我有一个遗留的VB6 COM应用程序,我最近不得不从Windows 2008 R2迁移到Windows 2012 R2环境。除了剥离在远程计算机上创建的某些(机密)文件夹的继承权限的部分之外,该应用程序运行良好。相同的代码(如下)在Windows 2008上按预期工作,但在Windows 2012上(使用相同的AD服务帐户),只会删除在相关文件夹上显式创建的权限。有谁知道发生了什么变化或者我做错了什么?我注意到activeds.dll(C:\ Windows \ SysWOW64)的版本已从6.1.7601.17514增加到6.3.9600.17415。
Public Sub RemoveInheritedPermissions(ByVal sNTFSPath As String)
Dim sec As New ADsSecurityUtility
Dim sd As SecurityDescriptor
Dim ace As New AccessControlEntry
Dim dacl As Object
Set sd = sec.GetSecurityDescriptor(sNTFSPath, ADS_PATH_FILE, ADS_SD_FORMAT_IID)
Set dacl = sd.DiscretionaryAcl
For Each ace In dacl
dacl.RemoveAce ace
Next
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sNTFSPath, ADS_PATH_FILE, sd, ADS_SD_FORMAT_IID
Set sec = Nothing
Set sd = Nothing
Set dacl = Nothing
Set ace = Nothing
End Sub
提前致谢。