I would like to add many computers into a share permission. But my function allow only one computer or account. I would like to know if you know how to get the current DACL and add it to the ACE to allow many computers into share permission ?

If I play again my function, the first computer will be removed and the new one added, but I would like both.
Someone told me to get the current DACL and add it to the new ACE
Thanks for your help
public void GrantShare(string domain, string computername)
using (DirectoryEntry entry = new DirectoryEntry("LDAP://"+domain))
using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
mySearcher.Filter = "(&(objectClass=computer)(cn="+ computername+"))";
mySearcher.SizeLimit = 0;
mySearcher.PageSize = 250;
foreach (SearchResult resEnt in mySearcher.FindAll())
si = new SecurityIdentifier((byte[])resEnt.Properties["objectSid"][0], 0);
ManagementObject userTrustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
userTrustee["Name"] = computername;
byte[] utenteSIDArray = new byte[si.BinaryLength];
si.GetBinaryForm(utenteSIDArray, 0);
userTrustee["SID"] = utenteSIDArray;
ManagementObject userACE = new ManagementClass(new ManagementPath("Win32_Ace"), null);
userACE["AccessMask"] = 2032127;
userACE["AceFlags"] = AceFlags.ObjectInherit | AceFlags.ContainerInherit;
userACE["AceType"] = AceType.AccessAllowed;
userACE["Trustee"] = userTrustee;
ManagementObject userSecurityDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
userSecurityDescriptor["ControlFlags"] = 4;
userSecurityDescriptor["DACL"] = new object[] { userACE };
ManagementClass mc = new ManagementClass("Win32_Share");
ManagementObject share = new ManagementObject(mc.Path + ".Name='MyShare'");
share.InvokeMethod("SetShareInfo", new object[] {null, "Share For ", userSecurityDescriptor });
Continue reading...
I would like to add many computers into a share permission. But my function allow only one computer or account. I would like to know if you know how to get the current DACL and add it to the ACE to allow many computers into share permission ?

If I play again my function, the first computer will be removed and the new one added, but I would like both.
Someone told me to get the current DACL and add it to the new ACE
Thanks for your help

public void GrantShare(string domain, string computername)
using (DirectoryEntry entry = new DirectoryEntry("LDAP://"+domain))
using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
mySearcher.Filter = "(&(objectClass=computer)(cn="+ computername+"))";
mySearcher.SizeLimit = 0;
mySearcher.PageSize = 250;
foreach (SearchResult resEnt in mySearcher.FindAll())
si = new SecurityIdentifier((byte[])resEnt.Properties["objectSid"][0], 0);
ManagementObject userTrustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
userTrustee["Name"] = computername;
byte[] utenteSIDArray = new byte[si.BinaryLength];
si.GetBinaryForm(utenteSIDArray, 0);
userTrustee["SID"] = utenteSIDArray;
ManagementObject userACE = new ManagementClass(new ManagementPath("Win32_Ace"), null);
userACE["AccessMask"] = 2032127;
userACE["AceFlags"] = AceFlags.ObjectInherit | AceFlags.ContainerInherit;
userACE["AceType"] = AceType.AccessAllowed;
userACE["Trustee"] = userTrustee;
ManagementObject userSecurityDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
userSecurityDescriptor["ControlFlags"] = 4;
userSecurityDescriptor["DACL"] = new object[] { userACE };
ManagementClass mc = new ManagementClass("Win32_Share");
ManagementObject share = new ManagementObject(mc.Path + ".Name='MyShare'");
share.InvokeMethod("SetShareInfo", new object[] {null, "Share For ", userSecurityDescriptor });
Continue reading...