NTAccess.Permissions Readme

NTAccess.Permissions: An ASP Component for NTFS file & directory permission management
Version : 1.33
Release Date : 2 May 1999
Copyright (c) 1998-1999 by Simon Fell. All rights reserved.
Contact:
email : Simon Fell
WWW : Zaks Solutions Web Site

If you have any problems using this component please report it.

Description
This component allows file & directory permissions to be viewed, or altered from an ASP script or similar environment (such as Windows Scripting host, VB or VC++ )

Installation Instructions
To use this ASP component move the DLL into a sub directory (like \winnt\system32\inetsrv\asp\Cmpnts or \winnt\system32) and run (from the directory copied to)

regsvr32 ntap.dll
If you are replacing an earlier version, remember to shutdown & restart IIS to reload the new version. (run "net stop iisadmin /y" followed by "net start w3svc" from a command prompt).

License Agreement
NTAccess.Permissions is copyright (C) 1998-1999 by Simon Z. Fell

You must have a licence to use NTAccess.Permissions, or be evaluating the trial version.
You may NOT redistribute the package through BBS, Internet, FTP sites or by any other means without written permission from the Author.
You are prohibited from:
charging a fee or requesting donations for the package;
modifying the package.

All trademarks/registered names acknowledged.

NTAccess.permissions is provided as is, without warranty of any kind.
The author shall not be liable for damages of any kind. Use of this software indicates you agree to this.

How To Use
The following sample files are provided in the download.
  1. Perms.asp + check.gif - An ASP Script to display / modify file & directory permissions.
  2. filetest.vbs - A Windows Scripting Host file to test file permissions.
  3. dirtest.vbs - A Windows Scripting Host file to test directory permissions.
  4. sharetest.vbs - A Windows Scripting Host file to test file share permissions.
  5. mansave.vbs - A Windows Scripting Host file to demonstration manual saving and permissions copying.
  6. owner.vbs - A Windows Scripting Host file to demonstration the new ownership functions.

Object Properties / Methods
Objects
  • NTAccess.Permissions, main object is created using CreateObject("NTAccess.Permissions")
    • File ( FileName, Manual Save ), returns a Permissions Object for the specified file or directory.
    • Share ( ShareName, Manual Save ), returns a Permissions Object for the specified network share. ( in UNC format, e.g \\Server\Share )
    • AccountServer Set this to the UNC Name of the server you wish account lookups to be performed on. By default this is the local machine (e.g. ntp.AccountServer = "\\PDC" )

  • Permissions Object ( A Collection of permission objects for a single securable object )
    • Count, returns the number of permission items.
    • Delete (TrusteeName, RightType), delete the required permission type for the specified trustee (user or group).
    • Add (TrusteeName, RightsMask, RightType), add / update a trustee's permissions.
    • Save, Writes the ACL to the file (see note).
    • Saveas (Path), Allows you to save a permission list to an arbitary file or directory.
    • EffectiveRights (TrusteeName), returns a permission object for the specified trustee's effective rights.
    • Item (TrusteeName, RightType), Return a permission object for the specified trustee.
    • Enumerator(), A standard enumerator is supported so that for each perm in permissions can be used.
    • Owner, returns the username of the file or directory owner (in the Domain\User format).
    • TakeOwnership, Attempts to take ownership of the file or directory. This requires either ownership permissions in the ACL or administrator privileges.

  • Permission Object ( Represents a single trustee's permissions on a single securable object )
    • Trustee, returns the trustee's name in the DOMAIN\USER or DOMAIN\GROUP format. If the SID (Security ID) can not be mapped to a username, then the text "Unknown Account" is returned. If the account has been deleted, then the text "Deleted Account" is returned. Both of these descriptions can be changed by changing the following two registry keys
      HKEY_LOCAL_MACHINE\Software\Zaks Solutions\NTAccess.Permissions\AccountDeleted
      HKEY_LOCAL_MACHINE\Software\Zaks Solutions\NTAccess.Permissions\AccountUnknown
    • RightsType, a long indicating the rights type ( either file or directory )
    • AccessRights, a long indicating the combined rights
    • Read, a boolean indicating that read access is available.
    • Write, a boolean indicating that write access is available.
    • Execute, a boolean indicating the execute access is available.
    • Delete, a boolean indicating that the trustee can delete the file.
    • permissions, a boolean indicating that the trustee has rights to change the permissions.
    • Ownership, a boolean indication that the trustee has rights to change the ownership of the file.
    • RemoveEntry(), this removes this entry from the ACL. This allows entries which can not be mapped to names to be removed (The delete method on the Permissions Object needs to be able to map the specified account name to a SID).

  • This indicates that this function is the default for the Object (i.e. can be called without specifying the function name)
    ManualSave defaults to false (i.e. the ACL is saved back to the file on every change, can be set to true so that the script can control when the ACL is saved (using the save or saveAs functions )
    RightType parameters are optional and default to 1 - File Access Rights
    See the included samples for more details.

For Optimal Use
To get the best performance out of the object, especially if you are adding and/or removing multiple ACE's, you sould do the following
  • Use the manual save option, this stops the ACL being written back to the file/directory/share every time the ACL is changed
  • Add all No Access ACE's first
  • Delete any ACE's that you want to remove
  • Add any new ACE's.
  • Call the Save Function to save the new ACL
Example 
Set ntp = CreateObject("NTAccess.Permissions")

' use the manualsave option
set acl = ntp.File("d:\temp\demo", true )

' add No Access entries first
acl.Add "Users" , ntpNoAccess, ntpFileRights
acl.Add "Users" , ntpNoAccess, ntpDirRights

' now delete any ACE's we want to remove
acl.Delete "Everyone", ntpFileRights
acl.Delete "Everyone", ntpDirRights

' now add any other new ACE's
acl.Add "Administrators", ntpFull, ntpFileRights
acl.Add "Administrators", ntpFull, ntpDirRights

' finally remember to call save
acl.save
Last Updated : Sunday, May 02, 1999
(C) 1997/1998 Simon Fell, All rights reserved