C# WMI文件夹添加ACL类型不匹配
我正在尝试编写一个小应用程序来更新文件夹权限。我编写了以下代码来删除C# WMI文件夹添加ACL类型不匹配,c#,.net-core,wmi,acl,C#,.net Core,Wmi,Acl,我正在尝试编写一个小应用程序来更新文件夹权限。我编写了以下代码来删除oldGroup并添加newGroup 调用InvokeMethod时,我捕获到异常HRESULT 0x80041005-类型不匹配。不是很有帮助!如果我注释掉newAces.Add(newAce)已成功删除旧组,因此问题在于我的新ACE(newAce)或受托人(受托人)。我已经尝试了几种实例化受信者的方法,如下所述 public void Function() { CimInstance QueryIn
oldGroup
并添加newGroup
调用InvokeMethod
时,我捕获到异常HRESULT 0x80041005-类型不匹配
。不是很有帮助!如果我注释掉newAces.Add(newAce)
已成功删除旧组,因此问题在于我的新ACE(newAce
)或受托人(受托人
)。我已经尝试了几种实例化受信者的方法,如下所述
public void Function()
{
CimInstance QueryInstance(CimSession session, string cimNamespace, string query)
{
IEnumerable<CimInstance> queryInstances = session.QueryInstances(cimNamespace, "WQL", query);
return queryInstances.FirstOrDefault();
}
string computerName = "localhost";
string namespaceName = @"root\cimv2";
string oldGroup = "Everyone";
string newGroup = "Not Everyone";
DComSessionOptions sessionOptions = new DComSessionOptions
{
Timeout = new TimeSpan(0, 2, 0)
};
CimSession cimSession = CimSession.Create(computerName, sessionOptions);
CimInstance trustee = new CimInstance(cimSession.GetClass(namespaceName, "Win32_Trustee"));
//CimInstance trustee = new CimInstance("Win32_Trustee");
trustee.CimInstanceProperties.Single(p => p.Name == "Name").Value = newGroup;
//trustee.CimInstanceProperties.Add(CimProperty.Create("Name", newGroup, CimType.String, CimFlags.Key));
trustee.CimInstanceProperties.Single(p => p.Name == "Domain").Value = "GLOBAL";
//trustee.CimInstanceProperties.Add(CimProperty.Create("Domain", "GLOBAL", CimType.String, CimFlags.Key));
CimInstance newAce = new CimInstance("Win32_ACE");
newAce.CimInstanceProperties.Add(CimProperty.Create("AccessMask", 1179817, CimFlags.Key));
newAce.CimInstanceProperties.Add(CimProperty.Create("AceFlags", 3, CimFlags.Key));
newAce.CimInstanceProperties.Add(CimProperty.Create("AceType", 0, CimFlags.Key));
newAce.CimInstanceProperties.Add(CimProperty.Create("Trustee", trustee, CimFlags.Key));
CimInstance logicalFileSecSetting = QueryInstance(cimSession, namespaceName, @"select * from Win32_LogicalFileSecuritySetting where Path='C:\\dev\\temp\\wmi'");
CimMethodResult methodResult;
methodResult = cimSession.InvokeMethod(namespaceName, logicalFileSecSetting, "GetSecurityDescriptor", new CimMethodParametersCollection());
CimInstance descriptor = (CimInstance)methodResult.OutParameters.SingleOrDefault(p => p.Name == "Descriptor").Value;
IEnumerable<CimInstance> aces = (IEnumerable<CimInstance>)descriptor.CimInstanceProperties.SingleOrDefault(p => p.Name == "DACL").Value;
List<CimInstance> newAces = aces.Where(ace =>
{
CimInstance aceTrustee = (CimInstance)ace.CimInstanceProperties.Single(p => p.Name == "Trustee").Value;
string aceTrusteeName = (string)aceTrustee.CimInstanceProperties.Single(p => p.Name == "Name").Value;
return aceTrusteeName != oldGroup;
}).ToList();
newAces.Add(newAce);
descriptor.CimInstanceProperties.SingleOrDefault(p => p.Name == "DACL").Value = newAces.ToArray();
CimInstance cimDirectory = QueryInstance(cimSession, namespaceName, @"SELECT * FROM Win32_Directory WHERE Name='C:\\dev\\temp\\wmi'");
CimMethodParametersCollection methodParameters = new CimMethodParametersCollection
{
CimMethodParameter.Create("SecurityDescriptor", descriptor, CimType.Instance, CimFlags.In),
CimMethodParameter.Create("Option", 4, CimType.UInt32, CimFlags.In)
};
methodResult = cimSession.InvokeMethod(namespaceName, cimDirectory, "ChangeSecurityPermissions", methodParameters);
}
public void函数()
{
CimInstance QueryInstance(CimSession会话、字符串cimNamespace、字符串查询)
{
IEnumerable queryInstances=session.queryInstances(cimNamespace,“WQL”,query);
返回queryInstances.FirstOrDefault();
}
字符串computerName=“localhost”;
字符串namespaceName=@“root\cimv2”;
string oldGroup=“所有人”;
string newGroup=“不是所有人”;
DComSessionOptions sessionOptions=新DComSessionOptions
{
超时=新的时间跨度(0,2,0)
};
CimSession CimSession=CimSession.Create(计算机名,会话选项);
CimInstance受托方=新的CimInstance(cimSession.GetClass(namespaceName,“Win32_受托方”);
//CimInstance受托方=新的CimInstance(“Win32_受托方”);
trustee.CimInstanceProperties.Single(p=>p.Name==“Name”).Value=newGroup;
//Add(CimProperty.Create(“Name”、newGroup、CimType.String、CimFlags.Key));
trustee.CimInstanceProperties.Single(p=>p.Name==“Domain”).Value=“全局”;
//Add(CimProperty.Create(“Domain”、“GLOBAL”、CimType.String、CimFlags.Key));
CimInstance newAce=新CimInstance(“Win32_ACE”);
添加(CimProperty.Create(“AccessMask”,1179817,CimFlags.Key));
添加(CimProperty.Create(“AceFlags”,3,CimFlags.Key));
添加(CimProperty.Create(“AceType”,0,CimFlags.Key));
添加(CimProperty.Create(“受托人”,受托人,CimFlags.Key));
CimInstance LogicalFileSecuritySetting=QueryInstance(cimSession,namespaceName,@“从Win32中选择*”\u LogicalFileSecuritySetting,其中Path='C:\\dev\\temp\\wmi');
CimMethodResult;
methodResult=cimSession.InvokeMethod(名称空间名称,LogicalFileSecSettings,“GetSecurityDescriptor”,新的CimMethodParametersCollection());
CimInstance描述符=(CimInstance)methodResult.OutpParameters.SingleOrDefault(p=>p.Name==“描述符”).Value;
IEnumerable aces=(IEnumerable)descriptor.CimInstanceProperties.SingleOrDefault(p=>p.Name==“DACL”).Value;
列出newAces=aces.Where(ace=>
{
CimInstance AceTruste=(CimInstance)ace.CimInstanceProperties.Single(p=>p.Name==“受托人”).Value;
字符串aceTrusteName=(字符串)aceTrusteName.CimInstanceProperties.Single(p=>p.Name==“Name”).Value;
返回aceTrusteName!=oldGroup;
}).ToList();
添加(newAce);
descriptor.CimInstanceProperties.SingleOrDefault(p=>p.Name==“DACL”).Value=newAces.ToArray();
CimInstance cimDirectory=QueryInstance(cimSession,namespaceName,@“从Win32_目录中选择*,其中Name='C:\\dev\\temp\\wmi');
CimMethodParametersCollection methodParameters=新的CimMethodParametersCollection
{
创建(“SecurityDescriptor”,描述符,CimType.Instance,CimFlags.In),
CimMethodParameter.Create(“选项”,4,CimType.UInt32,CimFlags.In)
};
methodResult=cimSession.InvokeMethod(名称空间名称,cimDirectory,“ChangeSecurityPermissions”,methodParameters);
}
有谁能更熟悉Microsoft管理基础架构来帮助我吗?提前谢谢。我今天早上就知道了。一旦我将
SID
和相关属性添加到Win32\u受信者
CimInstance
对象,我的新组ACE将根据需要添加到文件夹中。当我查询新组详细信息时,会从Active Directory中检索SID
字符串
public void Function()
{
CimInstance QueryInstance(CimSession session, string cimNamespace, string query)
{
IEnumerable<CimInstance> queryInstances = session.QueryInstances(cimNamespace, "WQL", query);
return queryInstances.FirstOrDefault();
}
byte[] BuildObjectSid(string sid)
{
SecurityIdentifier securityIdentifier = new SecurityIdentifier(sid);
byte[] bytes = new byte[securityIdentifier.BinaryLength];
securityIdentifier.GetBinaryForm(bytes, 0);
return bytes;
}
string computerName = "localhost";
string namespaceName = @"root\cimv2";
string oldGroup = "Everyone";
string newGroup = "Not Everyone";
string newGroupSidString = "S-1-5-21";
byte[] newGroupSid = BuildObjectSid(newGroupSidString);
DComSessionOptions sessionOptions = new DComSessionOptions
{
Timeout = new TimeSpan(0, 2, 0)
};
CimSession cimSession = CimSession.Create(computerName, sessionOptions);
CimInstance trustee = new CimInstance(cimSession.GetClass(namespaceName, "Win32_Trustee"));
trustee.CimInstanceProperties["Domain"].Value = "GLOBAL";
trustee.CimInstanceProperties["Name"].Value = newGroup;
trustee.CimInstanceProperties["SIDString"].Value = newGroupSidString;
trustee.CimInstanceProperties["SID"].Value = newGroupSid;
trustee.CimInstanceProperties["SidLength"].Value = newGroupSid.Length;
CimInstance newAce = new CimInstance(cimSession.GetClass(namespaceName, "Win32_ACE"));
newAce.CimInstanceProperties["AccessMask"].Value = 1179817;
newAce.CimInstanceProperties["AceFlags"].Value = 3;
newAce.CimInstanceProperties["AceType"].Value = 0;
newAce.CimInstanceProperties["Trustee"].Value = trustee;
string lfsQuery = @"select * from Win32_LogicalFileSecuritySetting where Path='C:\\dev\\temp\\wmi'";
CimInstance logicalFileSecSetting = QueryInstance(cimSession, namespaceName, lfsQuery);
CimClass cimClass = cimSession.GetClass(namespaceName, "Win32_LogicalFileSecuritySetting");
CimMethodResult methodResult;
methodResult = cimSession.InvokeMethod(namespaceName, logicalFileSecSetting, "GetSecurityDescriptor", new CimMethodParametersCollection());
CimInstance descriptor = (CimInstance)methodResult.OutParameters["Descriptor"].Value;
CimInstance[] aces = (CimInstance[])descriptor.CimInstanceProperties["DACL"].Value;
for (int i = 0; i < aces.Length; i++)
{
CimInstance aceTrustee = (CimInstance)aces[i].CimInstanceProperties["Trustee"].Value;
string aceTrusteeName = (string)aceTrustee.CimInstanceProperties["Name"].Value;
if (aceTrusteeName == oldGroup)
{
aces[i] = newAce;
}
}
descriptor.CimInstanceProperties["DACL"].Value = aces;
CimInstance cimDirectory = QueryInstance(cimSession, namespaceName, @"SELECT * FROM Cim_Directory WHERE Name='C:\\dev\\temp\\wmi'");
CimMethodParametersCollection methodParameters = new CimMethodParametersCollection
{
CimMethodParameter.Create("SecurityDescriptor", descriptor, CimType.Instance, CimFlags.In),
CimMethodParameter.Create("Option", 4, CimType.UInt32, CimFlags.In)
};
methodResult = cimSession.InvokeMethod(namespaceName, cimDirectory, "ChangeSecurityPermissions", methodParameters);
}
public void函数()
{
CimInstance QueryInstance(CimSession会话、字符串cimNamespace、字符串查询)
{
IEnumerable queryInstances=session.queryInstances(cimNamespace,“WQL”,query);
返回queryInstances.FirstOrDefault();
}
字节[]BuildObjectSid(字符串sid)
{
SecurityIdentifier SecurityIdentifier=新的SecurityIdentifier(sid);
byte[]bytes=新字节[securityIdentifier.BinaryLength];
GetBinaryForm(字节,0);
返回字节;
}
字符串computerName=“localhost”;
字符串namespaceName=@“root\cimv2”;
string oldGroup=“所有人”;
string newGroup=“不是所有人”;
string newGroupSidString=“S-1-5-21”;
字节[]newGroupSid=BuildObjectSid(newGroupSidString);
DComSessionOptions sessionOptions=新DComSessionOptions
{
超时=新的时间跨度(0,2,0)
};
CimSession CimSession=CimSession.Create(计算机名,会话选项);
CimInstance受托方=新的CimInstance(cimSession.GetClass(namespaceName,“Win32_受托方”);
受托人.CimInstanceProperties[“域”].Value=“全局”;
受托人.CimInstanceProperties[“名称”]。值=新组;
Trusteer.CimInstanceProperties[“SIDString”]。值=newGroupSidString;
Trusteer.CimInstanceProperties[“SID”]。值=newGroupSid;
Trusteer.CimInstanceProperties[“SidLength”]。值=newGroupSid.Length;
CimInstance newAce=新的CimInstance(cimSession.GetClass(名称空间名,“Win32_ACE”);
newAce.CimInstanceProperties[“AccessMask”]。值=1179817;
newAce.CimInstanceProperties[“AceFlags”]。值=3;