使用WMI列出Windows中某个目录的用户权限

原创

biyusr216 2025-01-19 23:36:19 ©著作权

文章标签 windows Domain System Access 文章分类 JavaScript 前端开发

©著作权归作者所有：来自51CTO博客作者biyusr216的原创作品，请联系作者获取转载授权，否则将追究法律责任

using System; 
 using System.Management;
 using System.Collections;
class Tester 
 {
public static void Main() 
 {
 try 
 {
 ManagementPath path = new ManagementPath( );
 path.Server = ".";
 path.NamespacePath = @"root\cimv2";
 path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path=''c:\\test''"; // using tmp as folder name
ManagementObject lfs = new ManagementObject(path);
 // Dump all trustees (this includes owner)
 foreach (ManagementBaseObject b in lfs.GetRelated())
 Console.WriteLine("Trustee: {0} \t SID [{1}]", b["AccountName"], b["SID"]);
 // Get the security descriptor for this object
 ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor", null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0)
 {
 ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
 ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
 DumpACEs(DaclObject);
 ManagementBaseObject OwnerObject = ((ManagementBaseObject)(Descriptor.Properties["Owner"].Value));
 DumpOwnERProperties(OwnerObject.Properties); // Show owner properies
 }
 }
 catch(Exception e) 
 {
 Console.WriteLine(e);
 Console.ReadLine();
 }
 }
static void DumpACEs(ManagementBaseObject[] DaclObject)
 {
 // ACE masks see: winnt.h
 string[] filedesc = {"FILE_READ_DATA", "FILE_WRITE_DATA", "FILE_APPEND_DATA", "FILE_READ_EA",
 "FILE_WRITE_EA", "FILE_EXECUTE", "FILE_DELETE_CHILD", "FILE_READ_ATTRIBUTES",
 "FILE_WRITE_ATTRIBUTES", " ", " ", " ",
 " ", " ", " ", " ",
 "DELETE ", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER",
 "SYNCHRONIZE ", " ", " "," ",
 "Access_SYSTEM_SECURITY", "MAXIMUM_ALLOWED", " "," ",
 "GENERIC_ALL", "GENERIC_EXECUTE", "GENERIC_WRITE","GENERIC_READ"};
foreach(ManagementBaseObject mbo in DaclObject)
 {
 Console.WriteLine("-------------------------------------------------");
 Console.WriteLine("mask: {0:X} - aceflags: {1} - acetype: {2}", mbo["AccessMask"], mbo["AceFlags"], mbo["AceType"]);
 // Access allowed/denied ACE
 if(mbo["AceType"].ToString() == "1")
 Console.WriteLine("DENIED ACE TYPE");
 else
 Console.WriteLine("ALLOWED ACE TYPE");
 // Dump trustees
 ManagementBaseObject Trustee = ((ManagementBaseObject)(mbo["Trustee"]));
 Console.WriteLine("Name: {0} - Domain: {1} - SID {2}\n",
 Trustee.Properties["Name"].Value,
 Trustee.Properties["Domain"].Value,
 Trustee.Properties["SIDString"].Value);
 // Dump ACE mask in readable form
 UInt32 mask = (UInt32)mbo["AccessMask"];
 int[] m = {(int)mask};
 BitArray ba = new BitArray(m);
 int i = 0;
 IEnumerator baEnum = ba.GetEnumerator();
 while ( baEnum.MoveNext() )
 {
 if((bool)baEnum.Current)
 Console.WriteLine( "\t[{0}]", filedesc[i]);
 i++;
 }
 }
 }
static void DumpOwnerProperties(PropertyDataCollection Owner)
 {
 Console.WriteLine("=============== Owner Properties ========================");
 Console.WriteLine();
 Console.WriteLine("Domain {0} \tName {1}",Owner["Domain"].Value, Owner["Name"].Value);
 Console.WriteLine("SID \t{0}",Owner["SidString"].Value);
 Console.ReadLine();
 }
 }