WMI列出Windows中某个目录的用户权限

leonardleonard

浏览: 823824 次

最近访客更多访客>>

123456lllppp

yyxxh

qingzhi

1439946690

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

Windows Security Access C C++

using System;

using System.Management;

using System.Collections;

class Tester

{

public static void Main()

{

try

{

ManagementPath path = new ManagementPath( );

path.Server = ".";

path.NamespacePath = @"root\cimv2";

path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='c:\\test'"; // using tmp as folder name

ManagementObject lfs = new ManagementObject(path);

// Dump all trustees (this includes owner)

foreach (ManagementBaseObject b in lfs.GetRelated())

Console.WriteLine("Trustee: {0} \t SID [{1}]", b["AccountName"], b["SID"]);

// Get the security descriptor for this object

ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor", null, null);

if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0)

{

ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));

ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));

DumpACEs(DaclObject);

ManagementBaseObject OwnerObject = ((ManagementBaseObject)(Descriptor.Properties["Owner"].Value));

DumpOwnerProperties(OwnerObject.Properties); // Show owner properies

}

}

catch(Exception e)

{

Console.WriteLine(e);

Console.ReadLine();

}

}

static void DumpACEs(ManagementBaseObject[] DaclObject)

{

// ACE masks see: winnt.h

string[] filedesc = {"FILE_READ_DATA", "FILE_WRITE_DATA", "FILE_APPEND_DATA", "FILE_READ_EA",

"FILE_WRITE_EA", "FILE_EXECUTE", "FILE_DELETE_CHILD", "FILE_READ_ATTRIBUTES",

"FILE_WRITE_ATTRIBUTES", " ", " ", " ",

" ", " ", " ", " ",

"DELETE ", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER",

"SYNCHRONIZE ", " ", " "," ",

"ACCESS_SYSTEM_SECURITY", "MAXIMUM_ALLOWED", " "," ",

"GENERIC_ALL", "GENERIC_EXECUTE", "GENERIC_WRITE","GENERIC_READ"};

foreach(ManagementBaseObject mbo in DaclObject)

{

Console.WriteLine("-------------------------------------------------");

Console.WriteLine("mask: {0:X} - aceflags: {1} - acetype: {2}", mbo["AccessMask"], mbo["AceFlags"], mbo["AceType"]);

// Access allowed/denied ACE

if(mbo["AceType"].ToString() == "1")

Console.WriteLine("DENIED ACE TYPE");

else

Console.WriteLine("ALLOWED ACE TYPE");

// Dump trustees

ManagementBaseObject Trustee = ((ManagementBaseObject)(mbo["Trustee"]));

Console.WriteLine("Name: {0} - Domain: {1} - SID {2}\n",

Trustee.Properties["Name"].Value,

Trustee.Properties["Domain"].Value,

Trustee.Properties["SIDString"].Value);

// Dump ACE mask in readable form

UInt32 mask = (UInt32)mbo["AccessMask"];

int[] m = {(int)mask};

BitArray ba = new BitArray(m);

int i = 0;

IEnumerator baEnum = ba.GetEnumerator();

while ( baEnum.MoveNext() )

{

if((bool)baEnum.Current)

Console.WriteLine( "\t[{0}]", filedesc[i]);

i++;

}

}

}

static void DumpOwnerProperties(PropertyDataCollection Owner)

{

Console.WriteLine("=============== Owner Properties ========================");

Console.WriteLine();

Console.WriteLine("Domain {0} \tName {1}",Owner["Domain"].Value, Owner["Name"].Value);

Console.WriteLine("SID \t{0}",Owner["SidString"].Value);

Console.ReadLine();

}

}

//

分享到：