如何在Windows中获得服务器打印机的DACL?
[英]How does one get the DACL of a server's printer in Windows?
问题描述
上下文:Windows7 64bit,ActiveDirectory,Windows Server 2003
我正在尝试使Microsoft在其Win32_Printer类(Windows)的页面的GetSecurityDescriptor方法上给出的代码起作用。 我有点好奇知道winmgmts的双重实例化是如何实现的,即(从他们的代码中)
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Set objWMIService = GetObject("winmgmts:")
我本以为第二个实例会破坏第一个实例。 不管我在strComputer中输入什么服务器名称,我仍然可以获得计算机上打印机的列表,这一事实似乎可以证明这一点。
任何人都可以使用VBScript获得连接服务器的打印机的DACL的喜悦吗?
1 个解决方案
解决方案1
0 已采纳 2012-05-02 11:41:35
您是对的,该脚本有多个错误,这是一个有效的版本
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE = &h1
strComputer = "xxxxxxxxxx"
strUser = "xxxxxxxxxxxx"
strPassword = "xxxxxxx"
strDomain = "xxx"
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, _
"root\cimv2", _
strUser, _
strPassword, _
"MS_409", _
"ntlmdomain:" + strDomain)
Set colInstalledPrinters = objSWbemServices.ExecQuery ("Select * from Win32_Printer")
On error resume next
For Each objPrinter in colInstalledPrinters
Wscript.Echo "Name: " & objPrinter.Name
Return = objPrinter.GetSecurityDescriptor( objSD )
If ( return = 2 ) Then
WScript.Echo "Could not get security descriptor: " & Return
Elseif ( return = 8 ) Then
WScript.Echo "Unknown failure: " & Return
Elseif ( return = 9 ) Then
WScript.Echo "The user does not have adequate privileges to execute the method: " & Return
Elseif ( return = 21) Then
WScript.Echo "A parameter specified in the method call is not valid: " & Return
Elseif ( return = 0 ) Then
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "User has access to printer"
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "User does not have access to the printer"
End If
Next
Else
WScript.Echo "No DACL found in security descriptor"
end if
Else
WScript.Echo "Could not get security descriptor: " & Return
End If
Next
= >>在我的域中,这给每个用户两次ACL,这可能是由于提供安全性的方式引起的
Name: printer1
\CREATOR OWNER
User has access to printer
\CREATOR OWNER
User has access to printer
MCM\DomainUsers
User has access to printer
MCM\DomainUsers
User has access to printer
MCM\DomainUsers
User has access to printer
MCM\admin
User has access to printer
MCM\admin
User has access to printer
BUILTIN\Administrators
User has access to printer
BUILTIN\Administrators
User has access to printer
如何验证Windows Server中未使用的NIC是否已禁用?
[英]How would I verify that unused NIC's in a Windows Server are disabled?
如何在Windows 2012 Server R2的vbscript中获取域名?
[英]How to get domain name in vbscript for windows 2012 server R2?
PERL — VB 脚本迁移到新的打印机服务器,在本地匹配和删除打印机 — 帮助具有长共享名称的打印机
[英]PERL — VB Script migrate to new printer server, match & delete printer locally — HELP with printer that have long share names
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.