Common AccessMask value when Configuring Share Permission Programmatically
In my previous post, I have shown you how to modify share permission using .Net framework. Access Mask is quite granular, most likely you will need to assign a particular user as 'Full Control', 'Change', or 'Read'. In Vista or Server 2008, it will be 'Co-Owner', 'Contributor', or 'Reader'.
The literal values for those permissions are:
Full Control/Owner/Co-owner = 2032127
Read/Reader = 1179817
Change/Contributor = 1179817
I created an enum flag like this:
[Flags]
public enum AccessMaskEnum
{
FILE_READ_DATA = 0x000001,
FILE_LIST_DIRECTORY = 0x000001,
FILE_WRITE_DATA = 0x000002,
FILE_ADD_FILE = 0x000002,
FILE_APPEND_DATA = 0x000004,
FILE_ADD_SUBDIRECTORY = 0x000004,
FILE_READ_EA = 0x000008,
FILE_WRITE_EA = 0x000010,
FILE_EXECUTE = 0x000020,
FILE_TRAVERSE = 0x000020,
FILE_DELETE_CHILD = 0x000040,
FILE_READ_ATTRIBUTES = 0x000080,
FILE_WRITE_ATTRIBUTES = 0x000100,
DELETE = 0x010000,
READ_CONTROL = 0x020000,
WRITE_DAC = 0x040000,
WRITE_OWNER = 0x080000,
SYNCHRONIZE = 0x100000,
OWNER = FILE_READ_DATA | FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
FILE_ADD_FILE | FILE_APPEND_DATA | FILE_ADD_SUBDIRECTORY |
FILE_READ_EA | FILE_WRITE_EA | FILE_EXECUTE |
FILE_TRAVERSE | FILE_DELETE_CHILD | FILE_READ_ATTRIBUTES |
FILE_WRITE_ATTRIBUTES | DELETE | READ_CONTROL |
WRITE_DAC | WRITE_OWNER | SYNCHRONIZE,
READ_ONLY = FILE_READ_DATA | FILE_LIST_DIRECTORY | FILE_READ_EA |
FILE_EXECUTE | FILE_TRAVERSE | FILE_READ_ATTRIBUTES |
READ_CONTROL | SYNCHRONIZE,
CONTRIBUTOR = OWNER & ~(FILE_DELETE_CHILD | WRITE_DAC | WRITE_OWNER)
}
You can assign this enum to the AccessMask property of Win32_Ace instance. For reference, take a look at this link.
I got those values by changing the permission using Windows Explorer and then reading the AccessMask, standard disclaimer apply, use it at your own risk. :)