usually located in C:\WINDOWS\system32\activeds.tlb.
using ActiveDs;
public void CheckUserCanChangePasswordsProperty()
{
DirectoryEntry de = GetDirectoryObject(UserName);
string PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}";
string[] trustees = { "NT AUTHORITY\\SELF", "EVERYONE" };
ActiveDs.IADsSecurityDescriptor sd =
(ActiveDs.IADsSecurityDescriptor)de.Properties["ntSecurityDescriptor"].Value;
ActiveDs.IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;
ActiveDs.AccessControlEntry ace = new ActiveDs.AccessControlEntry();
double denied = (double)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED_OBJECT;
double objectType = (double)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;
double dsControl = (double)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DS_CONTROL_ACCESS;
foreach (string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = Convert.ToInt32(Math.Floor(denied));
ace.Flags = Convert.ToInt32(Math.Floor(objectType));
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask = Convert.ToInt32(Math.Floor(dsControl));
acl.AddAce(ace);
}
sd.DiscretionaryAcl = acl;
de.Properties["ntSecurityDescriptor"].Value = sd;
de.CommitChanges();
}
more...
No comments:
Post a Comment