I use the following code in order to check if certin user exists in the DACL:
Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())
For Each mObject As ManagementBaseObject In l_managemantObject
l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
End If
If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
Return True
End If
Next
As you can see, I'm able to get the username and domain. But how do I check if the user has FullControl permissions?
Edit:
I've done furthur investigation and found that using GetAccessMask, I can retrieve the access rights to the share held by the user or group on whose behalf the instance is returned.
So whats left to find out is:
How to get a specific user AccessMask?
It was under my nose all the time, using GetPropertyValue("AccessMask") on the managementObject gets the permission level.
Full method:
Dim l_managemantObject As ManagementBaseObject() = CType(securityDescriptor.Properties("DACL").Value, ManagementBaseObject())
For Each mObject As ManagementBaseObject In l_managemantObject
l_name = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Name").Value.ToString
If CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value IsNot Nothing Then
l_domain = CType(mObject.GetPropertyValue("Trustee"), ManagementBaseObject).Properties("Domain").Value.ToString()
End If
Dim l_accessMask as UInteger = mObject.GetPropertyValue("AccessMask")
If users.UserName.ToLower = (l_domain & "\" & l_name).ToLower Then
if l_accessMask = 2032127 then
Return True
endif
End If
Next