如何使用 WMI 更改文件权限？

发布于 2024-09-30 13:53:03 字数 788 浏览 3 评论 0原文

我想做的事情相当于此处来自脚本。基本上，我想获得该文件的所有权，并将权限设置为所有者/完全控制。

在我看来，从 vbs 脚本使用 WMI 是最便携的方式。也就是说，我想避免使用 xcacls、icacls 和其他需要下载或仅在某些 Windows 版本上受支持的工具。

经过谷歌搜索后，我发现了这段用于获取所有权的代码：

'connect to WMI namespace on local machine 
Set objServices = 
GetObject("winmgmts:{impersonationLevel=impersonate}") 
'get a reference to data file 
strFile = Wscript.Arguments(0) 
Set objFile = objServices.Get("CIM_DataFile.Name='" & strFile & "'") 
If  objFile.TakeOwnership = 0 Then 
    Wscript.Echo "File ownership successfully changed" 
Else 
    Wscript.Echo "File ownership transfer operation" 
End If

我仍然缺少的部分是设置权限，并让它在相对路径上工作。

原文

I'm want to do the equivalent of what is described here from a script. Basically, I want to take ownership of the file, and set the permissions to OWNER/Full Control.

It seems to me that using WMI from a vbs script is the most portable way. That is, I'd like to avoid xcacls, icacls and other tools that either require a download, or are supported only on some versions of windows.

After googling around, I found this code for taking ownership:

'connect to WMI namespace on local machine 
Set objServices = 
GetObject("winmgmts:{impersonationLevel=impersonate}") 
'get a reference to data file 
strFile = Wscript.Arguments(0) 
Set objFile = objServices.Get("CIM_DataFile.Name='" & strFile & "'") 
If  objFile.TakeOwnership = 0 Then 
    Wscript.Echo "File ownership successfully changed" 
Else 
    Wscript.Echo "File ownership transfer operation" 
End If

The pieces I'm still missing is setting the permissions, and having it work on relative paths.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

双马尾 2024-10-07 13:53:03

由于您已经在 CIM_DataFile 类中使用 TakeOwnership ，我假设您可以只使用 ChangeSecurityPermissions 更改权限，属于同一类。

您也许可以使用 GetAbsolutePathName 来在使用之前将相对路径转换为绝对路径。

回复收藏 0 原文

就是爱搞怪 2024-10-07 13:53:03

根据 ho1 的回答的提示，我又搜索了一些内容，最终得出了这个结论：

此脚本找到当前用户 SID，然后获取所有权并将 argv[0] 中给出的文件的权限更改为仅对当前用户完全控制用户。

Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}") 

Function GetCurrentUserSID
    ' Get user name '
    Set colComputer = objWMI.ExecQuery("Select * from Win32_ComputerSystem")

    ' Looping over one item '
    For Each objComputer in colComputer
      currentUserName = objComputer.UserName
    Next

    Set AccountSIDs = GetObject("Winmgmts:").InstancesOf("Win32_AccountSID") 
    For Each AccountSID In AccountSIDs
        AccountKey = AccountSID.Element 
        Set objAccount = GetObject("Winmgmts:"+AccountKey) 
        strName = objAccount.Domain & "\" & objAccount.Name
        If strName = currentUserName Then ' that's it 
            SIDKey = AccountSID.Setting
            Set SID = GetObject("Winmgmts:" + SIDKey)
            GetCurrentUserSID = SID.BinaryRepresentation
            Exit For 
        End If   
    Next 
End Function

Function LimitPermissions(path, SID)
    Set objFile = objWMI.Get("CIM_DataFile.Name='" & path & "'") 

    Set Trustee = GetObject("Winmgmts:Win32_Trustee").SpawnInstance_ 
    Trustee.SID = SID

    Set ACE = getObject("Winmgmts:Win32_Ace").Spawninstance_ 
    ACE.AccessMask = 2032127 ' Full Control
    ACE.AceFlags = 3 
    ACE.AceType = 0
    ACE.Trustee = Trustee 

    Set objSecDescriptor = GetObject("Winmgmts:Win32_SecurityDescriptor").SpawnInstance_ 
    objSecDescriptor.DACL = Array(ACE) 

    objFile.ChangeSecurityPermissions objSecDescriptor, 4 
End Function

Function TakeOwnership(path)
    Set objFile = objWMI.Get("CIM_DataFile.Name='" & path & "'") 
    TakeOwnership = objFile.TakeOwnership
End Function

' Main '

strFilename = Wscript.Arguments(0) 
Set fso = CreateObject("Scripting.FileSystemObject")
path = fso.GetAbsolutePathName(strFilename)

SID = GetCurrentUserSID

TakeOwnership path
LimitPermissions path, SID

Taking the hints from ho1's answer, I googled around some more, and eventually came up with this:

This script finds the current user SID, then takes ownership and changes the permissions on the file given in argv[0] to Full Control only to current user.

Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}") 

Function GetCurrentUserSID
    ' Get user name '
    Set colComputer = objWMI.ExecQuery("Select * from Win32_ComputerSystem")

    ' Looping over one item '
    For Each objComputer in colComputer
      currentUserName = objComputer.UserName
    Next

    Set AccountSIDs = GetObject("Winmgmts:").InstancesOf("Win32_AccountSID") 
    For Each AccountSID In AccountSIDs
        AccountKey = AccountSID.Element 
        Set objAccount = GetObject("Winmgmts:"+AccountKey) 
        strName = objAccount.Domain & "\" & objAccount.Name
        If strName = currentUserName Then ' that's it 
            SIDKey = AccountSID.Setting
            Set SID = GetObject("Winmgmts:" + SIDKey)
            GetCurrentUserSID = SID.BinaryRepresentation
            Exit For 
        End If   
    Next 
End Function

Function LimitPermissions(path, SID)
    Set objFile = objWMI.Get("CIM_DataFile.Name='" & path & "'") 

    Set Trustee = GetObject("Winmgmts:Win32_Trustee").SpawnInstance_ 
    Trustee.SID = SID

    Set ACE = getObject("Winmgmts:Win32_Ace").Spawninstance_ 
    ACE.AccessMask = 2032127 ' Full Control
    ACE.AceFlags = 3 
    ACE.AceType = 0
    ACE.Trustee = Trustee 

    Set objSecDescriptor = GetObject("Winmgmts:Win32_SecurityDescriptor").SpawnInstance_ 
    objSecDescriptor.DACL = Array(ACE) 

    objFile.ChangeSecurityPermissions objSecDescriptor, 4 
End Function

Function TakeOwnership(path)
    Set objFile = objWMI.Get("CIM_DataFile.Name='" & path & "'") 
    TakeOwnership = objFile.TakeOwnership
End Function

' Main '

strFilename = Wscript.Arguments(0) 
Set fso = CreateObject("Scripting.FileSystemObject")
path = fso.GetAbsolutePathName(strFilename)

SID = GetCurrentUserSID

TakeOwnership path
LimitPermissions path, SID

回复收藏 0 原文

~没有更多了~