Wednesday, October 2, 2019

NSIS AccessControl plug-in (exe)

Here a small exe that I made as a kind of spin-off of another project.
It enables one to use NSIS AccessControl plug-in from the command line.

Usage:
AccessControl.exe "<plug-in command>" "<command option1>" "<command option2>" ...
(See the AccessControl.txt and other files for more info.)

One example:

Plug-in command "GrantOnFile" when Plug-in is used in NSIS:
AccessControl::GrantOnFile "path2\yourfolder" "(BU)" "FullAccess"

Plug-in command "GrantOnFile" when exe is used:
AccessControl.exe "GrantOnFile" "path2\yourfolder" "(BU)" "FullAccess"
(Notice: Every parameter must be enclosed in double quotes when using the exe.)

When run, the exe shows the result in a messagebox and writes it to the log file.

Download: https://yadi.sk/d/CVBuxDFtEzQBwA

The text below is taken from: https://nsis.sourceforge.io/AccessControl_plug-in


AccessControl plug-in


Description


Version: 1.0.8.1 (7th July 2014)

Supported on: WinNT4+.

The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management.

File and Directory Permission List

File Permissions

  • ReadData
  • WriteData
  • AppendData
  • ReadEA
  • WriteEA
  • Execute
  • ReadAttributes
  • WriteAttributes
  • Delete
  • ReadControl
  • WriteDAC
  • WriteOwner
  • Synchronize
  • FullAccess
  • GenericRead
  • GenericWrite
  • GenericExecute
  • NULL

Directory Permissions

  • ListDirectory
  • AddFile
  • AddSubdirectory
  • ReadEA
  • WriteEA
  • Traverse
  • DeleteChild
  • ReadAttributes
  • WriteAttributes
  • Delete
  • ReadControl
  • WriteDAC
  • WriteOwner
  • Synchronize
  • FullAccess
  • GenericRead
  • GenericWrite
  • GenericExecute
  • NULL

Registry Permissions

  • QueryValue
  • SetValue
  • CreateSubKey
  • EnumerateSubKeys
  • Notify
  • CreateLink
  • Delete
  • ReadControl
  • WriteDAC
  • WriteOwner
  • Synchronize
  • GenericRead
  • GenericWrite
  • GenericExecute
  • FullAccess
  • NULL

--------------------------------------------------------------------------
Taken from NSIS AccessControl plug-in's AccessControl.txt

FUNCTIONS
---------

GrantOnFile [/NOINHERIT] <filename> <trustee> <permissions>
GrantOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>
Pop $Result ; "ok" or "error" + error details

  Makes sure that the trustee get the requested access rights on
  that object.

---------

SetOnFile [/NOINHERIT] <filename> <trustee> <permissions>
SetOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>
Pop $Result ; "ok" or "error" + error details

  Replaces any existing access rights for the trustee on the object
  with the specified access rights.

---------

ClearOnFile [/NOINHERIT] <filename> <trustee> <permissions>
ClearOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>
Pop $Result ; "ok" or "error" + error details

  Replaces all trustees on the object with the specified trustee and
  access rights.

---------

DenyOnFile [/NOINHERIT] <filename> <trustee> <permissions>
DenyOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>
Pop $Result ; "ok" or "error" + error details

  Explicitly denies an access right on a object.

---------

RevokeOnFile [/NOINHERIT] <filename> <trustee> <permissions>
RevokeOnRegKey [/NOINHERIT] <rootkey> <regkey> <trustee> <permissions>
Pop $Result ; "ok" or "error" + error details

  Removes a formerly defined access right for that object.
  Note that access rights will still be revoked even if they are
  inherited.

---------

SetFileOwner <filename> <trustee>
SetRegKeyOwner <rootkey> <regkey> <trustee>
Pop $Result ; "ok" or "error" + error details

  Changes the owner of an object.

---------

GetFileOwner <filename>
GetRegKeyOwner <rootkey> <regkey>
Pop $Owner ; or "error" + error details

  Gets the owner of an object.

---------

SetFileGroup <filename> <trustee>
SetRegKeyGroup <rootkey> <regkey> <trustee>
Pop $Result ; "ok" or "error" + error details

  Changes the primary group of the object.

---------

GetFileGroup <filename>
GetRegKeyGroup <rootkey> <regkey>
Pop $Group ; or "error" + error details

  Gets the primary group of the object.

---------

EnableFileInheritance <filename>
EnableRegKeyInheritance <rootkey> <regkey>
Pop $Result ; "ok" or "error" + error details

  Enables inheritance of parent object permissions.

---------

DisableFileInheritance <filename>
DisableRegKeyInheritance <rootkey> <regkey>
Pop $Result ; "ok" or "error" + error details

  Disables inheritance of parent object permissions.

---------

SidToName <sidstring>
Pop $Domain ; or "error" + error details
Pop $Username

  Converts an SID on the local machine to the corresponding username and
  domain name.

---------

NameToSid <username>
Pop $SID ; or "error" + error details

  Gets the SID of the specified username on the local machine.

---------

GetCurrentUserName
Pop $Username ; or "error"

  Gets the username of the current user running the setup.

---------


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)