January 2006
Beginner
832 pages
27h 52m
English
All of the seven ACE properties are set using property methods of the same names as those in an ADSI interface called IADsAccessControlEntry. The ACEs
that are created using this are then modified using IADsAccessControlList and IADsSecurityDescriptor.
Let's go through an example now so you can see how it all fits together. Example 26-1 shows a section of VBScript code that creates an ACE that allows ANewGroup full access to the myOU organizational unit and all its children.
Example 26-1. A simple ADSI example
'************************************************************************** 'Declare constants '************************************************************************** Const FULL_CONTROL = -1 Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = 2 '************************************************************************** 'Declare variables '************************************************************************** Dim objObject 'Any object Dim objSecDesc 'SecurityDescriptor Dim objDACL 'AccessControlList Dim objNewACE 'AccessControlEntry '************************************************************************** 'Create the new ACE and populate it '************************************************************************** Set objNewACE = CreateObject("AccessControlEntry") objNewACE.Trustee = "AMER\ANewGroup" objNewACE.AccessMask = FULL_CONTROL objNewACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED objNewACE.AceFlags = ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT ...