• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Programatically Change Public Folder Permission?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Public Folders >> Programatically Change Public Folder Permission? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Programatically Change Public Folder Permission? - 5.Oct.2007 12:03:49 PM   
polysulfide

 

Posts: 110
Joined: 2.Dec.2004
From: Portland, Oregon
Status: offline
My organization has a workflow component consisting of creating, securing, and mail-enabling a public folder.  I am writing a script to address most of the workflow but I am having trouble securing the public folders.

I am unable to use CDO since this script needs to be run from workstations and not on the Exchange server.

I have created and mail-enabled the fodlers with a MAPI session and I have specfied the SMTP address with ADSI, hoever, I am still not able to set permissions.  It looks like DAV might be my only hope, however, it seems rather convoluted and I don't have any great examples.

Has anybody else had a similar issue?  I would be greatful for any advice.
Post #: 1
RE: Programatically Change Public Folder Permission? - 30.Oct.2007 7:43:10 PM   
polysulfide

 

Posts: 110
Joined: 2.Dec.2004
From: Portland, Oregon
Status: offline
This function works good

Slightly modified form MS website

Const User_AuthFldAllow = &H1208AB
Const User_AuthFldDeny = &HDC914
Const User_AuthSitAllow = &H120EA9
Const User_AuthSitDeny = &H1F0716
Const Grp_AuthFldAllow = &H1208AB
Const Grp_AuthFldDeny = &HDC914
Const Grp_AuthSitAllow = &H120EA9
Const Grp_AuthSitDeny = &H1F0716

AddAuthorACE "http://EXCHANGESERVER/Public/FOLDER", "DOMAIN\account", "user"

Function AddACE(Name, UserType, Allow, Deny)
   Dim strXML
   strXML = "    <?xml version=""1.0""?>" & vbCrLf & _
            "    <add xmlns:S='http://schemas.microsoft.com/security/'>" & vbCrLf & _
            "         <S:access_allowed_ace S:inherited=""0"">" & vbCrLf & _
            "            <S:access_mask>" & Hex(Allow) & "</S:access_mask>" & vbCrLf & _
            "            <S:sid>" & vbCrLf & _
           "               <S:type>" & UserType & "</S:type>" & vbCrLf & _
            "               <S:nt4_compatible_name>" & Name & "</S:nt4_compatible_name>" & vbCrLf & _
            "            </S:sid>" & vbCrLf & _
            "         </S:access_allowed_ace>" & vbCrLf & _
            "         <S:access_denied_ace S:inherited=""0"">" & vbCrLf & _
            "            <S:access_mask>" & Hex(Deny) & "</S:access_mask>" & vbCrLf & _
            "            <S:sid>" & vbCrLf & _
            "               <S:nt4_compatible_name>" & Name & "</S:nt4_compatible_name>" & _
            "            </S:sid>" & vbCrLf & _
            "         </S:access_denied_ace>" & vbCrLf & _
            "    </add>" & vbCrLf
           
   AddACE = strXML
End Function
Function AddAuthorACE(FdPath, NTName, UserType)
   Dim xmlReq 'As MSXML.XMLHTTPRequest
   Dim query 'As String
   Dim XMLDOM 'As MSXML.DOMDocument
   Dim XMLRoot 'As MSXML.DOMDocument
   Dim strNewNode 'As String
   Dim xmlNode 'As MSXML.IXMLDOMNode
   Dim effacesnode 'As MSXML.IXMLDOMNode
   Dim subconacesnode 'As MSXML.IXMLDOMNode
   Dim subitemacesnode 'As MSXML.IXMLDOMNode
   Dim xmlNewACEDom 'As MSXML.DOMDocument
   Dim xmlNewNode 'As MSXML.IXMLDOMNode
 
   Set xmlReq = CreateObject("Microsoft.XMLHTTP")
   Set XMLDOM = CreateObject("Microsoft.XMLDOM")
   'Get the current Security Descriptor of the folder
   xmlReq.open "PROPFIND", FdPath, False
   xmlReq.setRequestHeader "Content-Type", "text/xml"
   xmlReq.setRequestHeader "Depth", "0"
   query = "<?xml version='1.0'?>"
   query = query + "<a:propfind xmlns:a='DAV:'>"
   query = query + "<a:prop xmlns:ex='http://schemas.microsoft.com/exchange/security/'>"
   query = query + "<ex:descriptor/>"
   query = query + "</a:prop>"
   query = query + "</a:propfind>"
   xmlReq.send (query)
   Set XMLDOM = xmlReq.responseXML
      
   'Greate the empty Security Descriptor ready to upgrade
   query = ""
   query = "<?xml version='1.0'?>"
   query = query + "<a:propertyupdate xmlns:a='DAV:' xmlns:e='http://schemas.microsoft.com/exchange/security/'>"
   query = query + "<a:set><a:prop><e:descriptor>"
   query = query + "</e:descriptor></a:prop></a:set></a:propertyupdate>"
   Set XMLRoot = CreateObject("Microsoft.XMLDOM")
   XMLRoot.loadXML query
  
   'Load the Security Descriptor from the current schema
   Set xmlNode = XMLRoot.documentElement.selectSingleNode("//e:descriptor")
   xmlNode.appendChild XMLDOM.documentElement.selectSingleNode("//S:security_descriptor")
  
   Set effacesnode = XMLRoot.documentElement.selectSingleNode("//S:effective_aces")
   Set subconacesnode = XMLRoot.documentElement.selectSingleNode("//S:subcontainer_inheritable_aces")
   Set subitemacesnode = XMLRoot.documentElement.selectSingleNode("//S:subitem_inheritable_aces")
   Set xmlNewACEDom = CreateObject("Microsoft.XMLDOM")
  
   'Add the Access Permission for User/group
   If UserType = "user" Then
       strNewNode = AddACE(NTName, UserType, User_AuthFldAllow, User_AuthFldDeny)
   Else
       strNewNode = AddACE(NTName, UserType, Grp_AuthFldAllow, Grp_AuthFldDeny)
   End If
   xmlNewACEDom.loadXML strNewNode
   Set xmlNewNode = xmlNewACEDom.documentElement.selectSingleNode("S:access_denied_ace")
   effacesnode.insertBefore xmlNewNode, effacesnode.firstChild
   Set xmlNewNode = xmlNewACEDom.documentElement.selectSingleNode("S:access_allowed_ace")
   effacesnode.insertBefore xmlNewNode, effacesnode.firstChild
  
   'Add the sub-container inheritable permission for user/group
   If UserType = "user" Then
       strNewNode = AddACE(NTName, UserType, User_AuthFldAllow, User_AuthFldDeny)
   Else
       strNewNode = AddACE(NTName, UserType, Grp_AuthFldAllow, Grp_AuthFldDeny)
   End If
   xmlNewACEDom.loadXML strNewNode
   Set xmlNewNode = xmlNewACEDom.documentElement.selectSingleNode("S:access_denied_ace")
   subconacesnode.insertBefore xmlNewNode, subconacesnode.firstChild
   Set xmlNewNode = xmlNewACEDom.documentElement.selectSingleNode("S:access_allowed_ace")
   subconacesnode.insertBefore xmlNewNode, subconacesnode.firstChild
   'Add the sub-item inheritable Permission for user/group
   If UserType = "user" Then
       strNewNode = AddACE(NTName, UserType, User_AuthSitAllow, User_AuthSitDeny)
   Else
       strNewNode = AddACE(NTName, UserType, Grp_AuthSitAllow, Grp_AuthSitDeny)
   End If
   xmlNewACEDom.loadXML strNewNode
   Set xmlNewNode = xmlNewACEDom.documentElement.selectSingleNode("S:access_denied_ace")
   subitemacesnode.insertBefore xmlNewNode, subitemacesnode.firstChild
   Set xmlNewNode = xmlNewACEDom.documentElement.selectSingleNode("S:access_allowed_ace")
   subitemacesnode.insertBefore xmlNewNode, subitemacesnode.firstChild
  
   xmlReq.open "PROPPATCH", FdPath, False
   xmlReq.setRequestHeader "Content-Type", "text/xml"
   xmlReq.setRequestHeader "Depth", "0"
   xmlReq.send (XMLRoot.documentElement.xml)
     
End Function

(in reply to polysulfide)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Public Folders >> Programatically Change Public Folder Permission? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter