It seems whenever someone on this list asks a question about
permissions, everyone refers said person to Dave Roth's Win32::Perms
module, but I've never seen any actual working code examples to
accompany that advice. Can someone out there post a simple snippet of
code that works correctly on a Windows 2000/XP machine??
I have spent a lot of time trying to get Dave Roth's Win32::Perms module
to work on non-NT machines. I even bought the Second Edition of his
Standard Extensions Book hoping to get Win32::Perms to work correctly
for me. However, I cannot seem to get even his simplest examples to work
on Windows 2000\XP machines.
Using the following code (lifted pretty much directly from his book),
and running it on multiple test folders on different machines with
different users, I seem to get two results.
Example:
use Win32::Perms;
$PermsObj = new Win32::Perms("c:\\testfolder");
$PermsObj->Allow("Domain Admins",CHANGE,CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE);
$PermsObj->Set();
Either the permissions are granted on the top folder, but none of the
sub-folders or files (i.e. container and object inheritance doesn't seem
to work) OR I get this error message when I try to look at permissions
through Windows Explorer
"The permissions on testfolder are incorrectly ordered, which may cause
some entries to be ineffective. Press OK to continue and sort the
permissions correctly, or Cancel to reset the permissions"
Clicking OK actually does resort the permissions, AND then inheritance
works, and the subfolders and files receive the inherited permissions.
What's interesting is that I was looking at some code a Microsoft
consultant wrote for us in VBScript and I noticed that when setting
permissions, he called a Subroutine that re-sorted DACLs... so it looks
like this is an issue in VBScript as well.
Has anyone else seen this?? Does anyone use Win32::Perms on Windows
2000/XP machines and can share some insight?? Nothing fancy... just
setting permissions on a top-level folder and getting inheritance to
work.
Meanwhile, I just recently came across some freeware that (so far) sets
permissions and inheritance correctly. It's called SetACL.exe, and it
just may be my solution to setting Windows 2000/XP permissions through
scripts (But I sure hate backticking... I'd much rather write pure Perl
scripts)
For anyone else who wants to check it out (I'm not fully endorsing it
yet)
http://www.helge.mynetcologne.de/setacl/
SetACL can set permissions on:
Local or remote directories
Local or remote files
Local or remote printers
Local or remote registry keys
Local or remote Win32 services
Local or remote network shares
Ron Rosenkoetter
System Engineer
Server Administration & Management
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 15, 2002 12:59 PM
To: [EMAIL PROTECTED]
Subject: Registry/File permissions!
Timothy/Darin: Thanks for your responses
All: I will use Win32::Perms to set the permissions in both the
directories/registry. I want to tackle the directories first, since it
seems easier.
The below script sets the ACL permissions to a directory, I can't seem
to
figure out how to have those permissions propagate to existing files and
directories inside of c:\login (for example). I tried using SetRecurse
and
that just used the harddisk for about 40 seconds (there is only 2 files
in
c:\login mind you), and ended up doing nothing. Any help would be
extremely
appreciated as I am getting quite frustrated/desperate! :)
use Win32;
use Win32::Perms;
&SecureKey('dir:c:\login');
sub SecureKey {
my ($Key) = @_;
my $Perms = new Win32::Perms($Key);
print "Setting permissions for: $Key\n";
($Perms) || die "Could not obtain permissions for: $Key\n";
my %Permissions = (
'Administrators' => FULL,
'Users' => READ,
);
$Perms->Remove(-1);
$Perms->Owner('Administrators');
foreach $User (keys %Permissions) {
$Perms->Allow($User, $Permissions{$User});
}
$Perms->Set() || die "Error: ($^E)";
}
---------------------------------------------------------------
Robert Blake
Technical Systems Analyst
Intel Servers, IT Shared Services - Symcor Inc.
1 Robert Speck Parkway, Mississauga, Ontario
E-mail: [EMAIL PROTECTED]
---------------------------------------------------------------
Timothy Johnson
<[EMAIL PROTECTED]> To:
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
Sent by:
[EMAIL PROTECTED]
[EMAIL PROTECTED] cc:
eState.com
Subject: RE: Registry permissions!
11/14/02 04:44 PM
It will take some learning, but Win32::Perms from Dave Roth will work.
http://www.roth.net/perl/perms
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 14, 2002 1:35 PM
To: [EMAIL PROTECTED]
Subject: Registry permissions!
I need to write a script that will set permissions on a registry key
(lets
say hkey_local_machine\system) and change the permissions to specific
user
access. e.g. 'Administrators' Full control, and then 'Everyone' Read. I
also need a way to propagate the permissions to keys from that point on
for
some of the changes I need to make. I haven't been able to find anything
in
my searches, and was wondering if someone knew a solution to my problem?
Thank you for any help you can provide!
---------------------------------------------------------------
Robert Blake
Technical Systems Analyst
Intel Servers, IT Shared Services - Symcor Inc.
1 Robert Speck Parkway, Mississauga, Ontario
E-mail: [EMAIL PROTECTED]
---------------------------------------------------------------
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
