Hey Scripting Guy,
All i need to achieve is to enable all failed audit permission for everyone user on some folders. As i need to go through different folders and servers, i need an automated solution. I'm searching on net for past 2 days to get there, but no hope. Please
dont waste your energy on solutions with powershell code / xcacls / icacls tools. I need a pure VBScript solution with WMI.
So far i have reached this point, where the script is running fine without any errors,but i couldn't see the audit settings is enabled on the folder. After lot of errors and search, i have included the "Security" privilege in the WMI queries which seems like working now without errors, but no results on the folder.
Recently came across another thread which states i have to use "<tt>ACCESS_SYSTEM_SECURITY"</tt> access right to write SACL. but not sure how to use that.
any one please shed some light on the error i'm doing here? or guide me to right way of doing this? sample script code would help me a lot.
Set wmiFileSecSetting = GetObject ("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_LogicalFileSecuritySetting.path='c:\temp\test'")
RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
set oACE=GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_ACE")
set oTrustee=GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_Trustee")
domain = CreateObject("WScript.Network").UserDomain
'Set Trustee Attributes
oTrustee.Name="Everyone"
oTrustee.Domain = domain
Set account = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_Account.Name='everyone',Domain='" & domain &"'")
oTrustee.Properties_.Item("SID") = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_SID.SID='" & account.SID & "'").BinaryRepresentation
' Set ACE Attributes
oAce.Trustee=oTrustee
oACE.AccessMask=983551
oACE.AceType=2
oACE.AceFlags=128
'Add ACE to Security Descriptor
if isarray(wmiSecurityDescriptor.SACL) then
wmiSecurityDescriptor.SACL(UBound(wmiSecurityDescriptor.SACL)+1)=oAce
else
wmiSecurityDescriptor.SACL = Array(oAce)
end if
RetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
Wscript.Echo "ReturnValue is: " & RetValVijay Murugappa ================ If you wouldn't be forgotten as soon as you are dead, either do something worth writing, or write something worth reading.