If you want the vb wsh way here is a posting that I used to do it http://groups.google.com/groups?selm=3E8240AB.98EACD54%40hydro.com -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil Sent: Thursday, April 17, 2003 8:46 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: OT: Script Gurus? Will that help in determining the users permissions on files / folders? Or merely the ability to write to ini files? Numerous scripting languages support the easy ability to read / write from ini file structures. Neil > -----Original Message----- > From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx] > Sent: 17 April 2003 13:36 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: OT: Script Gurus? > > Or he could just use http://thethin.net/iniwrite.zip > > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On > Behalf Of Braebaum, Neil > Sent: Thursday, April 17, 2003 6:09 AM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: OT: Script Gurus? > > Comments inline... > > > -----Original Message----- > > From: TheThin [mailto:TheThin@xxxxxxxxxxxxxxxxxxxxx] > > Sent: 16 April 2003 23:25 > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] OT: Script Gurus? > > > > I am writing a script to edit an INI file on login. > Basically, I want > > to scan a list of directories and if the user has access to the > > directory put an entry in the .ini file for it. I have everything > > worked out except for the ability to tell whether the user > has access > > to the directory (ironically, I thought that would be the > easy part). > > > > Currently I have permissions set so that user JQPublic > cannot see the > > file h:\point\lithonia\active\folder.ini . > > Can you be a bit more specific about the DACLs you've set? > When you say "cannot see" do you mean they shouldn't have any > access to the files? Or merely that they should be hidden? > > > In fact, JQPublic cannot see anything under the lithonia folder at > > all. I have verified this with a dos based "if exist" > statement, and > > also dir commands, and cd commands. JQPublic cannot see the > > "folder.ini" file, and cannot even see the > "h:\point\lithonia\active" > > directory. He cannot change into this directory, and if he > does a dir > > on h:\point\lithonia he gets a blank directory. > > > > Yet my vbscript issuing the following commands, sees the file > > everytime: > > > > sFolder=3Dh:\point\lithonia\active\folder.ini > > If (fso.FileExists(sFolder)) Then > > wscript.echo sFolder & " Exists and can be read" > > > > If I can't use the fso.FileExists property, is there > another method to > > tell whether a user can access a file with vbscript? > > To be accurate / pedantic, you are not merely using vbscript, > here, you are accessing aspects of WSH, through vbscript. > > Such things like this, have to be provided by a scripting > host environment, as opposed to a vbscript interpreter. > > > Also, this would seem to be a security hole > > (albeit minor). > > Could you be more specific about exactly how you've gone > about hiding / restricting these files / folders, before we > get into claims about security holes? > > > In that using a simple vbscript, an attacker > > could guess whether certain files exist and map a directory > structure > > through trial and error for things he shouldn't be able to see. > > That does rather depend on how the "shoudn't be able to see" > is implemented, though. More clarification, please. *********************************************************************** This e-mail and its attachments are intended for the above named recipient(s) only and are confidential and may be privileged. If they have come to you in error you must take no action based on them, nor must you copy or disclose them or any part of their contents to any person or organisation; please notify the sender immediately and delete this e-mail and its attachments from your computer system. Please note that Internet communications are not necessarily secure and may be changed, intercepted or corrupted. We advise that you understand and observe this lack of security when e-mailing us and we will not accept any liability for any such changes, interceptions or corruptions. Although we have taken steps to ensure that this e-mail and its attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. Copyright in this e-mail and attachments created by us belongs to Littlewoods. Littlewoods takes steps to prohibit the transmission of offensive, obscene or discriminatory material. If this message contains inappropriate material please forward the e-mail intact to postmaster@xxxxxxxxxxxxxxxxx and it will be investigated. Statements and opinions contained in this e-mail may not necessarily represent those of Littlewoods. Please note that e-mail communication may be monitored. Registered office: Littlewoods Retail Limited, Sir John Moores Building, 100 Old Hall Street, Liverpool, L70 1AB Registered no: 421258 http://www.littlewoods.com *********************************************************************** ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm