使用WMI列出Windows中某个目录的用户权限(C#)
日期:2013-04-01 浏览次数:20435 次
using System;
using System.Management;
using System.Collections;
class Tester
{
public static void Main()
{
try
{
ManagementPath path = new ManagementPath( );
path.Server = ".";
path.NamespacePath = @"root\cimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='c:\\test'"; // using tmp as folder name
ManagementObject lfs = new ManagementObject(path);
// Dump all trustees (this includes owner)
foreach (ManagementBaseObject b in lfs.GetRelated())
Console.WriteLine("Trustee: {0} \t SID [{1}]", b["AccountName"], b["SID"]);
// Get the security descriptor for this object
ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor", null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0)
{
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
DumpACEs(DaclObject);
ManagementBaseObject OwnerObject = ((ManagementBaseObject)(Descriptor.Properties["Owner"].Value));
DumpOwnerProperties(OwnerObject.Properties); // Show owner properies
}
}
catch(Exception e)
{
Console.WriteLine(e);
Console.ReadLine();
}
}
static void DumpACEs(ManagementBaseObject[] DaclObject)
{
// ACE masks see: winnt.h
string[] filedesc = {"FILE_READ_DATA", "FILE_WRITE_DATA", "FILE_APPEND_DATA", "FILE_READ_EA",
"FILE_WRITE_EA", "FILE_EXECUTE", "FILE_DELETE_CHILD", "FILE_READ_ATTRIBUTES",
"FILE_WRITE_ATTRIBUTES", " ", " ", " ",
" ", " ", " ", " ",
"DELETE ", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER",
"SYNCHRONIZE ", " ", " "," ",
"ACCESS_SYSTEM_SECURITY", "MAXIMUM_ALLOWED", " "," ",
"GENERIC_ALL", "GENERIC_EXECUTE", "GENERIC_WRITE","GENERIC_READ"};
foreach(ManagementBaseObject mbo in DaclObject)
{
Console.WriteLine("-------------------------------------------------");
Console.WriteLine("mask: {0:X} - aceflags: {1} - acetype: {2}", mbo["AccessMask"], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(mbo["AceType"].ToString() == "1")
Console.WriteLine("DENIED ACE TYPE");
else
Console.WriteLine("ALLOWED ACE TYPE");
using System.Management;
using System.Collections;
class Tester
{
public static void Main()
{
try
{
ManagementPath path = new ManagementPath( );
path.Server = ".";
path.NamespacePath = @"root\cimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='c:\\test'"; // using tmp as folder name
ManagementObject lfs = new ManagementObject(path);
// Dump all trustees (this includes owner)
foreach (ManagementBaseObject b in lfs.GetRelated())
Console.WriteLine("Trustee: {0} \t SID [{1}]", b["AccountName"], b["SID"]);
// Get the security descriptor for this object
ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor", null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0)
{
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
DumpACEs(DaclObject);
ManagementBaseObject OwnerObject = ((ManagementBaseObject)(Descriptor.Properties["Owner"].Value));
DumpOwnerProperties(OwnerObject.Properties); // Show owner properies
}
}
catch(Exception e)
{
Console.WriteLine(e);
Console.ReadLine();
}
}
static void DumpACEs(ManagementBaseObject[] DaclObject)
{
// ACE masks see: winnt.h
string[] filedesc = {"FILE_READ_DATA", "FILE_WRITE_DATA", "FILE_APPEND_DATA", "FILE_READ_EA",
"FILE_WRITE_EA", "FILE_EXECUTE", "FILE_DELETE_CHILD", "FILE_READ_ATTRIBUTES",
"FILE_WRITE_ATTRIBUTES", " ", " ", " ",
" ", " ", " ", " ",
"DELETE ", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER",
"SYNCHRONIZE ", " ", " "," ",
"ACCESS_SYSTEM_SECURITY", "MAXIMUM_ALLOWED", " "," ",
"GENERIC_ALL", "GENERIC_EXECUTE", "GENERIC_WRITE","GENERIC_READ"};
foreach(ManagementBaseObject mbo in DaclObject)
{
Console.WriteLine("-------------------------------------------------");
Console.WriteLine("mask: {0:X} - aceflags: {1} - acetype: {2}", mbo["AccessMask"], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(mbo["AceType"].ToString() == "1")
Console.WriteLine("DENIED ACE TYPE");
else
Console.WriteLine("ALLOWED ACE TYPE");
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
