XProfan

now on Linux is everything Yes to that Happiness over bashscripz practicable - there isses everything net so tricky - but somehow safer.

interestingly would z.B. as an on one Client-ongoing-software as user on the Server register can (vorrausgesetzt Username+Password present!) circa Files according to Rechtevergebung on the Server To treat.

salvo.

Moin IF...

itself somewhere as another User anzumelden (and be it only with a individual Process), might really no trouble his (see API Library). unfortunately have I no privates networking and can therefore moreover nothing develop - at the very most mitdenken. The Domain (Computername) must incidentally too yet famous his. the Change the Security Descriptors is then but none More necessary - and straight the would like I Yes. i want Files and Registry-Keys only for defined User and groups enable or whom proprietor on (a evtl. modified) Loginnamen adjust.

many Installer failure with Usern with eingeschränkten Rechten, because these with the installation one Program not The Zugriffsrechte for Files the installierten Program adjust.
installs one Admin for a User with eingeschränkten Rechten one Program, functions this then evtl. not correctly., because Files not red or written go can - a problem, on the hardly one Programmer think.

The Access to whom Security Descriptor shining too under windows not so tricky To his - is integral rather documents as The Aktivierung of Privilegien and the LSA - and both is already in Profan umgesetzt.

nevertheless shining it hardly or quite no Source in anybody Programming-Language over the Change of Security Descriptors To give - the disturbing me something and the I will Change...

´

You want means a set|getFileOwner create - circa to one fopen one getFileOwner==actualOwner abprüfen to?

would be very interestingly...

salvo.

Hello IF...

Yes, very. Only the I with this task really not plenty To do have - the undertaking the Betriebssystem for me, presupposed there's a NTFS Formatted Patition (with XP really already almost standard).

in the Registry functions the on The same point. too here can Keys against Fremdzugriff protected go. with some Systemkeys under HKEY_LOCAL_MACHINE is it standardmäßig so, that really only Admins hereon grab can.

As I said - would the for Files resolved, could to the for all others reaches the Betriebsystems too utilize. Since I here only bedinngt over NTFS Partitionen verfüge, bräuchte I evtl. one To two people, The something enger with me cooperate and 2000 or XP with NTFS having. Oberflächliche Kenntnisse, How these Betriebssysteme functions, ought to one already bring along.

The Delphianer having something ähnliches attempts - is there apparently well kläglich into pants gone. i think time, we catch the geregelt.

you know still - ifs what To testing gives...

salvo.

Hello, Andreas!

be gladly too thereby. XP - 2000 - NT, in networking.
Tät me too interested!

Ciao, Christian

XProfan 8/9.1, Win XP, AMD 64/3200

Hello your both...

fine - once I again fully with empty internet-PC can, GEHTS very here go. the can yet up to 14 Meet last, therefore something patience.

I have to, like with the LSA-API and the enable of Privilegien, here very deeply into marrow each windows NT-basieten Betriebssystems To glances.

If thereby something vernünftiges herauskommt, becomes the Result not only for Files count, separate on any reaches one NT-based Systems zutreffen, The with ACCESS_MASK ? Happen? works - The Registry among other things, circa only an example of many To name.

i am pleased already on The cooperation with you and hope, that your me something on The Sprünge help can, ifs by me crux should...

04/13/05 ▲

Hello your both (and the remainder likewise)...

OK, now catch we time integrally slow and simply on:

first fetch I me whom Security Descriptor - means yet nothing besonderes.

which Rückmeldungen Gibts - what shows The Ausgabebox on - is something unschlüssig?
Compile Mark Separation

Windowstyle 31
Windowtitle "File Security"
Window 0,0-640,440
DEF @GetFileSecurity(5) !"ADVAPI32","GetFileSecurityA"
DEF @GetLastError(0) !"KERNEL32","GetLastError"
DEF @LookupPrivilegeName(4)!"advapi32","LookupPrivilegeNameA" Ermittelt aus dem Luid eines Privilegs dessen Namen.
DEF @LookupPrivilegeValue(3) !"advapi32","LookupPrivilegeValueA" Ermittelt aus dem Namen eines Privilegs dessen Luid.
DEF @OpenProcessToken(3) !"advapi32","OpenProcessToken" Öffnet Einstellprozess.
DEF @AdjustTokenPrivileges(6) !"advapi32","AdjustTokenPrivileges" Stellt Privilegien ein.
DEF @GetCurrentProcess(0) !"kernel32","GetCurrentProcess" Ermittel das Handle des aktiven Prozesses.
DEF @CloseHandle(1) !"kernel32","CloseHandle" Schließt ein Handle (Programm).
Def @GetVolumeInformation(8) !"KERNEL32","GetVolumeInformationA"
Declare Filename$,Fehler&,SECURITY_INFORMATION#,PSECURITY_DESCRIPTOR#,Needed#
Declare NewState#,token#,Privileg#,Luid#,System$
Declare Laufwerk$,Label#,LFLAGS#,DAT#
LET Filename$=@LOADFILE$("Datei laden","Alle Dateien |*.*|Textdateien|*.TXT")

IF Filename$<>""

    CLEARLIST
    LET LAUFWERK$=@LEFT$(Filename$,3)
    DIM Label#,256
    DIM LFLAGS#,4
    DIM DAT#,256
    ADDSTRING "Gewählte Datei="+Filename$
    ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
    LET FEHLER&=@GetVolumeInformation(@ADDR(Laufwerk$),Label#,256,0,0,LFlags#,DAT#,256)
    ADDSTRING "Rückgabe von GetVolumeInformation="+@STR$(Fehler&)
    ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
    ADDSTRING "Laufwerksflags="+@BIN$(@LONG(LFLAGS#,0))

    IF @LONG(LFLAGS#,0) | $8 = @LONG(LFLAGS#,0)

        ADDSTRING "Zugriff ist einschränkbar"

    else

        ADDSTRING "Zugriff ist nicht einschränkbar"

    endif

    ADDSTRING "Ausgelesene Partition="+@String$(Dat#,0)
    dim token#,4
    DIM NewState#,16
    DIM Luid#,8
    DIM Privileg#,33
    ADDSTRING "Windowsversion="+$WINVER
    Long NewState#,0=1 Nur ein Privileg soll geändert werden
    Long NewState#,12=$00000002 Das Privileg soll eingeschaltet werden
    LET FEHLER&=@OpenProcessToken(@GetCurrentProcess(),$0020 | $0008,Token#)
    ADDSTRING "Rückgabe von OpenProcessToken="+@STR$(Fehler&)
    ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
    STRING Privileg#,0="SeSecurityPrivilege"
    LET Fehler&=@LookupPrivilegeValue(System$,Privileg#,LUID#)
    ADDSTRING "Rückgabe von LookupPrivilegeValue="+@STR$(Fehler&)
    ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
    Byte NewState#,4=@Byte(Luid#,0)
    Byte NewState#,5=@Byte(Luid#,1)
    Byte NewState#,6=@Byte(Luid#,2)
    Byte NewState#,7=@Byte(Luid#,3)
    Byte NewState#,8=@Byte(Luid#,4)
    Byte NewState#,9=@Byte(Luid#,5)
    Byte NewState#,10=@Byte(Luid#,6)
    Byte NewState#,11=@Byte(Luid#,7)
    Let Fehler&=@AdjustTokenPrivileges(@LONG(Token#,0),0,NewState#,0,0,0)
    ADDSTRING "Rückgabe von AdjustTokenPrivileges="+@STR$(Fehler&)
    ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
    DIM SECURITY_INFORMATION#,4
    DIM PSECURITY_DESCRIPTOR#,1024
    DIM Needed#,4
    LONG SECURITY_INFORMATION#,0=$1 | $2 | $4
    LET Fehler&=@GetFileSecurity(@ADDR(Filename$),SECURITY_INFORMATION#,PSECURITY_DESCRIPTOR#,1024,Needed#)
    ADDSTRING "Rückgabe von GetFileSecurity="+@STR$(Fehler&)
    ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
    @CloseHandle(@LONG(Token#,0))
    Dispose Luid#
    Dispose Privileg#
    Dispose NewState#
    Dispose token#
    Dispose Needed#
    Dispose PSECURITY_DESCRIPTOR#
    Dispose SECURITY_INFORMATION#
    Dispose Label#
    Dispose LFlags#
    DISPOSE DAT#
    @Listbox$("API Rückgaben",1)

Endif

While 0=0

    Waitinput

Wend

ask To irgendwelchen things? gives it irgendo 997 Fehlermeldungen? can itself the someone explain???

04/23/05 ▲

Rolf
Koch

Hi AH
Have simply time ne *.txt File chosen.

by me comes to LookupPrivilegeValue=1
the worth 997.
explain can I this but not, I none Schimmer of it have

Rolf

04/23/05 ▲

Hey Rolf...

shining but nevertheless To functions => feedback is Yes 1. How siehts with the others Rückmeldungen from?

target the box = i will with the installation one Program determine can, which User in which Nature and point Access to The installierten Files having.
usually becomes the grabbed of übergeordneter place vererbt. the can with eingeschränkten Rechten To integrally vastly Problemen lead...

04/23/05 ▲