michallev Posted February 22, 2005 Posted February 22, 2005 I use windows authentication.How can I fugure whether I have read permission for a certain directory?In fact, what I need is a way to ask a directory which grous are allowed to read it. Once I'll have that I'll be able to cont.Thanks,Michal.
Spyder2k Posted February 22, 2005 Posted February 22, 2005 I'd say the easiest way to do it is to parse and retrive info from 'cacls.exe'see http://west-wind.com/weblog/posts/1040.aspx
taitt2 Posted February 26, 2005 Posted February 26, 2005 I generally use something like the following subroutine:Imports ActiveDs...'sub get_ntfs_acl(ByVal path As String)' Dim sdutil As New ADsSecurityUtility Dim sd As SecurityDescriptor = sdutil.GetSecurityDescriptor(path, ADS_PATHTYPE_ENUM.ADS_PATH_FILE, ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID) Dim acl As AccessControlList = sd.DiscretionaryAcl For Each ace As AccessControlEntry In acl console.writeline(ace.Trustee) console.writeline(ace.Flags) console.writeline(ace.AccessMask) console.writeline(ace.AceFlags) console.writeline(ace.AceType) console.writeline(ace.InheritedObjectType) console.writeline(ace.ObjectType) console.writeline() Next aceEnd sub you have to use the ADSI interop, but it's a lot easer than the alternitives.you will have to translate the AccessMask rights. I usually set it manualy, then look at what the value translates into. I know this isn't a lot of detail. but if you search MSDN for security descriptors, you can get some more info. It's the same technique to read Active Directory Dacls, but you need a different way to creat the security descriptor object.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now