T
Twenty94470
Guest
Hello
I would like to add many computers into a share permission. But my function allow only one computer or account. I would like to know if you know how to get the current DACL and add it to the ACE to allow many computers into share permission ?
If I play again my function, the first computer will be removed and the new one added, but I would like both.
Someone told me to get the current DACL and add it to the new ACE
Thanks for your help
public void GrantShare(string domain, string computername)
{
using (DirectoryEntry entry = new DirectoryEntry("LDAP://"+domain))
{
using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
{
mySearcher.Filter = "(&(objectClass=computer)(cn="+ computername+"))";
mySearcher.SizeLimit = 0;
mySearcher.PageSize = 250;
mySearcher.PropertiesToLoad.Add("objectSid");
foreach (SearchResult resEnt in mySearcher.FindAll())
{
si = new SecurityIdentifier((byte[])resEnt.Properties["objectSid"][0], 0);
}
}
}
ManagementObject userTrustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
userTrustee["Name"] = computername;
byte[] utenteSIDArray = new byte[si.BinaryLength];
si.GetBinaryForm(utenteSIDArray, 0);
userTrustee["SID"] = utenteSIDArray;
ManagementObject userACE = new ManagementClass(new ManagementPath("Win32_Ace"), null);
userACE["AccessMask"] = 2032127;
userACE["AceFlags"] = AceFlags.ObjectInherit | AceFlags.ContainerInherit;
userACE["AceType"] = AceType.AccessAllowed;
userACE["Trustee"] = userTrustee;
ManagementObject userSecurityDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
userSecurityDescriptor["ControlFlags"] = 4;
userSecurityDescriptor["DACL"] = new object[] { userACE };
ManagementClass mc = new ManagementClass("Win32_Share");
ManagementObject share = new ManagementObject(mc.Path + ".Name='MyShare'");
share.InvokeMethod("SetShareInfo", new object[] {null, "Share For ", userSecurityDescriptor });
}
Continue reading...
I would like to add many computers into a share permission. But my function allow only one computer or account. I would like to know if you know how to get the current DACL and add it to the ACE to allow many computers into share permission ?
If I play again my function, the first computer will be removed and the new one added, but I would like both.
Someone told me to get the current DACL and add it to the new ACE
Thanks for your help
public void GrantShare(string domain, string computername)
{
using (DirectoryEntry entry = new DirectoryEntry("LDAP://"+domain))
{
using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
{
mySearcher.Filter = "(&(objectClass=computer)(cn="+ computername+"))";
mySearcher.SizeLimit = 0;
mySearcher.PageSize = 250;
mySearcher.PropertiesToLoad.Add("objectSid");
foreach (SearchResult resEnt in mySearcher.FindAll())
{
si = new SecurityIdentifier((byte[])resEnt.Properties["objectSid"][0], 0);
}
}
}
ManagementObject userTrustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
userTrustee["Name"] = computername;
byte[] utenteSIDArray = new byte[si.BinaryLength];
si.GetBinaryForm(utenteSIDArray, 0);
userTrustee["SID"] = utenteSIDArray;
ManagementObject userACE = new ManagementClass(new ManagementPath("Win32_Ace"), null);
userACE["AccessMask"] = 2032127;
userACE["AceFlags"] = AceFlags.ObjectInherit | AceFlags.ContainerInherit;
userACE["AceType"] = AceType.AccessAllowed;
userACE["Trustee"] = userTrustee;
ManagementObject userSecurityDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
userSecurityDescriptor["ControlFlags"] = 4;
userSecurityDescriptor["DACL"] = new object[] { userACE };
ManagementClass mc = new ManagementClass("Win32_Share");
ManagementObject share = new ManagementObject(mc.Path + ".Name='MyShare'");
share.InvokeMethod("SetShareInfo", new object[] {null, "Share For ", userSecurityDescriptor });
}
Continue reading...
