使用wmi修改文件文件夾的ntfs權限實現(xiàn)方法，需要的朋友可以參考下

使用wmi修改文件文件夾的ntfs權限, 代碼：

代碼如下:

struser = guests

strpath = d:\\abc.txt

retval = addpermission(struser,strpath,r,true)

'-------------------------------------------------------------------------

'用于給文件和文件夾添加一條權限設置.返回值: 0-成功,1-賬戶不存在,2-路徑不存在

'struser表示用戶名或組名

'strpath表示文件夾路徑或文件路徑

'straccess表示允許權限設置的字符串,字符串中帶有相應字母表示允許相應權限: r-讀,c-讀寫,f-完全控制

'blinherit表示是否繼承父目錄權限.true為繼承,false為不繼承

function addpermission(struser,strpath,straccess,blinherit)

set objwmiservice = getobject(winmgmts:\\.\root\cimv2)

set fso = createobject(scripting.filesystemobject)

'得到win32_sid并判斷用戶/組/內(nèi)置賬戶是否存在

set colusers = objwmiservice.execquery(select * from win32_account where name='&struser&')

if colusers.count<>0 then

for each objuser in colusers

strsid = objuser.sid

next

else

addpermission = 1

exit function

end if

set objsid = objwmiservice.get(win32_sid.sid='&strsid&')

'判斷文件/文件夾是否存在

pathtype =

if fso.fileexists(strpath) then pathtype = file

if fso.folderexists(strpath) then pathtype = folder

if pathtype = then

addpermission = 2

exit function

end if

'設置trustee

set objtrustee = objwmiservice.get(win32_trustee).spawninstance_()

objtrustee.domain = objsid.referenceddomainname

objtrustee.name = objsid.accountname

objtrustee.sid = objsid.binaryrepresentation

objtrustee.sidlength = objsid.sidlength

objtrustee.sidstring = objsid.sid

'設置ace

set objnewace = objwmiservice.get(win32_ace).spawninstance_()

objnewace.trustee = objtrustee

objnewace.acetype = 0

if instr(ucase(straccess),r) > 0 then objnewace.accessmask = 1179817

if instr(ucase(straccess),c) > 0 then objnewace.accessmask = 1245631

if instr(ucase(straccess),f) > 0 then objnewace.accessmask = 2032127

if pathtype = file and blinherit = true then objnewace.aceflags = 16

if pathtype = file and blinherit = false then objnewace.aceflags = 0

if pathtype = folder and blinherit = true then objnewace.aceflags = 19

if pathtype = folder and blinherit = false then objnewace.aceflags = 3

'設置sd

set objfilesecsetting = objwmiservice.get(win32_logicalfilesecuritysetting.path='&strpath&')

call objfilesecsetting.getsecuritydescriptor(objsd)

blse_dacl_auto_inherited = true

if (objsd.controlflags and &h400) = 0 then

blse_dacl_auto_inherited = false

objsd.controlflags = (objsd.controlflags or &h400)

'自動繼承位置位,如果是剛創(chuàng)建的目錄或文件該位是不置位的,需要置位

end if

if blinherit = true then

objsd.controlflags = (objsd.controlflags and &hefff)

'阻止繼承復位

else

objsd.controlflags = (objsd.controlflags or &h1400)

'阻止繼承位置位,自動繼承位置位

end if

objolddacl = objsd.dacl

redim objnewdacl(0)

set objnewdacl(0) = objnewace

if isarray(objolddacl) then

'權限為空時objolddacl不是集合不可遍歷

for each objace in objolddacl

if (blse_dacl_auto_inherited=false and blinherit=true) or ((objace.aceflags and 16)>0 and (blinherit=true) or (lcase(objace.trustee.name)=lcase(struser))) then

'do nothing

'當自動繼承位置位為0時即使時繼承的權限也會顯示為非繼承,這時所有權限都不設置

'當自動繼承位置位為0時,在繼承父目錄權限的情況下不設置繼承的權限.賬戶和需要加權限的賬戶一樣時不設置權限

else

ubd = ubound(objnewdacl)

redim preserve objnewdacl(ubd+1)

set objnewdacl(ubd+1) = objace

end if

next

end if

objsd.dacl = objnewdacl

'提交設置修改

call objfilesecsetting.setsecuritydescriptor(objsd)

addpermission = 0

set fso = nothing

end function