WMI列出Windows中某个目录的用户权限
2007-04-26 14:55
507 查看
using System;
using System.Management;
using System.Collections;
class Tester
{
public static void Main()
{
try
{
ManagementPath path = new ManagementPath( );
path.Server = ".";
path.NamespacePath = @"root/cimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='c://test'"; // using tmp as folder name
ManagementObject lfs = new ManagementObject(path);
// Dump all trustees (this includes owner)
foreach (ManagementBaseObject b in lfs.GetRelated())
Console.WriteLine("Trustee: {0} /t SID [{1}]", b["AccountName"], b["SID"]);
// Get the security descriptor for this object
ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor", null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0)
{
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
DumpACEs(DaclObject);
ManagementBaseObject OwnerObject = ((ManagementBaseObject)(Descriptor.Properties["Owner"].Value));
DumpOwnerProperties(OwnerObject.Properties); // Show owner properies
}
}
catch(Exception e)
{
Console.WriteLine(e);
Console.ReadLine();
}
}
static void DumpACEs(ManagementBaseObject[] DaclObject)
{
// ACE masks see: winnt.h
string[] filedesc = {"FILE_READ_DATA", "FILE_WRITE_DATA", "FILE_APPEND_DATA", "FILE_READ_EA",
"FILE_WRITE_EA", "FILE_EXECUTE", "FILE_DELETE_CHILD", "FILE_READ_ATTRIBUTES",
"FILE_WRITE_ATTRIBUTES", " ", " ", " ",
" ", " ", " ", " ",
"DELETE ", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER",
"SYNCHRONIZE ", " ", " "," ",
"ACCESS_SYSTEM_SECURITY", "MAXIMUM_ALLOWED", " "," ",
"GENERIC_ALL", "GENERIC_EXECUTE", "GENERIC_WRITE","GENERIC_READ"};
foreach(ManagementBaseObject mbo in DaclObject)
{
Console.WriteLine("-------------------------------------------------");
Console.WriteLine("mask: {0:X} - aceflags: {1} - acetype: {2}", mbo["AccessMask"], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(mbo["AceType"].ToString() == "1")
Console.WriteLine("DENIED ACE TYPE");
else
Console.WriteLine("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseObject Trustee = ((ManagementBaseObject)(mbo["Trustee"]));
Console.WriteLine("Name: {0} - Domain: {1} - SID {2}/n",
Trustee.Properties["Name"].Value,
Trustee.Properties["Domain"].Value,
Trustee.Properties["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask"];
int[] m = {(int)mask};
BitArray ba = new BitArray(m);
int i = 0;
IEnumerator baEnum = ba.GetEnumerator();
while ( baEnum.MoveNext() )
{
if((bool)baEnum.Current)
Console.WriteLine( "/t[{0}]", filedesc[i]);
i++;
}
}
}
static void DumpOwnerProperties(PropertyDataCollection Owner)
{
Console.WriteLine("=============== Owner Properties ========================");
Console.WriteLine();
Console.WriteLine("Domain {0} /tName {1}",Owner["Domain"].Value, Owner["Name"].Value);
Console.WriteLine("SID /t{0}",Owner["SidString"].Value);
Console.ReadLine();
}
}
using System.Management;
using System.Collections;
class Tester
{
public static void Main()
{
try
{
ManagementPath path = new ManagementPath( );
path.Server = ".";
path.NamespacePath = @"root/cimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='c://test'"; // using tmp as folder name
ManagementObject lfs = new ManagementObject(path);
// Dump all trustees (this includes owner)
foreach (ManagementBaseObject b in lfs.GetRelated())
Console.WriteLine("Trustee: {0} /t SID [{1}]", b["AccountName"], b["SID"]);
// Get the security descriptor for this object
ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor", null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0)
{
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
DumpACEs(DaclObject);
ManagementBaseObject OwnerObject = ((ManagementBaseObject)(Descriptor.Properties["Owner"].Value));
DumpOwnerProperties(OwnerObject.Properties); // Show owner properies
}
}
catch(Exception e)
{
Console.WriteLine(e);
Console.ReadLine();
}
}
static void DumpACEs(ManagementBaseObject[] DaclObject)
{
// ACE masks see: winnt.h
string[] filedesc = {"FILE_READ_DATA", "FILE_WRITE_DATA", "FILE_APPEND_DATA", "FILE_READ_EA",
"FILE_WRITE_EA", "FILE_EXECUTE", "FILE_DELETE_CHILD", "FILE_READ_ATTRIBUTES",
"FILE_WRITE_ATTRIBUTES", " ", " ", " ",
" ", " ", " ", " ",
"DELETE ", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER",
"SYNCHRONIZE ", " ", " "," ",
"ACCESS_SYSTEM_SECURITY", "MAXIMUM_ALLOWED", " "," ",
"GENERIC_ALL", "GENERIC_EXECUTE", "GENERIC_WRITE","GENERIC_READ"};
foreach(ManagementBaseObject mbo in DaclObject)
{
Console.WriteLine("-------------------------------------------------");
Console.WriteLine("mask: {0:X} - aceflags: {1} - acetype: {2}", mbo["AccessMask"], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(mbo["AceType"].ToString() == "1")
Console.WriteLine("DENIED ACE TYPE");
else
Console.WriteLine("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseObject Trustee = ((ManagementBaseObject)(mbo["Trustee"]));
Console.WriteLine("Name: {0} - Domain: {1} - SID {2}/n",
Trustee.Properties["Name"].Value,
Trustee.Properties["Domain"].Value,
Trustee.Properties["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask"];
int[] m = {(int)mask};
BitArray ba = new BitArray(m);
int i = 0;
IEnumerator baEnum = ba.GetEnumerator();
while ( baEnum.MoveNext() )
{
if((bool)baEnum.Current)
Console.WriteLine( "/t[{0}]", filedesc[i]);
i++;
}
}
}
static void DumpOwnerProperties(PropertyDataCollection Owner)
{
Console.WriteLine("=============== Owner Properties ========================");
Console.WriteLine();
Console.WriteLine("Domain {0} /tName {1}",Owner["Domain"].Value, Owner["Name"].Value);
Console.WriteLine("SID /t{0}",Owner["SidString"].Value);
Console.ReadLine();
}
}
相关文章推荐
- WMI列出Windows中某个目录的用户权限
- WMI列出Windows中某个目录的用户权限
- 使用WMI列出Windows中某个目录的用户权限(C#)
- 把windows一个目录mount到Ubuntu下,非root用户没有写权限
- C# Windows帐户和目录添加用户权限方法
- 把windows目录挂载mount到linux下,非root用户没有写权限解决方法
- C# Windows帐户和目录添加用户权限方法
- windows 下通过adb shell进入data目录,Permission denied 权限被拒绝
- linux下通过acl配置灵活目录文件权限(可用于ftp,web服务器的用户权限控制)
- ftp用户权限(其实是PHP的php.ini或APACHE的httpd.conf配置 限制目录访问)
- Windows服务(Windows Service,system权限)程序显示界面与用户交互(xp,win7通用)
- Linux学习笔记(三):权限管理(文件目录权限、用户权限)
- 给一个普通用户有在他的目录下有创建文件的权限
- Linux 给新用户授予、设置Tomcat目录的使用权限
- windows使用subinacl让普通用户具有服务管理权限
- 通过 SQL Server 用户来添加Windows帐户并提升为管理员权限
- oracle常用语句之新建表空间、新建用户、给用户DBA权限及windows 导入dmp文件
- 创建用户组,然后创建30个用户个用户目录,并赋予相应权限
- windows 给安装目录命令权限
- 获取windows登录用户的用户目录 C++