Did anyone ask about using WMI via VBScript to set folder permissions?

[dgunraj]

I remember some one asking about it but not really getting a straight answer.

The following script will change a give folder's permissions to full control for everyone. The permission settings the script applies can be changes by changing the CUSTON_FULL_CONTROL Constant to read only, read/write, etc. Those values can actually be found on the WMI SDK from Microsoft, which should be available from download from:

http://www.microsoft.com/downloads/...FamilyID=6430F853-1120-48DB-8CC5-F2ABDC3ED314

I have included before and after shots from before I ran the script and directly after.

As you can see... I had to change a program folder for some testing software the high school I work at uses.

Having trouble? Drop me a line!

Cheerio and good luck!

Before

After

strComputer = "." 
Const CUSTCON_ACE_INHERIT		= 3
Const ACETYPE_ACCESS_ALLOWED		= 0
Const CUSTCON_FULL_CONTROL		= 2032127
Const CUSTCON_ALLOW_INHERIT  		= 33796
Const CHANGE_DACL_SECURITY_INFORMATION	= 4
sPermission = CUSTCON_FULL_CONTROL
sPath="C:\Program Files"
sHomePath=sPath & "\DDC Testing Center v3"
sDomain = "Hillcrest"
sAccountName = "Users"
Set oConnectCIMv2 = _
    GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") 
Set oClass = oConnectCIMv2.Get("Win32_SecurityDescriptor")
Set oSecDescriptor = oclass.SpawnInstance_()
Set oDir = oConnectCIMv2.Get("Win32_Directory='" & sHomePath & "'")
Set oInParam = oDir.Methods_("ChangeSecurityPermissions"). _
							InParameters.SpawnInstance_()
	oInParam.Properties_.Item("Option") = CHANGE_DACL_SECURITY_INFORMATION
	oInParam.Properties_.Item("SecurityDescriptor") = oSecDescriptor
	oSecDescriptor.Properties_.Item("ControlFlags") =  CUSTCON_ALLOW_INHERIT
Set oOut = oDir.ExecMethod_("ChangeSecurityPermissions", oInParam)
Function SetTrustee(oConnectCIMv2, sDomain, sAccountName)
Dim oTrustee
	Set oTrustee = oConnectCIMv2.Get("Win32_Trustee").SpawnInstance_
	oTrustee.Domain = sDomain
	oTrustee.Name = sAccountName
	Set SetTrustee = oTrustee
End Function
Function SetACE(oConnectCIMv2, AccessMask, AceFlags, AceType, oTrustee)
	Dim oAce
	Set oAce = oConnectCIMv2.Get("Win32_Ace").SpawnInstance_
	oAce.Properties_.Item("AccessMask") = AccessMask
	oAce.Properties_.Item("AceFlags") = AceFlags
	oAce.Properties_.Item("AceType") = AceType
	oAce.Properties_.Item("Trustee") = oTrustee
	Set SetACE = oAce
Set SetACE = oAce
End Function
Set ACE = SetACE(oConnectCIMv2, sPermission, _  
	 			CUSTCON_ACE_INHERIT, _
	 			ACETYPE_ACCESS_ALLOWED, _
	 			SetTrustee(oConnectCIMv2, _
	 			sDomain, _
	 			sAccountName))

 

[SWarrior]

That's a lot of work, when you can do the same thing with these lines:

PermissionPath = "C:\SamplePath"
rc=wshscript.run("cmd /c CACLS " & PermissionPath & "\* /T /C /G Everyone:F",1,true)

 

[dgunraj]

This runs as a start up script across my entire domain, because I found that something was wrong with default permissions associated with running some files that peice of software uses. As I had deployed the software to several hundred machines, and being the lazy administrator that I am, i decided to silently patch a work-around. Is there anyway to run, that script you coded, silenty, without seeing a command prompt window pop up?

 

[JazzFan]

dgunraj, what would the syntax be to run your script so I can add the group "Authenticated Users" and grant this group modify permissions?
Thank alot in advance
jazzfan

 

[vbscriptnewbie]

Thanks DGunraj. You champion. I've been lookig for how to do this (without calling external calcs) with no avail till I found your post.

I'm a self taught vb newbie. Could you help with how I could use your script to ADD the everyone full control permission to the the existing inheritance without replacing it?

Thanks heaps for your time and the original post.