That is the right thing to do. The problem looks like it may be one of two things (or both): 1) You have only one ACE specified for HELPDESK. Notice everyone else has two ACEs. This is so that you have one ACE for objects and another for containers. Check out http://www.roth.net/perl/perms/ for more info. 2) The FULL permission may be different on your platform. For example if you are running XP it is possible that Microsoft has changed what FULL means from what it meant on NT 4 or Win2k. I don't think that this is the case, however it has happened before.
dave -----Original Message----- From: Rick Coloccia [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 7:55 AM To: Timothy Johnson; [EMAIL PROTECTED] Subject: RE: Problem with Win32 Perms... That will be my next attempt if I can't get the script below to work. Thanks for the suggestion. -Rick At 07:44 AM 3/25/2002, Timothy Johnson wrote: > >I know this doesn't really answer your question, but why don't you just >dump the Administrator ACL and use it for your user? > >-----Original Message----- >From: Rick Coloccia >To: [EMAIL PROTECTED] >Sent: 3/25/02 7:43 AM >Subject: Problem with Win32 Perms... > >Everyone, > >I have 275 print queues that I need to manipulate. I need to give a >user full control over the queue. > >Wanting to script this in some way, I've come up with this: > > > >use Win32::Perms; > ># Create a new Security Descriptor and auto import permissions from the >queue $Dir = new Win32::Perms( 'printer://hera/testperm' ) || die; > ># Add an ACE >$Dir->Add('helpdesk',FULL); > ># Set the permissions (no need to specify the path since the object was >created with it) $Dir->Set(); > ># If you are curious about the contents of the SD ># dump the contents to STDOUT > >$Dir->Dump; > > >This gets me half way there, when I check the permissions on the >printer, the user, helpdesk, now has print and manage printers, but not >the manage documents permission. > >Does anyone know what I may need to do to get that permission as well? > > >Here's something I've observed: > >Users which do have manage documents have 2 entries in the ACL, while >the code I ran gives helpdesk only 1 entry: > >Descretionary ACL: >Index Account Mask Type >Flag >----- ---------------------------------------- ---------- ---------- >---------- > 0 BUILTIN\Administrators 0x000f000c Allow >0x00000000 > 1 BUILTIN\Administrators 0x000f0010 Allow >0x00000009 > 2 CREATOR OWNER 0x00020000 Allow >0x0000000a > 3 CREATOR OWNER 0x000f0010 Allow >0x00000009 > 4 Everyone 0x00020008 Allow >0x00000000 > 5 0x000f000c Allow >0x00000000 > 6 0x000f0010 Allow >0x00000009 > 7 0x000f000c Allow >0x00000000 > 8 0x000f0010 Allow >0x00000009 > 9 GENESEO\helpdesk 0x000f000c Allow >0x00000002 > > > >I guess I'm asking how to grant the mask 0x00f0010 to the documents, as >well as the 0x00f00c to the printer, which I can grant with the mask >"FULL." > >Thanks, everyone! > >-Rick > > > > >------------- >Rick Coloccia >Network Analyst >SUNY Geneseo >124B2 South Hall >Geneseo, NY 14454 >Voice: (585) 245-5577 >Fax: (585) 245-5579 > > > >----------------------------------------------------------------------- >--------- >This email may contain confidential and privileged >material for the sole use of the intended recipient. >If you are not the intended recipient, please contact >the sender and delete all copies. ------------- Rick Coloccia Network Analyst SUNY Geneseo 124B2 South Hall Geneseo, NY 14454 Voice: (585) 245-5577 Fax: (585) 245-5579 _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
