Battle Faction Puzzle 8

This topic contains 2 replies, has 3 voices, and was last updated by  The Shah of Hash 2 months, 3 weeks ago.

  • Author
    Posts
  • #95112

    Axel Bøg Andersen
    Participant

    A possible solution:

    I don't seem to recall that it was nessesary to set SetSecurityDescriptorSddlForm prior to updating access, but I might just be getting old ...

    There probably is a shorter way to get a better System.Security.AccessControl.DirectorySecurity, but that would require a bit more time to figure out. I got other stuff to do and this will do 🙂

  • #95143

    Yubu
    Participant
    $permissions=@"
    username	password	access	rights	inheritance	propagation
    Bill Bennsson	$(ConvertTo-SecureString -String $((0..9 + 9..0 | sort {get-random})[0..15] -join "") -AsPlainText -Force)	Allow	Modify	None	None
    Andy Pandien	$(ConvertTo-SecureString -String $((0..9 + 9..0 | sort {get-random})[0..15] -join "") -AsPlainText -Force)	Allow	Read	None	None
    "@
    
    $filter=$(($permissions | convertfrom-csv -delimiter "`t").username -join "|")
    $p="c:\SpecialFolder\SpecialFile.txt"
    $file=New-Item -force -itemtype file -path $p
    
    $permissions | convertfrom-csv -delimiter "`t" | %{
    New-localuser -username $_.username -password $_.password
    $objACLFile = Get-ACL $p
    $objACEFile = New-Object System.Security.AccessControl.FileSystemAccessRule ($_.username, $_.Rights, $_.Inheritance, $_.Propagation, $_.Access)
    $objACLFile.AddAccessRule($objACEFile)
    Set-ACL $p $objACLFile
    } 
    
    ((Get-LocalGroup users | Get-LocalGroupMember | ? ObjectClass -match user) | ? name -notmatch $filter).name | %{
      $objACLDeny = Get-ACL $p
      $objACEDeny = New-Object System.Security.AccessControl.FileSystemAccessRule ("$_", "Modify", "None", "None", "Deny")
      $objACLDeny.AddAccessRule($objACEDeny)
      Set-ACL $p $objACLDeny
    }
    
  • #95187

    The Shah of Hash
    Participant

    Down and dirty.

You must be logged in to reply to this topic.