J'ai bien un script en vbs qui est censé faire ce boulot. Mais il arrive pas à me sélectionner mes objets utilisateurs. Sur ce site on m'a répondu que la section de mon code que je n'arrive pas à faire marcher fonctionne, mais moi j'y arrive. Si ca marche chez toi essaye de m'aider XD.
strComputer="."
strDomain="lycée.fr"
strUtype="u"
strUsername="M-A.reine"
strFilePath="C:\toto"
strAccessLvl="f"
strMode="a"
ModifyFilePerm strComputer, strFilePath, strUsername, strDomain, strAccessLvl, strUtype, strMode
Function ModifyFilePerm(strComputer, strFilePath, strUsername, strDomain, strAccessLvl, strUtype, strMode)
Dim dacl, Services, SecDescClass, SecDesc, intRetVal
Dim wmiFileSecSetting, wmiFileSetting, wmiSecurityDescriptor
Set Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\" & strComputer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_
strFilePath = replace(strFilePath,"","\")
Set wmiFileSetting = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Directory='" & strFilePath & "'")
Set wmiFileSecSetting = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\" & strComputer & _
"\ROOT\CIMV2:Win32_LogicalFileSecuritySetting.path='" & strFilePath & "'")
'you can have problems here if you have no descriptor ie only everyone listed.
intRetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
' Obtain existing security descriptor for folder
If Err <> 0 Then
WScript.Echo "GetSecurityDescriptor failed" & VBCRLF & Err.Number & VBCRLF & Err.Description
WScript.Quit
End If
' Retrieve the content of Win32_SecurityDescriptor DACL property.
DACL = wmiSecurityDescriptor.dacl
If strMode = "a" Then 'add user
AddUserAce dacl, strUsername, strDomain, strUtype, strComputer, strAccessLvl, Services
SecDesc.Properties_.Item("DACL") = dacl
wscript.echo "adding " & strusername & " to the dacl for " & replace(strFilePath,"\","") & "." & vbcrlf & _
"Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4)
ElseIf strMode = "d" Then 'Must mean delete access.
SecDesc.Properties_.Item("DACL") = DeleteUserAce (dacl, strUsername, strDomain, strUtype, strComputer, Services)
wscript.echo "deleting " & strusername & " to the dacl for " & replace(strFilePath,"\","") & "." & vbcrlf & _
"Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4)
Else 'Must mean modify access 8), note this one only returns string, not Ace Array.
wscript.echo ModifyUserAce (wmiSecurityDescriptor.dacl, strUsername, strAccessLvl)
'only need this to modify an entry
intRetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
Wscript.Echo GetResultMessageFile(intretval, replace(strFilePath,"\",""), strUsername)
End If
Set Services = nothing
Set SecDescClass = nothing
Set SecDesc = Nothing
Set wmiFileSecSetting = nothing
Set wmiFileSetting = nothing
End Function
Function GetObjTrustee(strUsername, strDomain, strUtype, strComputer)
'Get and user/group object to copy user/group sid to new trustee instance to be returned
Dim objTrustee, account, accountSID
Set objTrustee = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Trustee").Spawninstance_
'For some reason you can't seem to be able to connect remotely to get account.
If strUtype = "g" Then
'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Group.Name='" & strUsername & "',Domain='" & strDomain &"'")
Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Group.Name='" & strUsername & "',Domain='" & strDomain &"'")
Else
'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Account.Name='" & strUsername & "',Domain='" & strDomain &"'")
Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Account.Name='" & strUsername & "',Domain='" & strDomain &"'")
End If
Set accountSID = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strUsername
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
Set GetObjTrustee = objTrustee
Set accountSID = nothing
Set account = Nothing
Set objTrustee = nothing
End Function
Function AddUserAce( byref dacl, strUsername, strDomain, strUtype, strComputer, strAccessLvl, byref Services )
'Copy dacl to new ACE array then add specified user/group to ACE array and return it.
Dim intArrAceMax, arrACE, objACE
intArrAceMax = UBound(dacl) + 1
ReDim preserve dacl(intArrAceMax)
Set dacl(intArrAceMax) = Services.Get("Win32_Ace").SpawnInstance_
'If strAccessLvl = "r" Then
'dacl(intArrAceMax).Properties_.Item("AccessMask") = 1179817
'ElseIf strAccessLvl = "w" Then
' dacl(intArrAceMax).Properties_.Item("AccessMask") = 1245631
'Else 'full access
dacl(intArrAceMax).Properties_.Item("AccessMask") = 2032127
'End If
dacl(intArrAceMax).Properties_.Item("AceFlags") = 3
dacl(intArrAceMax).Properties_.Item("AceType") = 0
dacl(intArrAceMax).Properties_.Item("Trustee") = GetObjTrustee(strUsername, strDomain, strUtype, strComputer)
Set objACE = Nothing
End Function
Function DeleteUserAce( byref dacl, strUsername, strDomain, strUtype, strComputer, byref Services )
'Copy dacl to new ACE array Leaving out the one not.
Dim intArrAceMax, arrACE, i, objACE
intArrAceMax = UBound(dacl)
ReDim arrACE(intArrAceMax)
i = 0
For Each objACE in dacl
If UCase(objace.trustee.name) <> UCase(strUsername) Then
Set arrACE(i) = services.get("Win32_Ace").SpawnInstance_
arrACE(i).Properties_.Item("AccessMask") = objace.accessmask
arrACE(i).Properties_.Item("AceFlags") = objace.aceflags
arrACE(i).Properties_.Item("AceType") = objace.acetype
arrACE(i).Properties_.Item("Trustee") = objace.trustee
i = i + 1
End if
Next
If intArrAceMax > i - 1 Then
wscript.echo "User/Group " & strUsername & " removed."
ReDim preserve arrACE(intArrAceMax-1)
Else
wscript.echo "User/Group " & strUsername & " not found."
End If
DeleteUserAce = arrACE
For i = 0 to intArrAceMax - 1
Set arrACE(i) = nothing
Next
Set objACE = nothing
End Function
Function ModifyUserAce(byref dacl, strUsername, strAccessLvl)
'Modify dacl ACE entry with new accessmask.
Dim strMsg, objACE
strMsg = "User/Group: " & strUsername & " not found in dacl"
For Each objACE in dacl
If UCase(objace.trustee.name) = UCase(strUsername) Then
If strAccessLvl = "r" Then
objace.Properties_.Item("AccessMask") = 1179817
ElseIf strAccessLvl = "w" Then
objace.Properties_.Item("AccessMask") = 1245631
Else 'full access: didn't work in w2k - 131072 works in w2k - 2032127
objace.Properties_.Item("AccessMask") = 2032127
End If
strMsg = "User: " & strUsername & " found and modified to have " & strAccessLvl
Exit For
End If
Next
Set objACE = nothing
ModifyUserAce = strMsg
End Function
Function GetResultMessageFile(errReturn, strSharename, strUsername)
If errReturn = 0 Then
GetResultMessageFile = "File permissions for " & strSharename & " successfully updated!"
Else
Select Case errReturn
case 2
errDesc = "Access denied."
Case 8
errDesc = "Unknown failure."
case 9
errDesc = "Privledge Missing."
Case 10
errDesc = "Invalid level."
Case 21
errDesc = "Invalid parameter."
Case 23
errDesc = "Redirected path."
Case 24
errDesc = "Directory does not exist."
Case 25
errDesc = "Net name not found."
End Select
GetResultMessageFile = "Failed to update File permissions for " & strSharename & ". Error number: " & errReturn & ". " & errDesc
End If
End Function