使用wmi修改文件文件夾的ntfs權(quán)限實(shí)現(xiàn)方法，需要的朋友可以參考下

使用wmi修改文件文件夾的ntfs權(quán)限, 代碼：

代碼如下:

struser = guests

strpath = d:\\abc.txt

retval = addpermission(struser,strpath,r,true)

'-------------------------------------------------------------------------

'用于給文件和文件夾添加一條權(quán)限設(shè)置.返回值: 0-成功,1-賬戶不存在,2-路徑不存在

'struser表示用戶名或組名

'strpath表示文件夾路徑或文件路徑

'straccess表示允許權(quán)限設(shè)置的字符串,字符串中帶有相應(yīng)字母表示允許相應(yīng)權(quán)限: r-讀,c-讀寫,f-完全控制

'blinherit表示是否繼承父目錄權(quán)限.true為繼承,false為不繼承

function addpermission(struser,strpath,straccess,blinherit)

set objwmiservice = getobject(winmgmts:\\.\root\cimv2)

set fso = createobject(scripting.filesystemobject)

'得到win32_sid并判斷用戶/組/內(nèi)置賬戶是否存在

set colusers = objwmiservice.execquery(select * from win32_account where name='&struser&')

if colusers.count<>0 then

for each objuser in colusers

strsid = objuser.sid

next

else

addpermission = 1

exit function

end if

set objsid = objwmiservice.get(win32_sid.sid='&strsid&')

'判斷文件/文件夾是否存在

pathtype =

if fso.fileexists(strpath) then pathtype = file

if fso.folderexists(strpath) then pathtype = folder

if pathtype = then

addpermission = 2

exit function

end if

'設(shè)置trustee

set objtrustee = objwmiservice.get(win32_trustee).spawninstance_()

objtrustee.domain = objsid.referenceddomainname

objtrustee.name = objsid.accountname

objtrustee.sid = objsid.binaryrepresentation

objtrustee.sidlength = objsid.sidlength

objtrustee.sidstring = objsid.sid

'設(shè)置ace

set objnewace = objwmiservice.get(win32_ace).spawninstance_()

objnewace.trustee = objtrustee

objnewace.acetype = 0

if instr(ucase(straccess),r) > 0 then objnewace.accessmask = 1179817

if instr(ucase(straccess),c) > 0 then objnewace.accessmask = 1245631

if instr(ucase(straccess),f) > 0 then objnewace.accessmask = 2032127

if pathtype = file and blinherit = true then objnewace.aceflags = 16

if pathtype = file and blinherit = false then objnewace.aceflags = 0

if pathtype = folder and blinherit = true then objnewace.aceflags = 19

if pathtype = folder and blinherit = false then objnewace.aceflags = 3

'設(shè)置sd

set objfilesecsetting = objwmiservice.get(win32_logicalfilesecuritysetting.path='&strpath&')

call objfilesecsetting.getsecuritydescriptor(objsd)

blse_dacl_auto_inherited = true

if (objsd.controlflags and &h400) = 0 then

blse_dacl_auto_inherited = false

objsd.controlflags = (objsd.controlflags or &h400)

'自動(dòng)繼承位置位,如果是剛創(chuàng)建的目錄或文件該位是不置位的,需要置位

end if

if blinherit = true then

objsd.controlflags = (objsd.controlflags and &hefff)

'阻止繼承復(fù)位

else

objsd.controlflags = (objsd.controlflags or &h1400)

'阻止繼承位置位,自動(dòng)繼承位置位

end if

objolddacl = objsd.dacl

redim objnewdacl(0)

set objnewdacl(0) = objnewace

if isarray(objolddacl) then

'權(quán)限為空時(shí)objolddacl不是集合不可遍歷

for each objace in objolddacl

if (blse_dacl_auto_inherited=false and blinherit=true) or ((objace.aceflags and 16)>0 and (blinherit=true) or (lcase(objace.trustee.name)=lcase(struser))) then

'do nothing

'當(dāng)自動(dòng)繼承位置位為0時(shí)即使時(shí)繼承的權(quán)限也會(huì)顯示為非繼承,這時(shí)所有權(quán)限都不設(shè)置

'當(dāng)自動(dòng)繼承位置位為0時(shí),在繼承父目錄權(quán)限的情況下不設(shè)置繼承的權(quán)限.賬戶和需要加權(quán)限的賬戶一樣時(shí)不設(shè)置權(quán)限

else

ubd = ubound(objnewdacl)

redim preserve objnewdacl(ubd+1)

set objnewdacl(ubd+1) = objace

end if

next

end if

objsd.dacl = objnewdacl

'提交設(shè)置修改

call objfilesecsetting.setsecuritydescriptor(objsd)

addpermission = 0

set fso = nothing

end function