【发布时间】:2018-11-18 06:18:56
【问题描述】:
我正在尝试编写一个小应用程序来更新文件夹权限。我编写了以下代码来删除oldGroup并添加newGroup。
当我调用InvokeMethod 时,我发现了一个异常HRESULT 0x80041005 - Type Mismatch。不是很有帮助!如果我注释掉 newAces.Add(newAce); 旧组已成功删除,那么问题出在我的新 ACE (newAce) 或受托人 (trustee) 上。我尝试了几种实例化trustee 的方法,在下面注释掉了。
public void Function()
{
CimInstance QueryInstance(CimSession session, string cimNamespace, string query)
{
IEnumerable<CimInstance> queryInstances = session.QueryInstances(cimNamespace, "WQL", query);
return queryInstances.FirstOrDefault();
}
string computerName = "localhost";
string namespaceName = @"root\cimv2";
string oldGroup = "Everyone";
string newGroup = "Not Everyone";
DComSessionOptions sessionOptions = new DComSessionOptions
{
Timeout = new TimeSpan(0, 2, 0)
};
CimSession cimSession = CimSession.Create(computerName, sessionOptions);
CimInstance trustee = new CimInstance(cimSession.GetClass(namespaceName, "Win32_Trustee"));
//CimInstance trustee = new CimInstance("Win32_Trustee");
trustee.CimInstanceProperties.Single(p => p.Name == "Name").Value = newGroup;
//trustee.CimInstanceProperties.Add(CimProperty.Create("Name", newGroup, CimType.String, CimFlags.Key));
trustee.CimInstanceProperties.Single(p => p.Name == "Domain").Value = "GLOBAL";
//trustee.CimInstanceProperties.Add(CimProperty.Create("Domain", "GLOBAL", CimType.String, CimFlags.Key));
CimInstance newAce = new CimInstance("Win32_ACE");
newAce.CimInstanceProperties.Add(CimProperty.Create("AccessMask", 1179817, CimFlags.Key));
newAce.CimInstanceProperties.Add(CimProperty.Create("AceFlags", 3, CimFlags.Key));
newAce.CimInstanceProperties.Add(CimProperty.Create("AceType", 0, CimFlags.Key));
newAce.CimInstanceProperties.Add(CimProperty.Create("Trustee", trustee, CimFlags.Key));
CimInstance logicalFileSecSetting = QueryInstance(cimSession, namespaceName, @"select * from Win32_LogicalFileSecuritySetting where Path='C:\\dev\\temp\\wmi'");
CimMethodResult methodResult;
methodResult = cimSession.InvokeMethod(namespaceName, logicalFileSecSetting, "GetSecurityDescriptor", new CimMethodParametersCollection());
CimInstance descriptor = (CimInstance)methodResult.OutParameters.SingleOrDefault(p => p.Name == "Descriptor").Value;
IEnumerable<CimInstance> aces = (IEnumerable<CimInstance>)descriptor.CimInstanceProperties.SingleOrDefault(p => p.Name == "DACL").Value;
List<CimInstance> newAces = aces.Where(ace =>
{
CimInstance aceTrustee = (CimInstance)ace.CimInstanceProperties.Single(p => p.Name == "Trustee").Value;
string aceTrusteeName = (string)aceTrustee.CimInstanceProperties.Single(p => p.Name == "Name").Value;
return aceTrusteeName != oldGroup;
}).ToList();
newAces.Add(newAce);
descriptor.CimInstanceProperties.SingleOrDefault(p => p.Name == "DACL").Value = newAces.ToArray();
CimInstance cimDirectory = QueryInstance(cimSession, namespaceName, @"SELECT * FROM Win32_Directory WHERE Name='C:\\dev\\temp\\wmi'");
CimMethodParametersCollection methodParameters = new CimMethodParametersCollection
{
CimMethodParameter.Create("SecurityDescriptor", descriptor, CimType.Instance, CimFlags.In),
CimMethodParameter.Create("Option", 4, CimType.UInt32, CimFlags.In)
};
methodResult = cimSession.InvokeMethod(namespaceName, cimDirectory, "ChangeSecurityPermissions", methodParameters);
}
谁能帮助我更熟悉 Microsoft 管理基础架构?提前致谢。
【问题讨论】: