Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: wntAccessAdd and Inherited Rights error 545 wntAccessAdd wntAccessGet
We had complex ACEs ;^)
Any way I thought I'd write a script to capture all ACEs for all files and directories. I know, it's not pretty, but here it is anyway:
AddExtender("WWWNT34I.DLL") server1="khzits31" ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;Enumerate Shares on Server1 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; shares=wntsharelist(server1,16,0) sharescount=itemcount(shares, @tab) for a=1 to sharescount share = itemextract(a,shares, @tab) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;Check if Share is a Drive (less then 3 Characters i.e. C$, D$, etc. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; driveshare=strlen(share) if driveshare<3 ; if share=="H$" uncshare=strcat("\\",server1,"\",share) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;List users with privileges for Share root i.e C:, D:, etc. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Users=wntAccesslist("",uncshare,300,1) userscount=itemcount(users, @tab) for ab=1 to userscount user = itemextract(ab,users, @tab) records=wntAccessGet("",uncshare,user,300,0) owner=wntownerget("", 0, uncshare, 300, 1) iniwritepvt(server1,"%uncshare%=%user%","%records%=%owner%","C:\TEMP\%server1%.txt") next ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;List users with privileges for all files and directories ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; AddExtender("wsrch34i.dll") objectcount=0 handle=srchInit(uncshare,"*.*","","",8+16+32) while 1 object=srchNext(handle) if object=="" then break objectcount=objectcount+1 errormode(@off) error1 = lasterror() Users=wntAccesslist("",object,300,1) ErrorMode(@CANCEL) If error1 != 0 then iniwritepvt("ERRORS",object,error1,"C:\TEMP\%server1%.txt") userscount=itemcount(users, @tab) for b=1 to userscount user = itemextract(b,users, @tab) errormode(@off) error2 = lasterror() records=wntAccessGet("",object,user,300,0) owner=wntownerget("", 0, object, 300, 1) ErrorMode(@CANCEL) If error2 != 0 then iniwritepvt("ERRORS",object,error1,"C:\TEMP\%server1%.txt") fullpath=strcat(object,"=",user) iniwritepvt(server1,fullpath,"%records%=%owner%","C:\TEMP\%server1%.txt") next endwhile srchFree(handle) endif next exitIt works, but the other script which (I thought) would read the file and reset the ACEs doesn't work. I get an error 545. Here it comes:
AddExtender("WWWNT34I.DLL") server1="khzits31" netname=wntGetUser(@default) ret=wntPrivGet("\\%server1%",netname,"SeRestorePrivilege", 0) if ret==0 string1="You need SeRestorePrivilege on %server1% in order to rewrite Ownership Information on files.%@crlf%" string2="DO NOT forget to log off and on again for the changes to take affect!%@crlf%%@crlf%" string3="If you wish to make the changes yourself, press NO. If I should make the changes for you press YES." addpriv=askyesno (netname, strcat(string1,string2,string3)) if addpriv==@YES wntPrivAdd("\\%server1%",netname,"SeRestorePrivilege", 0) message (netname, "Please log off and on again. After that you may run this program again!") exit else Message(netname, "Grant yourself the SeRestorePrivilege on %server1%, log off and on again. After that you may run this program again!") exit endif endif allerrors=iniitemizepvt ("Errors", "C:\TEMP\%server1%.txt") allfiles=iniitemizepvt (server1, "C:\TEMP\%server1%.txt") filescount=itemcount(allfiles, @tab) for a=1 to filescount file = itemextract(a,allfiles, @tab) file_a=inireadpvt(server1, file, "", "C:\TEMP\%server1%.txt") file=strcat(file, "=", file_a) file=strreplace(file,"=", @TAB) file=strreplace(file," ", "BLANKSPACEINFILENAME") ParseData(file) object=strreplace(param1,"BLANKSPACEINFILENAME"," ") if param0 >1 then user=param2 if param0 >2 then perms=param3 if param0 >3 then owner=param4 if param0 <4 then owner="VORDEFINIERT\Administratoren" errormode(@off) error1 = lasterror() wntAccessadd("",object,user,300,perms,0) wntownerset("", 0, object, 300,user, 0) ErrorMode(@CANCEL) If error1 != 0 then iniwritepvt("ERRORS",object,error1,"C:\TEMP\setperm%server1%error.txt") next ExitI seem to have problems with the output from wntAccessGet. (0:16:2032127 or 0:16:1245631 and Others)
How can it be interpreted in the second program.
It is OK to report the existence of an inherited ACE for purposes of knowing what actual permissions apply to a securable object like a folder or a file, but you must not try to manipulate an inherited ACE when adding/removing permissions.
Modify your script to check for an inherited ACE and to skip all processing for inherited ACEs.
Something like:
MyACE = '0:16:1245631' Flags = Int(ItemExtract(1,MyACE,':')) if (Flags & 16) ; Skip this ACE else ; Process this ACE endif
Article ID: W15203
File Created: 2002:09:05:13:50:34
Last Updated: 2002:09:05:13:50:34