PERMS

Tue, 02 Sep 2003 02:08:01 +0000 

I am working with one of ROTH's scripts that reads a binary registry
key, reads into PERMS and allows you to change the ACE in the key, then
write it back, however, it doesn't work.  Perhaps I am not using it
correctly.

Anyone use this?


------------------------------------------------------------------------
------------------------------------------------------------------------
-----------------------------------
use Win32::Perms;
use Win32::Registry;  

$root = HKEY_LOCAL_MACHINE;
$path = "SYSTEM\\CurrentControlSet\\Control\\Terminal
Server\\Winstations\\RDP-tcp";
$keyName = "Security";

my $PermsObj = new Win32::Perms() || die "Cannot create Permissions
object";
my $Key;
my $Domain = Win32::NodeName();

$Domain .= "\\" unless( "" eq $Domain );

if( $HKEY_LOCAL_MACHINE->Open( $path, $Key ) )
{
  my( $Flag, $Type, $Value, $Sd );
  
  undef $Value;
  if( ( $Key->QueryValueEx( $keyName, $Type, $Sd ) ) && ( REG_BINARY ==
$Type ) )
  {
    my @List;
    # Import the SD's ACEs...
    $PermsObj->Import( $Sd );
    $PermsObj->Remove( "BUILTIN\Users" );
    $PermsObj->Remove( "BUILTIN\Everyone" );
    $Sd = $PermsObj->GetSD( SD_RELATIVE );
    if( ! $Key->SetValueEx( $keyName, 0, REG_BINARY, $Sd ) )
    {
      print "Failed to set the new security descriptor.";
      print "Error: ", Win32::FormatMessage( Win32::GetLastError() ),
"\n";
      exit;
    }
    # Clean out the permission list...
    $PermsObj->Remove( -1 );
    if( ( $Key->QueryValueEx( $keyName, $Type, $Sd ) )
         && ( REG_BINARY == $Type ) )
    {
      # Import the SD again...
      $PermsObj->Import( $Sd );
      if( $PermsObj->Get( [EMAIL PROTECTED] ) )
      {
        print "The following are allowed to access this machine using
RDP:\n";
        foreach my $Ace ( @List )
        {
          my $Domain = "$Ace->{Domain}\\" if( "" ne $Ace->{Domain} );
          print "\t", $Domain, $Ace->{Account}, "\n";
        }
      }
      else
      {
        print "No one is allowed to access this maching using DCOM.\n";
      }
    }
  }
  else
  {
    print "Unable to access the DCOM security descriptor.\n";
    print "Run DCOMCNFG.EXE to make sure that there are ";
    print "some default security settings.\n";
  }
  $Key->Close();
}
$PermsObj->Close();

_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Reply via email to