1

上下文:Windows7 64 位、ActiveDirectory、Windows Server 2003

我试图让微软在他们的 Win32_Printer 类(Windows)的 GetSecurityDescriptor 方法页面上给出的代码工作。我有点想知道 winmgmts 的双重实例化是如何工作的,即(来自他们的代码)

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

Set objWMIService = GetObject("winmgmts:")

我原以为第二个实例会打败第一个实例。这似乎可以通过以下事实得到证实:无论我在 strComputer 中输入什么服务器名称,我仍然会获得计算机上的打印机列表。

有没有人喜欢使用 VBScript 获得连接服务器的打印机的 DACL?

4

1 回答 1

0

你是对的,这个脚本有不止一个问题,这是一个工作版本

SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE  = &h1

strComputer = "xxxxxxxxxx"
strUser = "xxxxxxxxxxxx"
strPassword = "xxxxxxx"
strDomain = "xxx"

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, _
    "root\cimv2", _
     strUser, _
     strPassword, _
     "MS_409", _
     "ntlmdomain:" + strDomain)

Set colInstalledPrinters =  objSWbemServices.ExecQuery ("Select * from Win32_Printer")

On error resume next

For Each objPrinter in colInstalledPrinters
  Wscript.Echo "Name: " & objPrinter.Name 
  Return = objPrinter.GetSecurityDescriptor( objSD )
  If ( return = 2 ) Then
    WScript.Echo "Could not get security descriptor: " & Return
  Elseif ( return = 8 ) Then
    WScript.Echo "Unknown failure: " & Return
  Elseif ( return = 9 ) Then
    WScript.Echo "The user does not have adequate privileges to execute the method: " & Return
  Elseif ( return = 21) Then
    WScript.Echo "A parameter specified in the method call is not valid: " & Return
  Elseif ( return = 0 ) Then
    intControlFlags = objSD.ControlFlags
    If intControlFlags AND SE_DACL_PRESENT Then
      arrACEs = objSD.DACL
      For Each objACE in arrACEs
        WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name
        If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
          WScript.Echo vbTab & "User has access to printer"
        ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
          WScript.Echo vbTab & "User does not have access to the printer"
        End If
      Next
    Else
      WScript.Echo "No DACL found in security descriptor"
    end if
  Else
    WScript.Echo "Could not get security descriptor: " & Return
  End If
Next

=>> 在我的域上,这为每个用户提供了两次 ACL,可能是由于提供安全性的方式引起的

Name: printer1
\CREATOR OWNER
  User has access to printer
\CREATOR OWNER
  User has access to printer
MCM\DomainUsers
  User has access to printer
MCM\DomainUsers
  User has access to printer
MCM\DomainUsers
  User has access to printer
MCM\admin
  User has access to printer
MCM\admin
  User has access to printer
BUILTIN\Administrators
  User has access to printer
BUILTIN\Administrators
  User has access to printer
于 2012-05-02T11:41:35.930 回答