最近有个项目,需要根据登录用户身份来判定他是否能访问某个文件夹。
我先在局域网里装了一台NDS服务器,然后在其上装了Active Directory,以Administrator(域控服务器的管理者身份)的身份登录,运行程序可正常设定本地某个文件夹权限;然而在另一台机器上(已加入该域,且该机器所有分区均为NTFS格式),同样以Administrator(域控服务器的管理者身份)的身份登录,运行同样的程序却报错,在objADsSec.SetSecurityDescriptor(objSecDes,"FILE://c:\\a");处出现异常“安全ID结构无效”,请问这是为什么?请高手指点,谢谢!程序代码如下:
ADsSecurity objADsSec;
SecurityDescriptor objSecDes;
AccessControlList objDAcl;
AccessControlEntry objAce1;
AccessControlEntry objAce2;
Object objSIdHex;
ADsSID objSId; objADsSec = new ADsSecurityClass();
objSecDes = (SecurityDescriptor) (objADsSec.GetSecurityDescriptor("FILE://c:\\a"));
objDAcl = (AccessControlList)objSecDes.DiscretionaryAcl; // Add a new access control entry (ACE) object (objAce) so that the user has Full Control permissions on NTFS file system files.
objAce1 = new AccessControlEntryClass();
objAce1.Trustee = "test\\Administrator"; //域名\用户名
objAce2.AccessMask = (int)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_ALL;
objAce2.AceType = (int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
objAce2.AceFlags = (int)ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERIT_ACE | 1;
objDAcl.AddAce(objAce2); objSecDes.DiscretionaryAcl = objDAcl; // Set permissions on the NTFS file system folder.
objADsSec.SetSecurityDescriptor(objSecDes,"FILE://c:\\a");
我先在局域网里装了一台NDS服务器,然后在其上装了Active Directory,以Administrator(域控服务器的管理者身份)的身份登录,运行程序可正常设定本地某个文件夹权限;然而在另一台机器上(已加入该域,且该机器所有分区均为NTFS格式),同样以Administrator(域控服务器的管理者身份)的身份登录,运行同样的程序却报错,在objADsSec.SetSecurityDescriptor(objSecDes,"FILE://c:\\a");处出现异常“安全ID结构无效”,请问这是为什么?请高手指点,谢谢!程序代码如下:
ADsSecurity objADsSec;
SecurityDescriptor objSecDes;
AccessControlList objDAcl;
AccessControlEntry objAce1;
AccessControlEntry objAce2;
Object objSIdHex;
ADsSID objSId; objADsSec = new ADsSecurityClass();
objSecDes = (SecurityDescriptor) (objADsSec.GetSecurityDescriptor("FILE://c:\\a"));
objDAcl = (AccessControlList)objSecDes.DiscretionaryAcl; // Add a new access control entry (ACE) object (objAce) so that the user has Full Control permissions on NTFS file system files.
objAce1 = new AccessControlEntryClass();
objAce1.Trustee = "test\\Administrator"; //域名\用户名
objAce2.AccessMask = (int)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_ALL;
objAce2.AceType = (int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
objAce2.AceFlags = (int)ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERIT_ACE | 1;
objDAcl.AddAce(objAce2); objSecDes.DiscretionaryAcl = objDAcl; // Set permissions on the NTFS file system folder.
objADsSec.SetSecurityDescriptor(objSecDes,"FILE://c:\\a");
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货