Problems with setting folder security permissions using WMI!!!

Problems with setting folder security permissions using WMI!!!

Post by Martin Emanuelsso » Fri, 12 Jul 2002 02:22:24

Hi all!

I have tried implementing the code below to set permissions on a folder but
can't get it to work perfectly. Think it has something to do with rights to
the folder before executing the code or something like that.

If I create a folder named testfolder under C: (C:\testfolder) with Full
Control to the group Everyone, the code works quite ok, it takes away
Everyone from the "permissionlist" but doesn't create it again.

And if I have the same folder but only give Everyone permission to Read &
Execute, List Folder Contents and Read the code doesn't do anything,
Everyone stays with the same permissions as before.

Do you guys know if I have to set some sort of permission on the folder (or
"parent-folder") before the application starts or do I have to use some
special kind of .NET-application (I'm using a Console Application at the

I'm running the app on my Windows2000 Pro machine but have also tried it on
a Windows2000 Server.

The code looks like this:


Sub main()


End Sub

Public Sub AddFileAccessControlEntry(ByVal path As String)

Dim objFile As New ManagementObject(New
ManagementPath("Win32_LogicalFileSecuritySetting='" + _

path.Replace("\", "\\") + "'"))

Dim options As New InvokeMethodOptions(Nothing, New TimeSpan(0, 0, 0, 5))

Dim outparams As ManagementBaseObject =
objFile.InvokeMethod("GetSecurityDescriptor", Nothing, options)

Dim securityDescriptor As ManagementBaseObject = outparams("Descriptor")

Console.WriteLine("Got SD...")

Dim dacl As ManagementBaseObject() = securityDescriptor("DACL")

Dim oldACE As ManagementBaseObject

Dim trustee As ManagementBaseObject

Console.WriteLine("Print old DACL")

For Each oldACE In dacl

trustee = CType(oldACE("Trustee"), ManagementBaseObject)

Console.WriteLine(trustee("Name").ToString() & " " &
oldACE("AccessMask").ToString() & " " & oldACE("AceType").ToString())



'Create Trustee

Dim win32Trustee As New ManagementClass("Win32_Trustee")

Dim newTrustee As ManagementObject = win32Trustee.CreateInstance

newTrustee("Name") = "Everyone"

newTrustee("SID") = New Byte() {1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0}

'Create ACE

Dim win32Ace As New ManagementClass("Win32_ACE")

Dim newACE As ManagementObject = win32Ace.CreateInstance

newACE("Trustee") = newTrustee

newACE("AceType") = 0

newACE("AccessMask") = 2032127

'set new dacl

Dim newAces() As ManagementBaseObject = New ManagementBaseObject() {newACE}

securityDescriptor("DACL") = newAces

'call method, set sd

Dim args1() As Object = {securityDescriptor}

Dim retval As UInt32 = objFile.InvokeMethod("SetSecurityDescriptor", args1)

Console.WriteLine("SetSecurityDescriptor ReturnStatus = " &


End Sub


Hope you can help me

Best regards

Martin Emanuelsson

Gothenburg, Sweden


Problems with setting folder security permissions using WMI!!!

Post by Max L. Vaug » Fri, 12 Jul 2002 04:51:21

This newsgroup is for discussing ADSI related issues.  Please post your question in the WMI newsgroup:

Max Vaughn [MS]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.


1. Setting folder permissions using WMI instead of cacls.exe?

Hi all!

I'm looking for a way to set folder security and permissions and really
could use some  help. I've tried using cacls.exe but I can't get it to work
when I try setting permissions on a folder on another server than the server
where my app is running.

So if anyone could give me a hint of how WMI works when it comes to setting
security on folders I would really appreciate it.

Best regards
Martin Emanuelsson

2. Win 2000 Backup Question

3. Setting NTFS folder permission using WMI

4. About membership functions...

5. how to set the security permission of a physical directory by using ADSI?

6. MMS and iPaq 3870

7. Setting Permissions on Dashboards Folder via Web Folders

8. Runaway Processors

9. Set permissions to a reg key using SetSecurityDescriptor(VB) returns Permission denied.

10. Use ADSI to read/set IIS file permission & folder settings

11. Set NTFS permission with WMI

12. Set file permission with WMI

13. SBS Console can't set up folder permissions