J'ai réalisé un petit script qui permet de lister les droits des dossier situés szur un serveur mais le problème est qu'il ne fait pas la différence entre lecture et parcours.
J'utilise WMI avec la classe Win32_LogicalFileSecuritySetting.
Puis-je utiliser cette classe pour avoir cette information ou une autre pour différencier?
D'avance merci
PS: je place ici la fonction d'extraction de droit que j'ai fait.
------------------------------------------------------------------------------------------
Function recupDroits(strFolderName)
Set objWMIService = GetObject("winmgmts:")
Set objFolderSecuritySettings = _
objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName & "'")
intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
intControlFlags = objSD.ControlFlags
dts = ""
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
'creation d'un tableau pour retirer les doublons
taille = 0
Dim lst()
Dim user()
For Each objACE in arrACEs
If Not objACE.Trustee.Domain = "AUTORITE NT" And Not objACE.Trustee.Domain = "NT AUTHORITY" And Not objACE.Trustee.Domain = "BUILTIN" Then taille = taille + 1
Next
ReDim lst(taille-1,2)
nbUser = 0
ReDim user(2,nbUser)
i = 0
For Each objACE in arrACEs
If Not objACE.Trustee.Domain = "AUTORITE NT" And Not objACE.Trustee.Domain = "BUILTIN" Then
total = 0
tmp = ""
'MsgBox "gf" & objACE.GuidObjectType
usr = objACE.Trustee.Domain & "\" & objACE.Trustee.Name
If objACE.AccessMask AND FILE_ALL_ACCESS Then
total = total + 1
tmp = tmp & "1"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
total = total + 1
tmp = tmp & "2"
End If
If objACE.AccessMask AND FILE_DELETE Then
total = total + 1
tmp = tmp & "3"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
total = total + 1
tmp = tmp & "4"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
total = total + 1
tmp = tmp & "5"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
total = total + 1
tmp = tmp & "6"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
total = total + 1
tmp = tmp & "7"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
total = total + 1
tmp = tmp & "8"
End If
If objACE.AccessMask AND FILE_READ_EA Then
total = total + 1
tmp = tmp & "9"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
total = total + 1
tmp = tmp & "a"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
total = total + 1
tmp = tmp & "b"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
total = total + 1
tmp = tmp & "c"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
total = total + 1
tmp = tmp & "d"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
total = total + 1
tmp = tmp & "e"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
total = total + 1
tmp = tmp & "f"
End If
If total = 15 Then
tmp = "F"
ElseIf tmp = "156789a" Then
tmp = "T"
ElseIf tmp = "16789a" Then
tmp = "R"
ElseIf tmp = "12356789abde" Then
tmp = "C"
Else
tmp = "S(" & tmp & ")"
End if
verif = False
For indice = 0 To nbUser-1
If usr = user(0,indice) Then
If user(1,indice) < total Then
k = user(2,indice)
lst(k,0) = usr
lst(k,1) = tmp
lst(k,2) = total
user(0,indice) = usr
user(1,indice) = total
user(2,indice) = i
ReDim Preserve user(2,nbUser)
End If
verif = True
End If
Next
If Not verif Then
lst(i,0) = usr
lst(i,1) = tmp
lst(i,2) = total
user(0,indice) = usr
user(1,indice) = total
user(2,indice) = i
nbUser = nbUser + 1
ReDim Preserve user(2,nbUser)
i = i + 1
End If
End If
Next
Else
dts = dts & "No DACL present in security descriptor"
End If
'elimination des doublons
retour = ""
For k = 0 To UBound(lst)
retour = retour & lst(k,0) & "*" & lst(k,1) & "|"
Next
' End if
recupDroits = retour
End Function
-----------------------------------------------------------------------------------------
