vbs通過wmi修改文件文件夾的ntfs權(quán)限

    使用wmi修改文件文件夾的ntfs權(quán)限實現(xiàn)方法，需要的朋友可以參考下
    使用wmi修改文件文件夾的ntfs權(quán)限, 代碼：
    代碼如下:
    struser = guests
    strpath = d:\\abc.txt
    retval = addpermission(struser,strpath,r,true)
    '-------------------------------------------------------------------------
    '用于給文件和文件夾添加一條權(quán)限設(shè)置.返回值: 0-成功,1-賬戶不存在,2-路徑不存在
    'struser表示用戶名或組名
    'strpath表示文件夾路徑或文件路徑
    'straccess表示允許權(quán)限設(shè)置的字符串,字符串中帶有相應(yīng)字母表示允許相應(yīng)權(quán)限: r-讀,c-讀寫,f-完全控制
    'blinherit表示是否繼承父目錄權(quán)限.true為繼承,false為不繼承
    function addpermission(struser,strpath,straccess,blinherit)
    set objwmiservice = getobject(winmgmts:\\.\root\cimv2)
    set fso = createobject(scripting.filesystemobject)
    '得到win32_sid并判斷用戶/組/內(nèi)置賬戶是否存在
    set colusers = objwmiservice.execquery(select * from win32_account where name='&struser&')
    if colusers.count<>0 then
    for each objuser in colusers
    strsid = objuser.sid
    next
    else
    addpermission = 1
    exit function
    end if
    set objsid = objwmiservice.get(win32_sid.sid='&strsid&')
    '判斷文件/文件夾是否存在
    pathtype =
    if fso.fileexists(strpath) then pathtype = file
    if fso.folderexists(strpath) then pathtype = folder
    if pathtype = then
    addpermission = 2
    exit function
    end if
    '設(shè)置trustee
    set objtrustee = objwmiservice.get(win32_trustee).spawninstance_()
    objtrustee.domain = objsid.referenceddomainname
    objtrustee.name = objsid.accountname
    objtrustee.sid = objsid.binaryrepresentation
    objtrustee.sidlength = objsid.sidlength
    objtrustee.sidstring = objsid.sid
    '設(shè)置ace
    set objnewace = objwmiservice.get(win32_ace).spawninstance_()
    objnewace.trustee = objtrustee
    objnewace.acetype = 0
    if instr(ucase(straccess),r) > 0 then objnewace.accessmask = 1179817
    if instr(ucase(straccess),c) > 0 then objnewace.accessmask = 1245631
    if instr(ucase(straccess),f) > 0 then objnewace.accessmask = 2032127
    if pathtype = file and blinherit = true then objnewace.aceflags = 16
    if pathtype = file and blinherit = false then objnewace.aceflags = 0
    if pathtype = folder and blinherit = true then objnewace.aceflags = 19
    if pathtype = folder and blinherit = false then objnewace.aceflags = 3
    '設(shè)置sd
    set objfilesecsetting = objwmiservice.get(win32_logicalfilesecuritysetting.path='&strpath&')
    call objfilesecsetting.getsecuritydescriptor(objsd)
    blse_dacl_auto_inherited = true
    if (objsd.controlflags and &h400) = 0 then
    blse_dacl_auto_inherited = false
    objsd.controlflags = (objsd.controlflags or &h400)
    '自動繼承位置位,如果是剛創(chuàng)建的目錄或文件該位是不置位的,需要置位
    end if
    if blinherit = true then
    objsd.controlflags = (objsd.controlflags and &hefff)
    '阻止繼承復(fù)位
    else
    objsd.controlflags = (objsd.controlflags or &h1400)
    '阻止繼承位置位,自動繼承位置位
    end if
    objolddacl = objsd.dacl
    redim objnewdacl(0)
    set objnewdacl(0) = objnewace
    if isarray(objolddacl) then
    '權(quán)限為空時objolddacl不是集合不可遍歷
    for each objace in objolddacl
    if (blse_dacl_auto_inherited=false and blinherit=true) or ((objace.aceflags and 16)>0 and (blinherit=true) or (lcase(objace.trustee.name)=lcase(struser))) then
    'do nothing
    '當(dāng)自動繼承位置位為0時即使時繼承的權(quán)限也會顯示為非繼承,這時所有權(quán)限都不設(shè)置
    '當(dāng)自動繼承位置位為0時,在繼承父目錄權(quán)限的情況下不設(shè)置繼承的權(quán)限.賬戶和需要加權(quán)限的賬戶一樣時不設(shè)置權(quán)限
    else
    ubd = ubound(objnewdacl)
    redim preserve objnewdacl(ubd+1)
    set objnewdacl(ubd+1) = objace
    end if
    next
    end if
    objsd.dacl = objnewdacl
    '提交設(shè)置修改
    call objfilesecsetting.setsecuritydescriptor(objsd)
    addpermission = 0
    set fso = nothing
    end function