Exemple de code pour l’ajout d’un ace à un fichier
L’exemple de code suivant montre comment utiliser l’interface IADsSecurityUtility pour ajouter un ACE à un fichier.
' Define constants:
'
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' Define the ADS_RIGHTS_ENUM values.
'
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_SYNCHRONIZE = &H100000
Const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000
Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ADS_RIGHT_GENERIC_WRITE = &H40000000
Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000
Const ADS_RIGHT_GENERIC_ALL = &H10000000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' Ace Type definitions
'
Const ADS_ACETYPE_ACCESS_ALLOWED = 0
Const ADS_ACETYPE_ACCESS_DENIED = &H1
Const ADS_ACETYPE_SYSTEM_AUDIT = &H2
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' Ace Flag Constants
'
Const ADS_ACEFLAG_UNKNOWN = &H1
Const ADS_ACEFLAG_INHERIT_ACE = &H2
Const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &H4
Const ADS_ACEFLAG_INHERIT_ONLY_ACE = &H8
Const ADS_ACEFLAG_INHERITED_ACE = &H10
Const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &H1F
Const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &H40
Const ADS_ACEFLAG_FAILED_ACCESS = &H80
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' Flags constants for AD objects
'
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' From Winnt.h
'------------------------------------------------------------------------------
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
' File Specific Access Rights
'
Const DELETE = &H10000
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = READ_CONTROL
Const STANDARD_RIGHTS_WRITE = READ_CONTROL
Const STANDARD_RIGHTS_EXECUTE = READ_CONTROL
Const STANDARD_RIGHTS_ALL = &H1F0000
Const SPECIFIC_RIGHTS_ALL = &HFFFF
'
' AccessSystemAcl access type
'
Const ACCESS_SYSTEM_SECURITY = &H1000000
'
' MaximumAllowed access type
'
Const MAXIMUM_ALLOWED = &H2000000
'
' These are the generic rights
'
Const GENERIC_READ = &H80000000
Const GENERIC_WRITE = &H40000000
Const GENERIC_EXECUTE = &H20000000
Const GENERIC_ALL = &H10000000
'
' AccessMask constants for FILE ACEs
'
Const FILE_READ_DATA = &H1 ' file & pipe
Const FILE_LIST_DIRECTORY = &H1 ' directory
Const FILE_WRITE_DATA = &H2 ' file & pipe
Const FILE_ADD_FILE = &H2 ' directory
Const FILE_APPEND_DATA = &H4 ' file
Const FILE_ADD_SUBDIRECTORY = &H4 ' directory
Const FILE_CREATE_PIPE_INSTANCE = &H4 ' named pipe
Const FILE_READ_EA = &H8 ' file & directory
Const FILE_WRITE_EA = &H10 ' file & directory
Const FILE_EXECUTE = &H20 ' file
Const FILE_TRAVERSE = &H20 ' directory
Const FILE_DELETE_CHILD = &H40 ' directory
Const FILE_READ_ATTRIBUTES = &H80 ' all
Const FILE_WRITE_ATTRIBUTES = &H100 ' all
Const FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &H1FF
Const FILE_GENERIC_READ = STANDARD_RIGHTS_READ Or _
FILE_READ_DATA Or _
FILE_READ_ATTRIBUTES Or _
FILE_READ_EA Or _
SYNCHRONIZE
Const FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE Or _
FILE_WRITE_DATA Or _
FILE_WRITE_ATTRIBUTES Or _
FILE_WRITE_EA Or _
FILE_APPEND_DATA Or _
SYNCHRONIZE
Const FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE Or _
FILE_READ_ATTRIBUTES Or _
FILE_EXECUTE Or _
SYNCHRONIZE
Const FILE_SHARE_READ = &H1
Const FILE_SHARE_WRITE = &H2
Const FILE_SHARE_DELETE = &H4
'
' AceFlags values for files
'
Const OBJECT_INHERIT_ACE = &H1
Const CONTAINER_INHERIT_ACE = &H2
Const NO_PROPAGATE_INHERIT_ACE = &H4
Const INHERIT_ONLY_ACE = &H8
Const INHERITED_ACE = &H10
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
'<<<<<<<<<<<<<<<<<<<<<<<<< BEGIN IADsSecurityUtility Constants >>>>>>>>>>>>
'
'
' ADS_PATHTYPE_ENUM
'
Const ADS_PATH_FILE = 1
Const ADS_PATH_FILESHARE = 2
Const ADS_PATH_REGISTRY = 3
'
' ADS_SD_FORMAT_ENUM
'
Const ADS_SD_FORMAT_IID = 1
Const ADS_SD_FORMAT_RAW = 2
Const ADS_SD_FORMAT_HEXSTRING = 3
'
'<<<<<<<<<<<<<<<< END IADsSecurityUtility Constants >>>>>>>>>>>>>>>>>>>>>
'
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' AddACEToFile
'
' Adds an ACE to the specified file or folder that grants the trustee
' modify rights on the file.
'
Public Sub AddACEToFile(File As String, Trustee As String)
Dim oAce As AccessControlEntry ' variable for the new ACE
Dim oSD As SecurityDescriptor ' variable for the Security Descriptor of the object
Dim oDacl As AccessControlList ' variable for the DACL of the object
Dim oADsSecurityUtility As ADsSecurityUtility
'
' Create an ADsSecurityUtlity object.
'
Set oADsSecurityUtility = CreateObject("ADsSecurityUtility")
'
' Get the Security Descriptor for the given NTFS File path.
'
Set oSD = oADsSecurityUtility.GetSecurityDescriptor(File, ADS_PATH_FILE, ADS_SD_FORMAT_IID)
'
' Get the discretionary ACL for the key.
'
Set oDacl = oSD.DiscretionaryAcl
'
' Create an ACE object.
'
Set oAce = CreateObject("AccessControlEntry")
'
' Set the IADsAccessControlEntry::Trustee attribute.
'
oAce.Trustee = Trustee
'
' Set the IADsAccessControlEntry::AccessMask attribute.
'
oAce.AccessMask = FILE_GENERIC_READ Or _
FILE_GENERIC_WRITE Or _
FILE_GENERIC_EXECUTE Or _
DELETE
'
' Set the IADsAccessControlEntry::AceType attribute.
'
oAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED
'
' Set the IADsAccessControlEntry::AceFlags attribute.
'
oAce.AceFlags = OBJECT_INHERIT_ACE Or _
CONTAINER_INHERIT_ACE
'
' Place the ACE on the DACL.
'
oDacl.AddACE oAce
'
' Place the DACL back onto the SD.
'
oSD.DiscretionaryAcl = oDacl
'
' Place the SD back onto the file.
'
oADsSecurityUtility.SetSecurityDescriptor File, ADS_PATH_FILE, oSD, ADS_SD_FORMAT_IID
'
' Cleanup.
'
Set oAce = Nothing
Set oDacl = Nothing
Set oSD = Nothing
Set oADsSecurityUtility = Nothing
End Sub
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour