您的位置: 首页  >  技术问答  >  如何在Windows中获得服务器打印机的DACL?

如何在Windows中获得服务器打印机的DACL?

分类: 技术问答 2022-08-24 13:11:03
问题描述:

语境:Windows7的64位,ActiveDirectory中,Windows Server 2003的如何在Windows中获得服务器打印机的DACL?

我试图让微软的GetSecurityDescriptor method of the Win32_Printer Class (Windows)页上给出工作的代码。我有点好奇,想知道winmgmts的双重实例是如何工作的,即(从他们的代码)

Set objWMIService = GetObject("winmgmts:" _ 
& "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2") 

Set objWMIService = GetObject("winmgmts:")

我本来认为二审会揍第一。这似乎表明,无论我在strComputer中输入什么服务器名称,我仍然可以看到计算机上的打印机列表。

有没有人有使用VBScript获得服务器连接打印机的DACL的乐趣?

+0

SetACL被证明有助于找到我需要的信息。请注意,我仍然想知道上面的脚本是如何工作的。 – bugmagnet 2012-04-26 09:05:06

你是正确的,有超过一件事错的脚本,这里是一个工作版本

SE_DACL_PRESENT = &h4 
ACCESS_ALLOWED_ACE_TYPE = &h0 
ACCESS_DENIED_ACE_TYPE = &h1 

strComputer = "xxxxxxxxxx" 
strUser = "xxxxxxxxxxxx" 
strPassword = "xxxxxxx" 
strDomain = "xxx" 

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator") 
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, _ 
    "root\cimv2", _ 
    strUser, _ 
    strPassword, _ 
    "MS_409", _ 
    "ntlmdomain:" + strDomain) 

Set colInstalledPrinters = objSWbemServices.ExecQuery ("Select * from Win32_Printer") 

On error resume next 

For Each objPrinter in colInstalledPrinters 
    Wscript.Echo "Name: " & objPrinter.Name 
    Return = objPrinter.GetSecurityDescriptor(objSD) 
    If (return = 2) Then 
    WScript.Echo "Could not get security descriptor: " & Return 
    Elseif (return = 8) Then 
    WScript.Echo "Unknown failure: " & Return 
    Elseif (return = 9) Then 
    WScript.Echo "The user does not have adequate privileges to execute the method: " & Return 
    Elseif (return = 21) Then 
    WScript.Echo "A parameter specified in the method call is not valid: " & Return 
    Elseif (return = 0) Then 
    intControlFlags = objSD.ControlFlags 
    If intControlFlags AND SE_DACL_PRESENT Then 
     arrACEs = objSD.DACL 
     For Each objACE in arrACEs 
     WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name 
     If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then 
      WScript.Echo vbTab & "User has access to printer" 
     ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then 
      WScript.Echo vbTab & "User does not have access to the printer" 
     End If 
     Next 
    Else 
     WScript.Echo "No DACL found in security descriptor" 
    end if 
    Else 
    WScript.Echo "Could not get security descriptor: " & Return 
    End If 
Next

= >>在我的领域这给ACL两次每个用户,可以由引起方式安全

Name: printer1 
\CREATOR OWNER 
    User has access to printer 
\CREATOR OWNER 
    User has access to printer 
MCM\DomainUsers 
    User has access to printer 
MCM\DomainUsers 
    User has access to printer 
MCM\DomainUsers 
    User has access to printer 
MCM\admin 
    User has access to printer 
MCM\admin 
    User has access to printer 
BUILTIN\Administrators 
    User has access to printer 
BUILTIN\Administrators 
    User has access to printer
+0

MS_409在这种情况下做什么?另外,我只在目标机器上的每台打印机上都收到“安全描述符中未找到DACL”。 – bugmagnet 2012-05-04 02:08:06

+0

这是语言环境,不知道它是否有所作为,因为我是欧洲人,而且脚本与已发布的函数一样好“对于Microsoft区域设置标识符,字符串格式为”MS_xxx“,其中xxx为十六进制格式的字符串表示区域设置标识(LCID);例如,美国英语将显示为“MS_409”“您的打印机上的DACL是否处于活动状态? – peter 2012-05-04 07:17:02

+0

今天是我在该网站的最后一天,所以解决方案是没有意义的。然而,它是最接近的,所以我给你赏金。 – bugmagnet 2012-05-04 13:29:15

相关推荐