30) : 错误: $DENY_ACCESS: 未声明的全局变量.
$AccessMode = $DENY_ACCESS
~~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloadsPermissions.au3(787,29) : 错误: $SET_ACCESS: 未声明的全局变量.
$AccessMode = $SET_ACCESS
~~~~~~~~~~~~~~~~~~~~~~~~~^
C:Documents and SettingsAdministratorMy DocumentsDownloads新建 AutoIt v3 脚本.au3 - 5 错误, 5 警告
ctPe!>05:08:41 AU3Check 完成:
:2
+>05:08:42 ACNWrapper 完成..
>退出代码: 0 运行时间: 1.507 秒
Edited by zhangyc
  • 3 weeks later...
  • 2 months later...
Posted

I have been using this UDF and it is awesome, 

I ran into an issue

on win 7 64 bit 

32 bit compiled app does not modify reg permissions on HKLM64

$out = _GrantAllAccess('HKEY_LOCAL_MACHINE64SOFTWAREtest',4) 

returns 0 

 

$out = _GrantAllAccess('HKEY_LOCAL_MACHINESOFTWAREtest',4) 

returns 1

but modifies 

HKEY_LOCAL_MACHINESOFTWAREWow6432Nodetest

any ideas

 
Posted

Sorry if I was inattentive while reading posts, could you please explain, how can I solve this

Say, I have running program "test.exe" . How can I prevent user killing this process in the tskmngr?

I was trying this example

#RequireAdmin
#include 'Permissions.au3'
_InitiatePermissionResources()
$TI = TimerInit()
Local $Hndl = _Permissions_OpenProcess(@AutoItPID)
Local $SDBefore = _GetObjectStringSecurityDescriptor($Hndl,$SE_KERNEL_OBJECT)
Local $CODRet = _ClearObjectDacl($Hndl,$SE_KERNEL_OBJECT)
Local $DARet = _DenyAllAccess($Hndl,$SE_KERNEL_OBJECT)
Local $SDAfter = _GetObjectStringSecurityDescriptor($Hndl,$SE_KERNEL_OBJECT)
$TD = Round(TimerDiff($TI),2)
MsgBox(0,'', 'Deny everyone access to the current process:'&@CRLF&@CRLF& _
'@AutoItPID original security descriptor: '&@CRLF&$SDBefore&@CRLF&@CRLF& _
'_ClearObjectDacl return value: '&$CODRet&@CRLF&@CRLF& _
'_DenyAllAccess_ return value: '&$DARet&@CRLF&@CRLF& _
'New @AutoItPID security descriptor: '&@CRLF& _
$SDAfter&@CRLF&@CRLF& 'Time taken: '&$TD&' miliseconds.')
_Permissions_CloseHandle($Hndl)

But anyway, if I write this code into my test.exe and then run it and then if I try killing in tskmngr- it is killed very easily.

Thanx in advance!!!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...