.net 如何检查用户是否对共享文件夹具有完全控制权限?

5lhxktic  于 2022-12-24  发布在  .NET
关注(0)|答案(1)|浏览(112)

我使用以下代码来检查DACL中是否存在certin用户:

Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())

For Each mObject As ManagementBaseObject In l_managemantObject
    l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
    If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
       l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
    End If

    If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
       Return True                
    End If
Next

如您所见,我可以获得用户名和域,但如何检查用户是否具有FullControl权限?

    • 编辑:**

我做了进一步的调查,发现使用GetAccessMask,我可以检索由用户或组所持有的共享的访问权限,该示例是代表这些用户或组返回的。
所以剩下要弄清楚的是:* * 如何获取特定用户AccessMask?**
AccessMask on MSDN

mrzz3bfm

mrzz3bfm1#

它一直在我的鼻子底下,在managementObject上使用GetPropertyValue("AccessMask")获得权限级别。

完整方法:

Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())

    For Each mObject As ManagementBaseObject In l_managemantObject
        l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
        If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
           l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
        End If

        Dim l_accessMask as UInteger = mObject.GetPropertyValue("AccessMask")

        If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
           if l_accessMask = 2032127 then
              Return True  
           endif                             
        End If
    Next

相关问题