Foldername="c:\Prueba" 'folder to share
sharename="Probando" 'Share Name
strDesc="Descripcion Prueba" 'Share Description
strUser="UsuarioPrueba" 'User or group to set permissions for
strUser2="GrupoPrueba" 'User2 or group2 to set permissions for
Set Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2")
' Connects to the WMI service with security privileges
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
' Need an instance of the Win32_SecurityDescriptor so we can create an instance of a Security Descriptor.
Set SecDesc = SecDescClass.SpawnInstance_()
' Create an instance of a Security Descriptor.
'*** Primer Usuario o Grupo ***
Set colWinAcc = Services.ExecQuery("SELECT * FROM Win32_ACCOUNT WHERE Name='" & strUser & "'")
If colWinAcc.Count < 1 Then
Wscript.echo("User " & strUser & "Not Found - quitting")
wscript.quit
End If
For Each refItem in colWinAcc
Set refSID = Services.Get("Win32_SID='" & refItem.SID & "'")
' Get the SID for the choosen Windows account.
Next
Set refTrustee = Services.Get("Win32_Trustee").spawnInstance_()
' Creates an instance of a Windows Security Trustee (usually a user but anything with a SID I guess...)
With refTrustee
.Domain = refSID.ReferencedDomainName
.Name = refSID.AccountName
.SID = refSID.BinaryRepresentation
.SidLength = refSID.SidLength
.SIDString = refSID.SID
End With
' Sets the trustee object up with the SID & all that malarkey from the user object we have choosen to work on
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
' Creates an instance of an Access Control Entry Object(this will be one entry on the access list on an object)
ACE.Properties_.Item("AccessMask") = 2032127 '2032127 = "Full"; 1245631 = "Change"; 1179817 = "Read"
' This is full Control ' This is full Control (bitflag) full list here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/win32_ace.asp
ACE.Properties_.Item("AceFlags") = 3
' what to apply ACE to inc inhehitance 3 - means files & folders get permssions & pass onto children
ACE.Properties_.Item("AceType") = 0
' 0=allow access 1=deny access
ACE.Properties_.Item("Trustee") = refTrustee
' Set the Trustee (user) that this Access control Entry will refer to.
'*** Segundo Usuario o Grupo ***
Set colWinAcc2 = Services.ExecQuery("SELECT * FROM Win32_ACCOUNT WHERE Name='" & strUser2 & "'")
If colWinAcc2.Count < 1 Then
Wscript.echo("User " & strUser2 & "Not Found - quitting")
wscript.quit
End If
' Find the WMI representation of a particular Windows Account
For Each refItem in colWinAcc2
Set refSID2 = Services.Get("Win32_SID='" & refItem.SID & "'")
' Get the SID for the choosen Windows account.
Next
Set refTrustee2 = Services.Get("Win32_Trustee").spawnInstance_()
' Creates an instance of a Windows Security Trustee (usually a user but anything with a SID I guess...)
With refTrustee2
.Domain = refSID2.ReferencedDomainName
.Name = refSID2.AccountName
.SID = refSID2.BinaryRepresentation
.SidLength = refSID2.SidLength
.SIDString = refSID2.SID
End With
' Sets the trustee object up with the SID & all that malarkey from the user object we have choosen to work on
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_
' Creates an instance of an Access Control Entry Object(this will be one entry on the access list on an object)
ACE2.Properties_.Item("AccessMask") = 1179817 '2032127 = "Full"; 1245631 = "Change"; 1179817 = "Read"
' This is Read (bitflag) full list here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/win32_ace.asp
ACE2.Properties_.Item("AceFlags") = 3
' what to apply ACE to inc inhehitance 3 - means files & folders get permssions & pass onto children
ACE2.Properties_.Item("AceType") = 0
' 0=allow access 1=deny access
ACE2.Properties_.Item("Trustee") = refTrustee2
' Set the Trustee (user) that this Access control Entry will refer to.
'*** Lista ACL ***
Set objDictionary = CreateObject("Scripting.Dictionary")
objDictionary.Add "Empty Key", ACE
objDictionary.Add "Empty Key2", ACE2
' Create Temporal ACL on a Dictionary object
SecDesc.Properties_.Item("DACL") = objDictionary.Items
' SecDesc.Properties_.Item("DACL") = Array(ACE)
' Get the DACL property of the Security Descriptor object
' Add the ACE to the Dynamic Access Control List on the object (an array) it will overwrite the old entries
' unless you retreive & save 'em first & add them to a big array with the new entry as well as the old ones
Set Share = Services.Get("Win32_Share")
' Get a WMI share Object
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
' Create an instance of a WMI input Parameters object
InParam.Properties_.Item("Access") = SecDesc
' Set the Access Parameter to the Security Descriptor Object we configured above
InParam.Properties_.Item("Description") = strDesc
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("Type") = 0
Set outParams=Share.ExecMethod_("Create", InParam)
' Create the share with all the parameters we have set up
wscript.echo("OUT: " & outParams.returnValue)
If outParams.returnValue <> 0 Then
wscript.echo("Failed to Create Share, return Code:" & outParams.returnValue)
Else
wscript.echo("Folder " & Foldername & " sucessfully shared as: " & sharename & " with FULL CONTROL Permissions for user " & strUser _
& " and READ Permissions for user " & strUser2)
End If
Más info para tratamiento de la lista ACL:
http://www.autoitscr...dacl-using-wmi/