我有一个脚本,可以启用文件夹共享并设置共享权限。该脚本运行正常,但有一个例外,如果你想生成 HomeUse-Directory,这个例外是最重要的。我无法为组“Everyone”设置共享权限,并显示错误消息:
无法将帐户“Everyone”映射到 SID
所以我做了一些研究,发现这非常有趣的文章,其中说“Everyone”组直到 Windows Vista/Server 2008 才有 SID。
读了更多书之后我发现其他文章名为“众所周知的 SID”。现在我有 World/Everyone 组的 SID,因为这些组未在 AD 中列出。因此,我更改了脚本以直接搜索 SID,而不是使用 Windows 2000 之前的参数。遗憾的是,这也不起作用。
现在我完全不知道该怎么做。我想应该有一些变通方法,但我更喜欢和“所有人”一起做。
据我所知,“Everyone” 是一个非基于 AD 的组,就像“本地管理员”和“系统”一样。奇怪的是,我可以为“系统”设置共享权限,但不能为“Everyone/World/SELF”设置共享权限
我是否遗漏了什么?
我很高兴听到你们在这件事上的经验。
编辑:
根据要求-这里是出现错误的代码:
Dim SetEntriesResult As UInteger = SetEntriesInAcl(1, ExplicitAccessRule(i), AclPtr, AclPtr)
'Check the result of the SetEntriesInAcl API call
If SetEntriesResult = ERROR_NONE_MAPPED Then
Throw New ApplicationException("The account " & FullAccountName & " could not be mapped to a security identifier (SID).")
ElseIf SetEntriesResult <> 0 Then
Throw New ApplicationException("The account " & FullAccountName & " could not be added to the ACL as the follow error was encountered: " & SetEntriesResult & ".")
End If
所以这是ERROR_NONE_MAPPED
- API 错误
上面用到的相关代码:
<DllImportAttribute("advapi32.dll", EntryPoint:="SetEntriesInAclW")> _
Private Shared Function SetEntriesInAcl(ByVal cCountOfExplicitEntries As Integer, <InAttribute()> ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, <InAttribute()> ByVal OldAcl As System.IntPtr, ByRef NewAcl As System.IntPtr) As UInteger
End Function
Public Shared Function ShareExistingFolder(ByVal ShareName As String, ByVal ShareComment As String, ByVal LocalPath As String, ByVal SharePermissions As List(Of SharePermissionEntry), Optional ByVal ComputerName As String = Nothing) As NET_API_STATUS
'Argument validation
If String.IsNullOrEmpty(ShareName) OrElse String.IsNullOrEmpty(LocalPath) OrElse SharePermissions Is Nothing OrElse SharePermissions.Count = 0 Then
Throw New ArgumentException("Invalid argument specified - ShareName, LocalPath and SharePermissions arguments must not be empty")
End If
'Create array of explicit access rules, one for each user specified in the SharePermissions argument
Dim ExplicitAccessRule(SharePermissions.Count - 1) As EXPLICIT_ACCESS
'This pointer will hold the full ACL (access control list) once the loop below has completed
Dim AclPtr As IntPtr
'Loop through each entry in our list of explicit access rules, build each one and add it to the ACL
For i As Integer = 0 To ExplicitAccessRule.Length - 1
'Build the user or group name
Dim FullAccountName As String = String.Empty
If Not String.IsNullOrEmpty(SharePermissions(i).DomainName) Then
FullAccountName = SharePermissions(i).DomainName & "\"
End If
FullAccountName &= SharePermissions(i).UserOrGroupName
'Create a TRUSTEE structure and populate it with the user account details
Dim Account As New TRUSTEE
With Account
.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE
.pMultipleTrustee = 0
.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_NAME
.ptstrName = FullAccountName
.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_UNKNOWN
End With
'Populate the explicit access rule for this user/permission
With ExplicitAccessRule(i)
'Set this to an Allow or Deny entry based on what was specified in the AllowOrDeny property
If SharePermissions(i).AllowOrDeny Then
.grfAccessMode = ACCESS_MODE.GRANT_ACCESS
Else
.grfAccessMode = ACCESS_MODE.DENY_ACCESS
End If
'Build the access mask for the share permission specified for this user
If SharePermissions(i).Permission = SharedFolder.SharePermissions.Read Then
.grfAccessPermissions = ACCESS_MASK.GENERIC_READ Or ACCESS_MASK.STANDARD_RIGHTS_READ Or ACCESS_MASK.GENERIC_EXECUTE
ElseIf SharePermissions(i).Permission = SharedFolder.SharePermissions.FullControl Then
.grfAccessPermissions = ACCESS_MASK.GENERIC_ALL
End If
'Not relevant for share permissions so just set to NO_INHERITANCE
.grfInheritance = NO_INHERITANCE
'Set the Trustee to the TRUSTEE structure we created earlier in the loop
.Trustee = Account
End With