Using the Enterprise Management Example

You should run the Enterprise Management example (as explained below) and understand what it achieves. Later, you may insert breakpoints at appropriate places in the code and see what happens behind the scenes. Here are some suggestions on charting your course:

The first part will show you operations you can perform using the ADSI compliant objects of DirectScript. The next part will show you operations you can perform using the ObjectSecurity object of DirectScript for managing access permissions on files.

1. Start the application

2. Click Show Domains to get a list of all Domains in your network

3. Click on one of the Domains in the list box below this button. The three list boxes to the right fill now list Users, Groups, and Computers in this Domain.

4. The Domain Properties tab sheet comes out in front. This tab sheet shows some common properties of the Domain.

5. You can use the Create Group button to create a new Group in this Domain. The name of the Group should be entered just to the right of this button. Similarly, you can create a new user using Create User. Use this feature for creating some dummy Groups and Users which you can later delete.

6. Click on another Domain to see Users, Groups, and Computers in the newly selected Domain.

7. Click on a User in the Users in Domain box. This gets the properties for the User and puts them on the User Properties sheet. Instead of just clicking if you double click on a User, then, in addition, the property sheet comes out in front. There is a dropdown box that even shows you the Groups this User belongs to. Whether you single click or double click, the name of the User is also copied to the Trustee text box on the File Permissions sheet and to the text box to the left of the Add User button on the Group Properties sheet.

8. Use Delete User to delete the User from the Domain. Be careful! You do not want to delete a real User. Try these experiments only on dummy Users created specially for such experimentation! You can change one or more of the properties and click Update Properties to make them persistent.

9. Click on a Group in the Groups in Domain box. This gets the properties for the Group and puts them on the Group Properties sheet. Instead of just clicking if you double click on a Group then, in addition, the property sheet comes out in front. There is a dropdown box that shows the Users in this Group. As in the case of Users, you can delete the Group. As an exercise, you might want to add a button called Update Properties as in the case of Users. Whether you single click or double click, the name of the Group is also copied to the Trustee text box on the File Permissions list. The dropdown box to the left of the Remove User button contains all users in this Domain. You can select one and click Remove User to remove that User from the Group. To add a User to the Group you should enter the name of a User in the textbox to the left of the Add User button and then click the button. This should be just the name of the User without any Domain name prefixes. An easier way is to click (not double click) on the name of a User in the Users in Domain list to copy that User's name to the text box.

10. Click on a Computer in the Computers in Domain box. This will bring out the Computer Properties property sheet. Besides some obvious properties, this sheet also contains two dropdown boxes. One for local Users and one for local Groups. These are local to this Computer, as opposed to Global ones which are part of a Domain.

The next part shows you what ObjectSecurity brings to the table:

1. Click the Browse... button to the right of the File Path text box.

2. You will see the familiar common dialog box for opening files. Browse through your network and pick a file somewhere. Remember, it MUST be on an NTFS partition!

3. When you click the Open button on the common dialog box, the File Permissions property sheet comes to the front. It lists properties of this file, such as, its Owner, permissions given to the Owner and the Primary Group of the owner. There is a listview control to the right which lists all Trustees and their permissions on the file. A Trustee can be either a Group or a User. Permissions are listed in the standard Windows format. A preceding + means that the permission is available. A preceding - means that the permission is denied to the Trustee

4. Enter the name of some arbitrary Trustee in the Trustee text box. To select one of the Groups or Users visible in the list boxes on top click on one of the Groups in the Groups in Domain box. The Trustee text box will now contain the name of the Group you clicked on. You can copy the name of an existing User in a similar way

5. Click Get Permissions. The Permissions text box will contain the permissions available to the Trustee

6. You can enter a new permission string in the Permissions text box and click Set Permissions to change the permissions for the Trustee to the new value

7. Clicking Grant Permissions grants the permissions in the Permissions box to the Trustee, without affecting any other existing ones.

8. Clicking Revoke Permissions revokes the permissions assigned to trustees.

See also

• Enterprise Management: a big example

• Behind the scenes of Network Management

• Viewing the VB Code