使用ASP更改 NTFS 分区中 文件夹的 读写等权限

'====================================================================
'SetPerms.vbs
'====================================================================
'Variable   Declarations
Dim   sec
Dim   sd
Dim   Dacl
Dim   ace
Dim   ace1
Dim   ace2
Dim   oSid
Dim   sidHex

'Option   Explicit

'Flags:   Specifies   Inheritance
const   ADS_ACEFLAG_INHERIT_ACE   =   &h2
const   ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE   =   &h4
const   ADS_ACEFLAG_INHERIT_ONLY_ACE   =   &h8
const   ADS_ACEFLAG_INHERITED_ACE   =   &h10
const   ADS_ACEFLAG_VALID_INHERIT_FLAGS   =   &h1f
const   ADS_ACEFLAG_SUCCESSFUL_ACCESS   =   &h40
const   ADS_ACEFLAG_FAILED_ACCESS   =   &h80

'Permission   Type:   Allow   or   Deny
const   ADS_ACETYPE_ACCESS_ALLOWED   =   &h0
const   ADS_ACETYPE_ACCESS_DENIED   =   &h1

'Permissions:   Read,   Write,   FullControl
const   ADS_RIGHT_GENERIC_READ   =   &h80000000
const   ADS_RIGHT_GENERIC_WRITE   =   &h40000000
const   ADS_RIGHT_GENERIC_EXECUTE   =   &h20000000
const   ADS_RIGHT_GENERIC_ALL   =   &h10000000

const   ADS_SID_RAW   =   0
const   ADS_SID_HEXSTRING =   1
const   ADS_SID_SAM   =   2
const   ADS_SID_UPN   =   3
const   ADS_SID_SDDL   =   4
const   ADS_SID_WINNT_PATH   =   5
const   ADS_SID_ACTIVE_DIRECTORY_PATH =   6
const   ADS_SID_SID_BINDING   =   7
const   fldname   =   "C:/test2 "   ' <----Change   this   to   the   top   folder   name
const   usrname   =   "Domain/User "   ' <---Change   this   to   the   user   you   want   to   add   permissions   for

Dim   fso,   fldr,   fc,   f1 ',   fldname,   usrname

'   Get   instance   of   FileSystemObject.
Set   fso   =   CreateObject( "Scripting.FileSystemObject ")
Call   ApplyPerms   (fldname)
Set   fldr   =   fso.GetFolder(fldname)

Recurse   fldr   ',usrname

Set   fldr   =   Nothing
Set   fso   =   Nothing
wscript.echo   "done "
Wscript.Quit


Public   Sub   Recurse(   ByRef   fldr) ',   ByRef   usrname   )
dim   subfolders,files,folder,file
Set   subfolders   =   fldr.SubFolders
Set   files   =   fldr.Files

      'Display   the   path   and   all   of   the   folders.
      Wscript.Echo   " "
      Wscript.Echo   fldr.Path

      For   Each   folder   in   subfolders
            Wscript.Echo   folder.Name

    Call   ApplyPerms   (folder.path) ',   usrname)
      Next

      'Display   all   of   the   files.
For   Each   file   in   files
    wscript.echo   file.name

        Call   ApplyPerms   (file.path) ',   usrname)
Next

      'Recurse   all   of   the   subfolders.
For   Each   folder   in   subfolders
            Recurse   folder ',   usrname
Next

Set   subfolders   =   Nothing
      Set   files   =   Nothing

End   Sub

Sub   ApplyPerms(ByRef   path) '   ,   Byref   usrname)

Set   sec   =   CreateObject( "AdsSecurity ")
Set   sd   =   sec.GetSecurityDescriptor( "FILE:// "   &   path)
Set   Dacl   =   sd.DiscretionaryAcl

Set   oSid   =   CreateObject( "AdsSid ")
oSid.SetAs   ADS_SID_SAM,   Cstr(usrname)
sidHex   =   oSid.GetAs(ADS_SID_SDDL)
Wscript.Echo   sidHex

'----Add   a   new   ACE   so   User   has   Full   Control   on   Files.
Set   ace1   =   CreateObject   ( "AccessControlEntry ")
ace1.Trustee   =   sidHex
ace1.AccessMask   =   ADS_RIGHT_GENERIC_ALL
ace1.AceType   =   ADS_ACETYPE_ACCESS_ALLOWED
ace1.AceFlags   =   ADS_ACEFLAG_INHERIT_ACE   Or   ADS_ACEFLAG_INHERIT_ONLY_ACE   Or   1
dacl.AddAce   ace1

'----Add   a   new   ACE   so   User   has   Full   Control   on   Folders.
Set   ace2   =   CreateObject   ( "AccessControlEntry ")
ace2.Trustee   =   sidHex
ace2.AccessMask   =   ADS_RIGHT_GENERIC_ALL
ace2.AceType   =   ADS_ACETYPE_ACCESS_ALLOWED
ace2.AceFlags   =   ADS_ACEFLAG_INHERIT_ACE   Or   1
dacl.AddAce   ace2


sd.DiscretionaryAcl   =   dacl
sec.SetSecurityDescriptor   sd

End   Sub