Here is the altered code that successfully places the two correct "Deny"
ACEs in the ACL for a user object. However, it places them at the BOTTOM
of the ACL and it should in fact be at the top of the collection. I need
help figuring out how to place the ACEs at the top of the ACL collection,
please.
Thank-you!
Code:
use Win32;
use Win32::OLE;
$NO_CHANGE_PASSWORD = '{ab721a53-1e2f-11d0-9819-00aa0040529b}';
$aceo = Win32::OLE->CreateObject("AccessControlEntry");
$aceo2 = Win32::OLE->CreateObject("AccessControlEntry");
$uo =
Win32::OLE->GetObject("LDAP://CN=blah,CN=Users,DC=cgwindows,DC=cgc,DC=maricopa,DC=edu";);
$security = Win32::OLE->CreateObject("ADsSecurity");
$sdo =
$security->GetSecurityDescriptor("LDAP://CN=blah,CN=Users,DC=cgwindows,DC=cgc,DC=maricopa,DC=edu";);
$daclo = $sdo->{DiscretionaryAcl};
$aceo->LetProperty('Trustee','NT Authority\Self');
$aceo->LetProperty('AccessMask',0x100);
$aceo->LetProperty('AceFlags',0);
$aceo->LetProperty('AceType',6);
$aceo->LetProperty('Flags',1);
$aceo->LetProperty('ObjectType',$NO_CHANGE_PASSWORD);
$aceo2->LetProperty('Trustee','Everyone');
$aceo2->LetProperty('AccessMask',0x100);
$aceo2->LetProperty('AceFlags',0);
$aceo2->LetProperty('AceType',6);
$aceo2->LetProperty('Flags',1);
$aceo2->LetProperty('ObjectType',$NO_CHANGE_PASSWORD);
$daclo->AddAce($aceo);
$daclo->AddAce($aceo2);
$sdo->LetProperty('DiscretionaryAcl',$daclo);
$security->SetSecurityDescriptor($sdo);
$uo->SetInfo;
exit;
Systems Programmer
Only those who have the patience to do simple things perfectly ever acquire
the skill to do difficult things easily.
Author Unknown
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
