public void SetUserCanChangePasswordsPropertyUncheck()
{
DirectoryEntry de = GetDirectoryObject(UserName);
string PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}";
ActiveDs.IADsSecurityDescriptor sd =
(ActiveDs.IADsSecurityDescriptor)de.Properties["ntSecurityDescriptor"].Value;
ActiveDs.IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;
//ActiveDs.AccessControlEntry ace = new ActiveDs.AccessControlEntry();
ActiveDs.ADS_ACETYPE_ENUM aceType;
//look for existing ace and get rid of
foreach (ActiveDs.AccessControlEntry ace in acl)
{
if (!(ace.ObjectType == null) && ace.ObjectType.ToLower() == PASSWORD_GUID)
{
if (ace.Trustee == "Everyone")
{
acl.RemoveAce(ace);
de.CommitChanges();
}
else if (ace.Trustee == "NT AUTHORITY\\SELF")
{
acl.RemoveAce(ace);
de.CommitChanges();
}
}
}
//now put in the one we want
sd.DiscretionaryAcl = acl;
de.Properties["ntSecurityDescriptor"].Value = sd;
de.CommitChanges();
}
more...
No comments:
Post a Comment