1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
| Sub Lancement()
With Application.FileDialog(msoFileDialogFolderPicker)
.Show
If .SelectedItems.Count > 0 Then
Sheets("Lancement").Range("B2") = .SelectedItems(1)
Chang_droits
End If
End With
End Sub
Sub Chang_droits()
flder = Sheets("Lancement").Range("B2")
Sheets("Changement de Droits").Select
idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row
idx1 = Sheets("Changement de Droits").Range("D1048576").End(xlUp).Row
If idx > 1 Then
If idx > idx1 Or idx = idx1 Then Rows("2:" & idx).Delete Shift:=xlUp
If idx1 > idx Then Rows("2:" & idx1).Delete Shift:=xlUp
End If
'Application.ScreenUpdating = False
TousLesDossiers Sheets("Lancement").Range("B2"), 0
ActiveWorkbook.Save
Message = MsgBox("La modification des droits est terminée", vbInformation)
'Application.ScreenUpdating = True
End Sub
Public Sub TousLesDossiers(LeDossier$, idx As Long)
Set fso = CreateObject("Scripting.FileSystemObject")
Set Dossier = fso.GetFolder(LeDossier)
' changement dans le répertoire parent
idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row
If idx = 1 Then
idx = idx + 1
StrComputer = "."
StrDomain = "MAIL"
StrUtype = "u"
If Sheets("Lancement").Range("B3") <> "" Then
Err = 0
StrFilePath = Dossier
Sheets("Changement de Droits").Cells(idx, 1).Value = StrFilePath
StrUsername = Sheets("Lancement").Range("B3")
StrMode = "d"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement").Range("B4") <> "" Then
StrFilePath = Dossier
If idx >= 2 Then idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row + 1
Err = 0
Sheets("Changement de Droits").Cells(idx, 1).Value = StrFilePath
StrUsername = Sheets("Lancement").Range("B4")
StrMode = "d"
idx1 = idx - 1
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
If idx >= 2 Then idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row + 1
If idx = idx1 + 2 Then
Err = 0
StrFilePath = Dossier
StrAccessLvl = ""
StrUsername = Sheets("Lancement").Range("B5")
StrMode = "a"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
End If
If Sheets("Lancement").Range("B6") <> "" Then
If idx >= 2 Then idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row + 1
Err = 0
StrFilePath = Dossier
StrUsername = Sheets("Lancement").Range("B6")
StrMode = "a"
If Sheets("Lancement").Range("C6") <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement").Range("D6") <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement").Range("E6") <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement").Range("F6") <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement").Range("B7") <> "" Then
Err = 0
StrFilePath = Dossier
StrUsername = Sheets("Lancement").Range("B7")
StrMode = "m"
If Sheets("Lancement").Range("C7") <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement").Range("D7") <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement").Range("E7") <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement").Range("F7") <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
End If
For Each flder In Dossier.subfolders
If idx > 1 Then
idx = Sheets("Changement de Droits").Range("D1048576").End(xlUp).Row
Else
idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row
End If
If idx = 1 Then StrFilePath = Dossier
idx = idx + 1
StrComputer = "."
StrDomain = "MAIL"
StrUtype = "u"
If Sheets("Lancement").Range("B3") <> "" Then
Err = 0
Sheets("Changement de Droits").Cells(idx, 1).Value = flder.path
StrUsername = Sheets("Lancement").Range("B3")
StrFilePath = flder.path
StrMode = "d"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement").Range("B4") <> "" Then
Err = 0
If idx >= 2 Then idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row + 1
Sheets("Changement de Droits").Cells(idx, 1).Value = flder.path
StrUsername = Sheets("Lancement").Range("B4")
StrFilePath = flder.path
StrMode = "d"
idx1 = idx - 1
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
If idx >= 2 Then idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row + 1
If idx = idx1 + 2 Then
Err = 0
StrAccessLvl = ""
StrUsername = Sheets("Lancement").Range("B5")
StrFilePath = flder.path
StrMode = "a"
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
End If
If Sheets("Lancement").Range("B6") <> "" Then
If idx >= 2 Then idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row + 1
Err = 0
StrUsername = Sheets("Lancement").Range("B6")
StrFilePath = flder.path
StrMode = "a"
If Sheets("Lancement").Range("C6") <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement").Range("D6") <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement").Range("E6") <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement").Range("F6") <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
If Sheets("Lancement").Range("B7") <> "" Then
Err = 0
StrUsername = Sheets("Lancement").Range("B7")
StrFilePath = flder.path
StrMode = "m"
If Sheets("Lancement").Range("C7") <> "" Then
StrAccessLvl = "a"
ElseIf Sheets("Lancement").Range("D7") <> "" Then
StrAccessLvl = "r"
ElseIf Sheets("Lancement").Range("E7") <> "" Then
StrAccessLvl = "w"
ElseIf Sheets("Lancement").Range("F7") <> "" Then
StrAccessLvl = "f"
End If
GetFolderInfo StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx
End If
Next
'traitement récursif des sous dossiers
For Each SousRep In Dossier.subfolders
TousLesDossiers SousRep.path, idx
Next SousRep
Set fso = Nothing
End Sub
Function GetFolderInfo(StrComputer, StrFilePath, StrUsername, StrDomain, StrAccessLvl, StrUtype, StrMode, idx)
Dim dacl, Services, SecDescClass, SecDesc, intRetVal
Dim wmiFileSecSetting, wmiFileSetting, wmiSecurityDescriptor
Dim strMsg, objACE
Set Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & StrComputer & "\ROOT\CIMV2")
Set SecDescClass = Services.get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_
On Error GoTo suite
Set wmiFileSetting = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & StrComputer & "/root/CIMV2:Win32_Directory='" & StrFilePath & "'")
Set wmiFileSecSetting = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & StrComputer & "\ROOT\CIMV2:Win32_LogicalFileSecuritySetting.path='" & StrFilePath & "'")
'you can have problems here if you have no descriptor ie only everyone listed.
intRetVal = wmiFileSecSetting.getsecuritydescriptor(wmiSecurityDescriptor)
' Obtain existing security descriptor for folder
If Err <> 0 Then
Message = MsgBox("GetSecurityDescriptor failed" & vbCrLf & Err.Number & vbCrLf & Err.Description, vbOKOnly)
End If
' Retrieve the content of Win32_SecurityDescriptor DACL property.
dacl = wmiSecurityDescriptor.dacl
trouve = ""
If StrMode = "d" Or StrMode = "m" Then
For Each objACE In dacl
If UCase(objACE.trustee.name) = UCase(StrUsername) Then
If Sheets("Changement de Droits").Cells(idx, 1) = "" Then Sheets("Changement de Droits").Cells(idx, 1) = StrFilePath
Sheets("Changement de Droits").Cells(idx, 2) = UCase(StrUsername)
Sheets("Changement de Droits").Cells(idx, 3) = objACE.accessmask
Sheets("Changement de Droits").Cells(idx, 4) = objACE.AceFlags
Sheets("Changement de Droits").Cells(idx, 5) = objACE.AceType
trouve = "X"
idx = idx + 1
Exit For
End If
Next
End If
If (trouve = "X" And (StrMode = "d" Or StrMode = "m")) Or (trouve = "" And StrMode = "a") Then
If StrMode = "d" Then 'delete user
SecDesc.Properties_.Item("DACL") = DeleteUserAce(dacl, StrUsername, StrDomain, StrUtype, StrComputer, Services)
Sheets("Changement de Droits").Cells(idx - 1, 6) = ("deleting " & StrUsername & " to the dacl for " & Replace(StrFilePath, "\\", "\") & "." & vbCrLf & "Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4))
idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row
Sheets("Changement de Droits").Cells(idx, 7) = "GROUPE SUPPRIME DU REPERTOIRE"
Else
If StrMode = "a" Then 'add user
AddUserAce dacl, StrUsername, StrDomain, StrUtype, StrComputer, StrAccessLvl, Services
SecDesc.Properties_.Item("DACL") = dacl
Sheets("Changement de Droits").Cells(idx, 1) = StrFilePath
Sheets("Changement de Droits").Cells(idx, 6) = ("adding " & StrUsername & " to the dacl for " & Replace(StrFilePath, "\\", "\") & "." & vbCrLf & "Result of change: " & wmiFileSetting.changesecuritypermissions(SecDesc, 4))
idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row
Sheets("Changement de Droits").Cells(idx, 7) = "GROUPE AJOUTE AU REPERTOIRE"
StrAccessLvl = ""
Else 'Must mean modify access 8), note this one only returns string, not Ace Array.
ModifyUserAce wmiSecurityDescriptor.dacl, StrUsername, StrAccessLvl
'only need this to modify an entry
intRetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
GetResultMessageFile intRetVal, Replace(StrFilePath, "\\", "\"), StrUsername
Sheets("Changement de Droits").Cells(idx, 7) = "DROITS DU GROUPE MODIFIE POUR CE REPERTOIRE"
End If
End If
Else
suite:
idx = Sheets("Changement de Droits").Range("B1048576").End(xlUp).Row + 1
compt = Sheets("Répertoires_en_erreur").Range("A1048576").End(xlUp).Row + 1
If Err.Number <> 0 Then
Sheets("Répertoires_en_erreur").Cells(compt, 1) = Sheets("Changement de Droits").Cells(idx, 1)
Sheets("Répertoires_en_erreur").Cells(compt, 2) = Err.Number
Sheets("Répertoires_en_erreur").Cells(compt, 3) = Err.Description
End If
Sheets("Changement de Droits").Cells(idx, 1).ClearContents
End If
Set objACE = Nothing
Set Services = Nothing
Set SecDescClass = Nothing
Set SecDesc = Nothing
Set wmiFileSecSetting = Nothing
Set wmiFileSetting = Nothing
End Function
Function DeleteUserAce(ByRef dacl, StrUsername, StrDomain, StrUtype, StrComputer, ByRef Services)
' Copy dacl to new ACE array Leaving out the one not.
Dim intArrAceMax, arrACE, i, objACE
intArrAceMax = UBound(dacl)
ReDim arrACE(intArrAceMax)
i = 0
For Each objACE In dacl
If UCase(objACE.trustee.name) <> UCase(StrUsername) Then
Set arrACE(i) = Services.get("Win32_Ace").SpawnInstance_
arrACE(i).Properties_.Item("AccessMask") = objACE.accessmask
arrACE(i).Properties_.Item("AceFlags") = objACE.AceFlags
arrACE(i).Properties_.Item("AceType") = objACE.AceType
arrACE(i).Properties_.Item("Trustee") = objACE.trustee
i = i + 1
End If
Next
If intArrAceMax > i - 1 Then
' Message = MsgBox("User/Group " & StrUsername & " removed.", vbOKOnly)
ReDim Preserve arrACE(intArrAceMax - 1)
Else
Message = MsgBox("User/Group " & StrUsername & " not found." & flder, vbOKOnly)
End If
DeleteUserAce = arrACE
For i = 0 To intArrAceMax - 1
Set arrACE(i) = Nothing
Next
Set objACE = Nothing
End Function
Function AddUserAce(ByRef dacl, StrUsername, StrDomain, StrUtype, StrComputer, StrAccessLvl, ByRef Services)
'Copy dacl to new ACE array then add specified user/group to ACE array and return it.
intArrAceMax = UBound(dacl) + 1
ReDim Preserve dacl(intArrAceMax)
idx = Sheets("Changement de Droits").Range("A1048576").End(xlUp).Row
Set dacl(intArrAceMax) = Services.get("Win32_Ace").SpawnInstance_
If Sheets("Lancement").Range("B5") <> "" And StrAccessLvl = "" Then
dacl(intArrAceMax).Properties_.Item("AccessMask") = Sheets("Changement de Droits").Cells(idx, 3).Value
dacl(intArrAceMax).Properties_.Item("AceFlags") = Sheets("Changement de Droits").Cells(idx, 4).Value
idx = idx + 1
Else
If StrAccessLvl = "a" Then
dacl(intArrAceMax).Properties_.Item("AccessMask") = 1179817
dacl(intArrAceMax).Properties_.Item("AceFlags") = 2
ElseIf StrAccessLvl = "r" Then
dacl(intArrAceMax).Properties_.Item("AccessMask") = 1179817
dacl(intArrAceMax).Properties_.Item("AceFlags") = 3
ElseIf StrAccessLvl = "w" Then
dacl(intArrAceMax).Properties_.Item("AccessMask") = 1245631
dacl(intArrAceMax).Properties_.Item("AceFlags") = 3
Else 'full access
dacl(intArrAceMax).Properties_.Item("AccessMask") = 2032127
dacl(intArrAceMax).Properties_.Item("AceFlags") = 3
End If
idx = idx + 1
End If
Sheets("Changement de Droits").Cells(idx, 2) = StrUsername
Sheets("Changement de Droits").Cells(idx, 3) = dacl(intArrAceMax).Properties_.Item("AccessMask")
Sheets("Changement de Droits").Cells(idx, 4) = dacl(intArrAceMax).Properties_.Item("AceFlags")
dacl(intArrAceMax).Properties_.Item("AceType") = 0
Sheets("Changement de Droits").Cells(idx, 5) = dacl(intArrAceMax).Properties_.Item("AceType")
dacl(intArrAceMax).Properties_.Item("Trustee") = GetObjTrustee(StrUsername, StrDomain, StrUtype, StrComputer)
Set objACE = Nothing
End Function
Function GetObjTrustee(StrUsername, StrDomain, StrUtype, StrComputer)
'Get and user/group object to copy user/group sid to new trustee instance to be returned
Dim objTrustee, account, accountSID
Set objTrustee = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & StrComputer & "/root/cimv2:Win32_Trustee").SpawnInstance_
'For some reason you can't seem to be able to connect remotely to get account.
If StrUtype = "g" Then
'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Group.Name='" & strUsername & "',Domain='" & strDomain &"'")
Set account = GetObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Group.Name='" & Chr(34) & StrUsername & Chr(34) & "',Domain='" & StrDomain & "'")
Else
'Set account = getObject("Winmgmts:{impersonationlevel=impersonate}!//" & strComputer & "/root/cimv2:Win32_Account.Name='" & strUsername & "',Domain='" & strDomain &"'")
Set account = GetObject("Winmgmts:{impersonationlevel=impersonate}!//./root/cimv2:Win32_Account.Name='" & StrUsername & "',Domain='" & StrDomain & "'")
End If
Set accountSID = GetObject("Winmgmts:{impersonationlevel=impersonate}!//" & StrComputer & "/root/cimv2:Win32_SID.SID='" & account.SID & "'")
objTrustee.Domain = StrDomain
objTrustee.name = StrUsername
objTrustee.Properties_.Item("SID") = accountSID.BinaryRepresentation
Set GetObjTrustee = objTrustee
Set accountSID = Nothing
Set account = Nothing
Set objTrustee = Nothing
End Function
Function ModifyUserAce(ByRef dacl, StrUsername, StrAccessLvl)
'Modify dacl ACE entry with new accessmask.
Dim strMsg, objACE
strMsg = "User/Group: " & StrUsername & " not found in dacl"
For Each objACE In dacl
If UCase(objACE.trustee.name) = UCase(StrUsername) Then
If StrAccessLvl = "a" Then
objACE.Properties_.Item("AccessMask") = 1179817
objACE.Properties_.Item("AceFlags") = 2
ElseIf StrAccessLvl = "r" Then
objACE.Properties_.Item("AccessMask") = 1179817
objACE.Properties_.Item("AceFlags") = 3
ElseIf StrAccessLvl = "w" Then
objACE.Properties_.Item("AccessMask") = 1245631
objACE.Properties_.Item("AceFlags") = 3
Else 'full access: didn't work in w2k - 131072 works in w2k - 2032127
objACE.Properties_.Item("AccessMask") = 2032127
objACE.Properties_.Item("AceFlags") = 3
End If
strMsg = "User: " & StrUsername & " found and modified to have " & StrAccessLvl
Exit For
End If
Next
Set objACE = Nothing
ModifyUserAce = strMsg
End Function
Function GetResultMessageFile(errReturn, strSharename, StrUsername)
If errReturn = 0 Then
GetResultMessageFile = "File permissions for " & strSharename & " successfully updated!"
Else
Select Case errReturn
Case 2
errDesc = "Access denied."
Case 8
errDesc = "Unknown failure."
Case 9
errDesc = "Privledge Missing."
Case 10
errDesc = "Invalid level."
Case 21
errDesc = "Invalid parameter."
Case 23
errDesc = "Redirected path."
Case 24
errDesc = "Directory does not exist."
Case 25
errDesc = "Net name not found."
End Select
GetResultMessageFile = "Failed to update File permissions for " & strSharename & ". Error number: " & errReturn & ". " & errDesc
End If
End Function |
Problèmes de modification de droits NTFS
Répondre avec citation
Partager