Objet ADsSecurityUtility et Héritage d'ACLs

Bonjour à tous,

j'espère que le sujet n'a pas été déjà abordé mais je commance à craquer sur
le fonctionnement de l'objet ADsSecurityUtility.

Avec le script ci-dessous j'arrive à supprimer les ACLs existantes sur un
rèp et a postionner de nouvelles ACLs sur celui ci.

La Pb est que si le rep n'est pas vide, la suppression/création d'ACLs n'est
pas repercuté sur les sous-répertoire.

Quel est donc la constante / paramètre mal ou pas positionné ?

Merci d'avance

Laurent



'ADS_PATHTYPE_ENUM constants

Const ADS_PATH_FILE = 1

Const ADS_PATH_FILESHARE = 2

Const ADS_PATH_REGISTRY = 3


' ADS_SD_FORMAT_ENUM constants

Const ADS_SD_FORMAT_IID = 1

Const ADS_SD_FORMAT_RAW = 2

Const ADS_SD_FORMAT_HEXSTRING = 3


' Define a ADS_RIGHTS_ENUM constants:

Const ADS_RIGHT_DELETE = &h10000

Const ADS_RIGHT_READ_CONTROL = &h20000

Const ADS_RIGHT_WRITE_DAC = &h40000

Const ADS_RIGHT_WRITE_OWNER = &h80000

Const ADS_RIGHT_SYNCHRONIZE = &h100000

Const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &h1000000

Const ADS_RIGHT_GENERIC_READ = &h80000000

Const ADS_RIGHT_GENERIC_WRITE = &h40000000

Const ADS_RIGHT_GENERIC_EXECUTE = &h20000000

Const ADS_RIGHT_GENERIC_ALL = &h10000000

Const ADS_RIGHT_DS_CREATE_CHILD = &h1

Const ADS_RIGHT_DS_DELETE_CHILD = &h2

Const ADS_RIGHT_ACTRL_DS_LIST = &h4

Const ADS_RIGHT_DS_SELF = &h8

Const ADS_RIGHT_DS_READ_PROP = &h10

Const ADS_RIGHT_DS_WRITE_PROP = &h20

Const ADS_RIGHT_DS_DELETE_TREE = &h40

Const ADS_RIGHT_DS_LIST_OBJECT = &h80

Const ADS_RIGHT_DS_CONTROL_ACCESS = &h100


' ADS_ACETYPE_ENUM

' Ace Type definitions

Const ADS_ACETYPE_ACCESS_ALLOWED = 0

Const ADS_ACETYPE_ACCESS_DENIED = &h1

Const ADS_ACETYPE_SYSTEM_AUDIT = &h2

Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5

Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &h6

Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &h7


' ADS_ACEFLAGS_ENUM

' Ace Flag Constants

Const ADS_ACEFLAG_UNKNOWN = &h1

Const ADS_ACEFLAG_INHERIT_ACE = &h2

Const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &h4

Const ADS_ACEFLAG_INHERIT_ONLY_ACE = &h8

Const ADS_ACEFLAG_INHERITED_ACE = &h10

Const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &h1f

Const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &h40

Const ADS_ACEFLAG_FAILED_ACCESS = &h80

'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

'ADS_SCOPE_ENUM enumeration:
Const ADS_SCOPE_BASE = 0
Const ADS_SCOPE_ONELEVEL = 1
Const ADS_SCOPE_SUBTREE = 2


'-------------------------------------------------------------------------

dim oSd

dim oSDUtil

set oSDUtil = CreateObject("ADsSecurityUtility")


' *** MAJ ACLs ***
set oSd = oSDUtil.GetSecurityDescriptor(PathGrp, ADS_PATH_FILE,
ADS_SD_FORMAT_IID)


set oDacl = oSD.DiscretionaryACL

for each ace in oDacl

oDacl.RemoveAce ace ' Supprime les ACLs existants

next

set oAce = CreateObject("AccessControlEntry")

oAce.Trustee = "Toto\Titi"

oAce.AccessMask = ADS_RIGHT_GENERIC_ALL

oAce.AceFlags = ADS_ACEFLAG_UNKNOWN Or ADS_ACEFLAG_INHERIT_ACE

oAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED

oDacl.AddAce oAce


oSd.DiscretionaryACL = oDacl

oSDUtil.SetSecurityDescriptor PathGrp, ADS_PATH_FILE, oSD,
ADS_SD_FORMAT_IID

Set oAce = Nothing