Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Visual Basic >> Visual Basic General

Directory Security Attributes

Window XP Pro, VB.NET 2005 standard or VB.NET2003 Enterprise

I have problem on how to get a Directory’s Users Security Attributes.

Say Directory DirA have three users(one group) GroupUser1, UserA and UserB.

How can I use VB.NET 2005 to get the information of any one of the three user/group permissions (Full Control, Modify, Read & Execute, List Folder Contents, Read, Write, Special Permission). Those permissions are either Allow or Deny. I will save all those information to a database or a text file if I know how to read those permissions. I searched this forum, but no direct answer found yet. I tried to explore system.io.directoryinfo with no success.

Thanks In Advance for any advice!

[804 byte] By [VB.NET1stYear] at [2007-12-22]
«« Getting XAML parser output to develop a XAML viewer
»» Details regarding UndoEngine Class in .NET
# 1

interesting.

I don't know if this helps, I hope it does at some level, but have you tried looking at FileInfo and DirectoryInfo classes? It contains methods such as GetAccessControl/attributes property.

These are available in .NET 2.0.

http://msdn2.microsoft.com/en-us/library/b0dw80ts.aspx

http://msdn2.microsoft.com/en-us/library/0927za87.aspx

I hope this helps in some way

ahmedilyas at 2007-8-30 > top of Msdn Tech,Visual Basic,Visual Basic General...
# 2

Thank you very much for the useful information! In order to follow your suggestion, I spend a lot of time do the MSN/Google search. Your link provide good infomation for my task, but for a .NET new commer like me need much more time to understand and crank the code (WMI DACL ACEs etc.). I found this sample from http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true can fits my needs (its a VB Script though). I hope some experts here can show me example on how to do it in .NET frame work 2.0 way ( I am just so happy to understand OOP concept recently!)

Description

Demonstration script that reads the security descriptor for a folder (specified by the strFolderName variable), checks to ensure it has a DACL and then outputs information about each of the contained ACEs.

Supported Platforms

Windows Server 2003

Yes

Windows XP

Yes

Windows 2000

Yes

Windows NT 4.0

Yes

Windows 98

No

Script Code

strFolderName = "C:\scripts\sec_center"
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE = &h1
FILE_ALL_ACCESS = &h1f01ff
FOLDER_ADD_SUBDIRECTORY = &h000004
FILE_DELETE = &h010000
FILE_DELETE_CHILD = &h000040
FOLDER_TRAVERSE = &h000020
FILE_READ_ATTRIBUTES = &h000080
FILE_READ_CONTROL = &h020000
FOLDER_LIST_DIRECTORY = &h000001
FILE_READ_EA = &h000008
FILE_SYNCHRONIZE = &h100000
FILE_WRITE_ATTRIBUTES = &h000100
FILE_WRITE_DAC = &h040000
FOLDER_ADD_FILE = &h000002
FILE_WRITE_EA = &h000010
FILE_WRITE_OWNER = &h080000
Set objWMIService = GetObject("winmgmts:")
Set objFolderSecuritySettings = _
objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName & "'")
intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
 arrACEs = objSD.DACL
 For Each objACE in arrACEs
 WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name
 If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
 WScript.Echo vbTab & "Allowed:"
 ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
 WScript.Echo vbTab & "Denied:"
 End If
 If objACE.AccessMask AND FILE_ALL_ACCESS Then
 WScript.Echo vbTab & vbTab & "FILE_ALL_ACCESS "
 End If
 If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
 WScript.Echo vbTab & vbTab & " FOLDER_ADD_SUBDIRECTORY "
 End If
 If objACE.AccessMask AND FILE_DELETE Then
 WScript.Echo vbTab & vbTab & "FILE_DELETE "
 End If
 If objACE.AccessMask AND FILE_DELETE_CHILD Then
 WScript.Echo vbTab & vbTab & "FILE_DELETE_CHILD "
 End If
 If objACE.AccessMask AND FOLDER_TRAVERSE Then
 WScript.Echo vbTab & vbTab & " FOLDER_TRAVERSE "
 End If
 If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
 WScript.Echo vbTab & vbTab & "FILE_READ_ATTRIBUTES "
 End If
 If objACE.AccessMask AND FILE_READ_CONTROL Then
 WScript.Echo vbTab & vbTab & "FILE_READ_CONTROL "
 End If
 If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
 WScript.Echo vbTab & vbTab & " FOLDER_LIST_DIRECTORY "
 End If
 If objACE.AccessMask AND FILE_READ_EA Then
 WScript.Echo vbTab & vbTab & "FILE_READ_EA "
 End If
 If objACE.AccessMask AND FILE_SYNCHRONIZE Then
 WScript.Echo vbTab & vbTab & "FILE_SYNCHRONIZE "
 End If
 If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
 WScript.Echo vbTab & vbTab & "FILE_WRITE_ATTRIBUTES "
 End If
 If objACE.AccessMask AND FILE_WRITE_DAC Then
 WScript.Echo vbTab & vbTab & "FILE_WRITE_DAC "
 End If
 If objACE.AccessMask AND FOLDER_ADD_FILE Then
 WScript.Echo vbTab & vbTab & " FOLDER_ADD_FILE "
 End If
 If objACE.AccessMask AND FILE_WRITE_EA Then
 WScript.Echo vbTab & vbTab & "FILE_WRITE_EA "
 End If
 If objACE.AccessMask AND FILE_WRITE_OWNER Then
 WScript.Echo vbTab & vbTab & "FILE_WRITE_OWNER "
 End If
 Next
Else
 WScript.Echo "No DACL present in security descriptor"
End If
VB.NET1stYear at 2007-8-30 > top of Msdn Tech,Visual Basic,Visual Basic General...
Visual Basic
Visual Basic General

Visual Basic Hot Topic

Visual Basic New Topic

Visual Basic

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified