我使用以下代码来检查DACL中是否存在certin用户:
Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())
For Each mObject As ManagementBaseObject In l_managemantObject
l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
End If
If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
Return True
End If
Next
如您所见,我可以获取用户名和域名。但是,如何检查用户是否具有FullControl权限?
修改
我已经进行了更深入的调查,发现使用GetAccessMask,我可以检索代表其返回实例的用户或组所持有的共享的访问权限。
所以最后发现的是:
如何获取特定用户AccessMask?
答案 0 :(得分:0)
总是在我的鼻子底下,在managementObject上使用GetPropertyValue("AccessMask")获取权限级别。
完整方法:
Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())
For Each mObject As ManagementBaseObject In l_managemantObject
l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
End If
Dim l_accessMask as UInteger = mObject.GetPropertyValue("AccessMask")
If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
if l_accessMask = 2032127 then
Return True
endif
End If
Next