Home/ Questions/Q 6728523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T10:10:52+00:00

I use the following code in order to check if certin user exists in

  • 0

I use the following code in order to check if certin user exists in the DACL:

Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())

For Each mObject As ManagementBaseObject In l_managemantObject
    l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
    If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
       l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
    End If

    If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
       Return True                
    End If
Next

As you can see, I’m able to get the username and domain. But how do I check if the user has FullControl permissions?

Edit:

I’ve done furthur investigation and found that using GetAccessMask, I can retrieve the access rights to the share held by the user or group on whose behalf the instance is returned.

So whats left to find out is:
How to get a specific user AccessMask?

AccessMask on MSDN

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It was under my nose all the time, using GetPropertyValue("AccessMask") on the managementObject gets the permission level.

    Full method:

     Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())

    For Each mObject As ManagementBaseObject In l_managemantObject
        l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
        If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
           l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
        End If

        Dim l_accessMask as UInteger = mObject.GetPropertyValue("AccessMask")

        If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
           if l_accessMask = 2032127 then
              Return True  
           endif                             
        End If
    Next
    • 0