C#通过WMI设置NTFS目录共享和目录安全

现在的位置: 首页 > 综合 > 正文

C#通过WMI设置NTFS目录共享和目录安全

2013年04月02日 ⁄ 综合 ⁄ 共 7097字 ⁄ 字号小中大 ⁄ 评论关闭

1) 目录共享：通过WMI的Win32_Share类的Create()方法来实现。
2) 目录安全：通过WMI的Win32_LogicalFileSecuritySetting类的SetSecurityDescriptor()方法来实现，涉及到win32_trustee和win32_ace类。

完整代码如下：

using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Text;

using System.Windows.Forms;

using System.Management;

namespace SharePermissions

{

public enum ShareResourceType : uint

{

DiskDrive = 0x0,

PrintQueue = 0x1,

Device = 0x2,

IPC = 0x3,

DiskDriveAdmin = 0x80000000,

PrintQueueAdmin = 0x80000001,

DeviceAdmin = 0x80000002,

IPCAdmin = 0x80000003

}

[Flags]

public enum AccessPrivileges : uint

{

FileReadData = 0x00000001,

FileWriteData = 0x00000002,

FileAppendData = 0x00000004,

FileReadEA = 0x00000008,

FileWriteEA = 0x00000010,

FileExecute = 0x00000020,

FileDeleteChild = 0x00000040,

FileReadAttributes = 0x00000080,

FileWriteAttributes = 0x00000100,

Delete = 0x00010000,

ReadControl = 0x00020000,

WriteDac = 0x00040000,

WriteOwner = 0x00080000,

Synchronize = 0x00100000

}

[Flags]

enum AceFlags : uint

{

NonInheritAce = 0,

ObjectInheritAce = 1,

ContainerInheritAce = 2,

NoPropagateInheritAce = 4,

InheritOnlyAce = 8,

InheritedAce = 16

}

[Flags]

enum AceType : uint

{

AccessAllowed = 0,

AccessDenied = 1,

Audit = 2

}

public partial class Form1 : Form

{

public Form1()

{

InitializeComponent();

}

private void Form1_Load(object sender, EventArgs e)

{

SetShares();

SetPermissions();

}

void SetShares()

{

ManagementClass mc = new ManagementClass("win32_share");

ManagementBaseObject inParams = mc.GetMethodParameters("Create");

inParams["Path"] = @"C:DownloadsTemp";

inParams["Name"] = "Temp";

inParams["Type"] = ShareResourceType.DiskDrive;

inParams["MaximumAllowed"] = null; //null = 用户数连接无限制,否则指定一个正整数

inParams["Description"] = null;

inParams["Password"] = null;

inParams["Access"] = null; //null = 使Everyone拥有完全控制权限

ManagementBaseObject outParams = mc.InvokeMethod("Create", inParams, null);

uint returnValue = (uint)outParams.Properties["ReturnValue"].Value;

string ErrorMessage = null;

switch (returnValue)

{

case 0: //Success

break;

case 2: //Access denied

ErrorMessage = "无权访问";

break;

case 8: //Unknown failure

ErrorMessage = "未知失败";

break;

case 9: //Invalid name

ErrorMessage = "非法的共享名";

break;

case 10: //Invalid level

ErrorMessage = "非法的层次";

break;

case 21: //Invalid parameter

ErrorMessage = "非法的参数";

break;

case 22: //Duplicate share

ErrorMessage = "重复共享";

break;

case 23: //Redirected path

ErrorMessage = "重定向路径";

break;

case 24: //Unknown device or directory

ErrorMessage = "未知的目录";

break;

case 25: //Net name not found

ErrorMessage = "网络名不存在";

break;

default:

break;

}

if (returnValue == 0)

MessageBox.Show("成功");

else

MessageBox.Show(ErrorMessage);

}

bool SetPermissions()

{

//ManagementPath path = new ManagementPath();

//path.Server = "."; // 机器名, .表示本机

//path.NamespacePath = @"rootcimv2";

//path.RelativePath = string.Format("Win32_LogicalFileSecuritySetting.Path='{0}'", @"C:DownloadsTemp");

//ManagementObject mo = new ManagementObject(path);

ManagementObject mo = new ManagementObject(string.Format("Win32_LogicalFileSecuritySetting.Path='{0}'", @"C:DownloadsTemp"));

ManagementBaseObject outParams = mo.InvokeMethod("GetSecurityDescriptor", null, null);

if ((uint)outParams.Properties["ReturnValue"].Value != 0)

return false;

ManagementBaseObject Descriptor = (ManagementBaseObject)outParams.Properties["Descriptor"].Value;

//foreach (ManagementBaseObject mbo in (ManagementBaseObject[])Descriptor.Properties["Dacl"].Value)

//{

// this.richTextBox1.AppendText(string.Format("AccessMask: {0} AceFlags:{1} AceType: {2} ", mbo["AccessMask"],

// Enum.Format(typeof(AceFlags), mbo["AceFlags"], "g"), mbo["AceType"]));

// if ((uint)mbo["AceType"] == (uint)AceType.AccessDenied)

// this.richTextBox1.AppendText("Denied Ace ");

// else

// this.richTextBox1.AppendText("Allowed Ace ");

// ManagementBaseObject Trustee = ((ManagementBaseObject)(mbo["Trustee"]));

// this.richTextBox1.AppendText(string.Format("Name: {0} Domain: {1} SID: {2} ",

// Trustee.Properties["Name"].Value,

// Trustee.Properties["Domain"].Value,

// Trustee.Properties["SIDString"].Value));

// uint mask = (UInt32)mbo["AccessMask"];

// this.richTextBox1.AppendText(Enum.Format(typeof(AccessPrivileges), mask, "g"));

// this.richTextBox1.AppendText(" ");

//}

List<ManagementBaseObject> newDacl = new List<ManagementBaseObject>();

//newDacl.AddRange((ManagementBaseObject[])Descriptor.Properties["Dacl"].Value);

//增加Everyone用户

ManagementClass trustee = new ManagementClass("win32_trustee");

trustee.Properties["Name"].Value = "Everyone";

trustee.Properties["Domain"].Value = null;

//设置只读/运行权限

ManagementClass ace = new ManagementClass("win32_ace");

ace.Properties["AccessMask"].Value = AccessPrivileges.FileReadData | AccessPrivileges.FileReadAttributes | AccessPrivileges.FileReadEA

| AccessPrivileges.ReadControl | AccessPrivileges.FileExecute;

ace.Properties["AceFlags"].Value = AceFlags.ObjectInheritAce | AceFlags.ContainerInheritAce | AceFlags.NoPropagateInheritAce;

ace.Properties["AceType"].Value = AceType.AccessAllowed;

ace.Properties["Trustee"].Value = trustee;

newDacl.Add(ace);

ManagementBaseObject inParams = mo.GetMethodParameters("SetSecurityDescriptor");

Descriptor.Properties["Dacl"].Value = newDacl.ToArray();

//Descriptor.Properties["Group"].Value = null;

//Descriptor.Properties["Owner"].Value = null;

【上篇】把根留住
【下篇】Android之自定义Animation

作者: zhenghuchuan

该日志由 zhenghuchuan 于11年前发表在综合分类下，最后更新于 2013年04月02日.
转载请注明: C#通过WMI设置NTFS目录共享和目录安全 | 学步园 +复制链接

抱歉!评论已关闭.

返回首页

（其他合作也可洽谈）

必威体育

必威电竞

学步园