How to change file permissions using WMI?

Question

How to change file permissions using WMI?

I want to do the equivalent of what is described here from a script. Basically, I want to take responsibility for the file and set permissions for OWNER / Full Control.

It seems to me that using WMI from a vbs script is the most portable way. That is, I would like to avoid xcacls, icacls and other tools that require downloading or are only supported in some versions of windows.

After searching on Google, I found this code to go to the property:

'connect to WMI namespace on local machine 
Set objServices = 
GetObject("winmgmts:{impersonationLevel=impersonate}") 
'get a reference to data file 
strFile = Wscript.Arguments(0) 
Set objFile = objServices.Get("CIM_DataFile.Name='" & strFile & "'") 
If  objFile.TakeOwnership = 0 Then 
    Wscript.Echo "File ownership successfully changed" 
Else 
    Wscript.Echo "File ownership transfer operation" 
End If

Parts that I still miss set permissions and work on relative paths.

+3

windows vbscript wmi

itsadok Nov 03 '10 at 9:44

source share

2 answers

Hans Olsson · Answer 1 · 2010-11-03T11:47:07+0000

TakeOwnership CIM_DataFile, , ChangeSecurityPermissions, , .

GetAbsolutePathName, , .

itsadok · Answer 2 · 2010-11-03T15:34:51+0000

ho1, , , :

script SID , , argv [0], .

Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}") 

Function GetCurrentUserSID
    ' Get user name '
    Set colComputer = objWMI.ExecQuery("Select * from Win32_ComputerSystem")

    ' Looping over one item '
    For Each objComputer in colComputer
      currentUserName = objComputer.UserName
    Next

    Set AccountSIDs = GetObject("Winmgmts:").InstancesOf("Win32_AccountSID") 
    For Each AccountSID In AccountSIDs
        AccountKey = AccountSID.Element 
        Set objAccount = GetObject("Winmgmts:"+AccountKey) 
        strName = objAccount.Domain & "\" & objAccount.Name
        If strName = currentUserName Then ' that it 
            SIDKey = AccountSID.Setting
            Set SID = GetObject("Winmgmts:" + SIDKey)
            GetCurrentUserSID = SID.BinaryRepresentation
            Exit For 
        End If   
    Next 
End Function

Function LimitPermissions(path, SID)
    Set objFile = objWMI.Get("CIM_DataFile.Name='" & path & "'") 

    Set Trustee = GetObject("Winmgmts:Win32_Trustee").SpawnInstance_ 
    Trustee.SID = SID

    Set ACE = getObject("Winmgmts:Win32_Ace").Spawninstance_ 
    ACE.AccessMask = 2032127 ' Full Control
    ACE.AceFlags = 3 
    ACE.AceType = 0
    ACE.Trustee = Trustee 

    Set objSecDescriptor = GetObject("Winmgmts:Win32_SecurityDescriptor").SpawnInstance_ 
    objSecDescriptor.DACL = Array(ACE) 

    objFile.ChangeSecurityPermissions objSecDescriptor, 4 
End Function

Function TakeOwnership(path)
    Set objFile = objWMI.Get("CIM_DataFile.Name='" & path & "'") 
    TakeOwnership = objFile.TakeOwnership
End Function

' Main '

strFilename = Wscript.Arguments(0) 
Set fso = CreateObject("Scripting.FileSystemObject")
path = fso.GetAbsolutePathName(strFilename)

SID = GetCurrentUserSID

TakeOwnership path
LimitPermissions path, SID

How to change file permissions using WMI?

More articles: