Лабораторная работа №3 Учетные записи и разрешения в Windows
Часть 1. Создание учетных записей, групп и установка разрешений с использованием стандартных утилит Windows
1. Под учетной записью Администратор создайте учетные записи ограниченного типа: User1, User2. Затем создайте следующие папки:
- D:\Public;
- D:\Public\Data.
2. Определите разрешения по умолчанию для папки Public. Для этого войдите в систему, используя учетную запись User1 и в папке Public создайте текстовый документ file1. Затем попытайтесь выполнить следующие операции с созданным файлом:
- открытие файла;
- изменение файла;
- удаление файла.
Какие действия удалось совершить успешно и почему?
После этого в папке Public создайте текстовый документ file2 и войдя в систему, используя учетную запись User2 попытайтесь снова выполнить те-же самые операции над созданным файлом. Какие действия удалось совершить успешно и почему?
3. Войдите в систему под учетной записью Администратор и для папки Public установите разрешение Полный доступ (Full Control) для пользователя User2. Затем войдите в систему под учетной записью User2 и попытайтесь изменить и удалить file2. Какие действия вы смогли совершить и почему?
4. Создайте файлы в папке Public\Data и проверьте какие разрешения наследуются иерархически.
5. Создайте локальную группу Students и добавьте в нее пользователей User1, User2.
6. Сделайте общей папку Public. Группе Students назначьте разрешение Чтение (Read) на доступ к общей папке Public и разрешение NTFS Полный доступ (Full Control) на доступ к подпапке Data. Какие разрешения группы Students будут действовать при получении доступа к подпапке Data путем установки соединения с общей папкой Public?
Часть 2. Работа с учетными записями с использованием wmi
Создайте скрипт на языке VBScript который выполняет следующие действия:
Определить имя компьютера.
Определить какой рабочей группе или какому домену принадлежит компьютер.
Определить какую роль играет компьютер в домене или в рабочей группе (например, сервер, рабочая станция…)
Переименовать компьютер.
Определить имя пользователя, который в текущий момент работает с компьютером.
Определить все локальные рабочие группы к которым принадлежит текущий пользователь.
Справочная информация
Класс Win32_ComputerSystem
Методы
В классе Win32_ComputerSystem определены следующие методы.
Метод |
Описание |
JoinDomainOrWorkgroup |
Добавляет компьютер к домену или рабочей группе. |
Rename |
Переименовывает локальный компьютер. |
UnjoinDomainOrWorkgroup |
Удаляет компьютер из домена или рабочей группы. |
Свойства
В классе Win32_ComputerSystem определены следующие основные свойства.
BootupState - System is started. Fail-safe boot bypasses the user startup files—also called SafeBoot.
The following list contains the required values:
"Normal boot"
"Fail-safe boot"
"Fail-safe with network boot"
Caption - Short description of the object—a one-line string. This property is inherited from CIM_ManagedSystemElement.
ChassisBootupState - Boot up state of the chassis.
Значение |
Описание |
1 (0x1) |
Other |
2 (0x2) |
Unknown |
3 (0x3) |
Safes |
4 (0x4) |
Warning |
5 (0x5) |
Critical |
6 (0x6) |
Nonrecoverable |
CurrentTimeZone - Qualifiers: Units(Minutes)
Amount of time the unitary computer system is offset from Coordinated Universal Time (UTC).
DNSHostName - Name of local computer according to the domain name server (DNS). Windows XP and Windows 2000: This property is not available.
Domain- Name of the domain to which a computer belongs.
Note If the computer is not part of a domain, then the name of the workgroup is returned.
DomainRole - Role of a computer in an assigned domain workgroup. A domain workgroup is a collection of computers on the same network. For example, a DomainRole property may show that a computer is a member workstation. This property is inherited from CIM_ManagedSystemElement.
Значение |
Описание |
0 (0x0) |
Standalone Workstation |
1 (0x1) |
Member Workstation |
2 (0x2) |
Standalone Server |
3 (0x3) |
Member Server |
4 (0x4) |
Backup Domain Controller |
5 (0x5) |
Primary Domain Controller |
EnableDaylightSavingsTime - Enables daylight savings time (DST) on a computer. A value of True indicates that the system time changes to an hour ahead or behind when DST starts or ends. A value of False indicates that the system time does not change to an hour ahead or behind when DST starts or ends. A value of NULL indicates that the DST status is unknown on a system.
InitialLoadInfo - Data required to find the initial load device or boot service to request that the operating system start up. This property is inherited from CIM_UnitaryComputerSystem.
InstallDate - Object is installed. An object does not need a value to indicate that it is installed. This property is inherited from CIM_ManagedSystemElement.
KeyboardPasswordStatus - System hardware security settings for Keyboard Password Status.
Значение |
Описание |
0 (0x0) |
Disabled |
1 (0x1) |
Enabled |
2 (0x2) |
Not Implemented |
3 (0x3) |
Unknown |
LastLoadInfo - Array entry of the InitialLoadInfo property that contains the data to start the loaded operating system. This property is inherited from CIM_UnitaryComputerSystem.
Manufacturer - Name of a computer manufacturer.
Example: Adventure Works
Model - Product name that a manufacturer gives to a computer. This property must have a value.
Name - Key of a CIM_System instance in an enterprise environment. This property is inherited from CIM_ManagedSystemElement.
NameFormat - Computer system Name value that is generated automatically. The CIM_ComputerSystem object and its derivatives are top-level objects of the Common Information Model (CIM). They provide the scope for several components. Unique CIM_System keys are required, but you can define a heuristic to create the CIM_ComputerSystem name that generates the same name, and is independent from the discovery protocol. This prevents inventory and management problems when the same asset or entity is discovered multiple times, but cannot be resolved to one object. Using a heuristic is recommended, but not required.
The heuristic is outlined in the CIM V2 Common Model specification, and assumes that the documented rules are used to determine and assign a name. The NameFormat values list defines the order to assign a computer system name. Several rules map to the same value.
The CIM_ComputerSystem Name value that is calculated using the heuristic is the key value of the system. However, use aliases to assign a different name for CIM_ComputerSystem, which can be more unique to your company. This property is inherited from CIM_System.
The following list identifies the values for this property.
"IP"
"Dial"
"HID"
"NWA"
"HWA"
"X25"
"ISDN"
"IPX"
"DCC"
"ICD"
"E.164"
"SNA"
"OID/OSI"
"Other"
NetworkServerModeEnabled - If True, the network Server Mode is enabled.
NumberOfLogicalProcessors - Number of logical processors available on the computer. You can use NumberOfLogicalProcessors and NumberOfProcessors to determine if the computer is hyperthreading. For more information, see Remarks. Windows Server 2003, Windows XP, and Windows 2000: This property is not available.
NumberOfProcessors - Number of physical processors currently available on a system. This is the number of enabled processors for a system, which does not include the disabled processors. If a computer system has two physical processors each containing two logical processors, then the value of NumberOfProcessors is 2 and NumberOfLogicalProcessors is 4. The processors may be multicore or they may be hyperthreading processors. For more information, see Remarks. Windows Server 2003, Windows XP, and Windows 2000: Because the umberOfLogicalProcessors property is not available, NumberOfProcessors indicates the number of logical processors available in the system. In the case of a computer system that has two physical processors each containing two logical processors, the value of NumberOfProcessors is 4.
OEMLogoBitmap - List of data for a bitmap that the original equipment manufacturer (OEM) creates.
OEMStringArray - List of free-form strings that an OEM defines. For example, an OEM defines the part numbers for system reference documents, manufacturer contact information, and so on.
PartOfDomain - If True, the computer is part of a domain. If the value is NULL, the computer is not in a domain or the status is unknown. If you unjoin the computer from a domain, the value becomes false. Windows 2000 and Windows NT: This property is not available.
PauseAfterReset - Qualifiers: Units(Milliseconds)
Time delay before a reboot is initiated—in milliseconds. It is used after a system power cycle, local or remote system reset, and automatic system reset. A value of –1 (minus one) indicates that the pause value is unknown.
PCSystemType - Type of the computer in use, such as laptop, desktop, or Tablet.
Windows Server 2003, Windows XP, Windows 2000, Windows NT 4.0, and Windows Me/98/95: This property is not available.
Значение |
Описание |
0 (0x0) |
Unspecified |
1 (0x1) |
Desktop |
2 (0x2) |
Mobile |
3 (0x3) |
Workstation |
4 (0x4) |
Enterprise Server |
5 (0x5) |
Small Office and Home Office (SOHO) Server |
6 (0x6) |
Appliance PC |
7 (0x7) |
Performance Server |
8 (0x8) |
Maximum |
PowerManagementCapabilities - Array of the specific power-related capabilities of a logical device. This property is inherited from CIM_LogicalDevice.
Значение |
Описание |
0 (0x0) |
Unknown |
1 (0x1) |
Not Supported |
2 (0x2) |
Disabled |
3 (0x3) |
Enabled The power management features are currently enabled, but the exact feature set is unknown or the information is unavailable. |
4 (0x4) |
Power Saving Modes Entered Automatically The device can change its power state based on usage or other criteria. |
5 (0x5) |
Power State Settable The SetPowerState method is supported. This method is found on the parent CIM_LogicalDevice class and can be implemented. For more information, see Designing Managed Object Format (MOF) Classes. |
6 (0x6) |
Power Cycling Supported The SetPowerState method can be invoked with the PowerState parameter set to 5 (Power Cycle). |
7 (0x7) |
Timed Power-On Supported The SetPowerState method can be invoked with the PowerState parameter set to 5 (Power Cycle) and Time set to a specific date and time, or interval, for power-on. |
PowerManagementSupported - If True, device can be power-managed, for example, a device can be put into suspend mode, and so on. This property does not indicate that power management features are enabled currently, but it does indicate that the logical device is capable of power management. This property is inherited from CIM_UnitaryComputerSystem.
PowerState - Current power state of a computer and its associated operating system. The power saving states have the following values: Value 4 (Unknown) indicates that the system is known to be in a power save mode, but its exact status in this mode is unknown; 2 (Low Power Mode) indicates that the system is in a power save state, but still functioning and may exhibit degraded performance; 3 (Standby) indicates that the system is not functioning, but could be brought to full power quickly; and 7 (Warning) indicates that the computer system is in a warning state and a power save mode. This property is inherited from CIM_UnitaryComputerSystem.
Значение |
Описание |
0 (0x0) |
Unknown |
1 (0x1) |
Full Power |
2 (0x2) |
Power Save - Low Power Mode |
3 (0x3) |
Power Save - Standby |
4 (0x4) |
Power Save - Unknown |
5 (0x5) |
Power Cycle |
6 (0x6) |
Power Off |
7 (0x7) |
Power Save - Warning |
PowerSupplyState - State of the power supply or supplies when last booted. The following list identifies the values for this property.
Значение |
Описание |
1 (0x1) |
Other |
2 (0x2) |
Unknown |
3 (0x3) |
Safe |
4 (0x4) |
Warning |
5 (0x5) |
Critical |
6 (0x6) |
Nonrecoverable |
PrimaryOwnerContact - Contact information for the primary system owner, for example, phone number, e-mail address, and so on. This property is inherited from CIM_System.
PrimaryOwnerName - Name of the primary system owner. This property is inherited from CIM_System.
ResetCapability - If enabled, the value is 4 and the unitary computer system can be reset using the power and reset buttons. If disabled, the value is 3, and a reset is not allowed. This property is inherited from CIM_UnitaryComputerSystem.
Значение |
Описание |
1 (0x1) |
Other |
2 (0x2) |
Unknown |
3 (0x3) |
Disabled |
4 (0x4) |
Enabled |
5 (0x5) |
Nonrecoverable |
ResetCount - Number of automatic resets since the last reset. A value of –1 (minus one) indicates that the count is unknown.
ResetLimit - Number of consecutive times a system reset is attempted. A value of –1 (minus one) indicates that the limit is unknown.
Roles - List that specifies the roles of a system in the information technology environment. This property is inherited from CIM_System.
Status - Qualifiers: MaxLen(10)
Current status of an object. Various operational and nonoperational statuses can be defined. Operational statuses include: OK, Degraded, and Pred Fail, which is an element such as a SMART-enabled hard disk drive that may be functioning properly, but predicts a failure in the near future. Nonoperational statuses include: Error, Starting, Stopping, and Service, which can apply during mirror-resilvering of a disk, reloading a user permissions list, or other administrative work. Not all status work is online, but the managed element is not OK or in one of the other states. This property is inherited from CIM_ManagedSystemElement.
The following list identifies the values for this property.
"OK"
"Error"
"Degraded"
"Unknown"
"Pred Fail"
"Starting"
"Stopping"
"Service"
SupportContactDescription - List of the support contact information for the Windows operating system.
SystemStartupDelay - Qualifiers: Units(Seconds)
Time to delay before starting the Windows operating system—in seconds. Beginning with Windows Vista, SystemStartupDelay is obsolete because Boot.ini is not used to configure system startup. Instead, use the BCD classes supplied by the Boot Configuration Data (BCD) WMI provider or the Bcdedit command. Windows Server 2003, Windows XP, and Windows 2000: This property is available and supported. You can use SystemStartupDelay, with SystemStartupSetting and SystemStartupOptions to modify Boot.ini system startup settings.
SystemStartupOptions - List of the options for starting up the coumputer system running Windows. This property must have a value. Beginning with Windows Vista, SystemStartupOptions is obsolete because Boot.ini is not used to configure system startup. Instead, use the BCD classes supplied by the Boot Configuration Data (BCD) WMI provider or the Bcdedit command. Windows Server 2003, Windows XP, and Windows 2000: This property is available and supported. You can use SystemStartupOptions, with SystemStartupSetting and SystemStartupDelay to modify Boot.ini system startup settings.
SystemStartupSetting - Index of the default startup profile. This value is calculated so that it usually returns 0 (zero), because at write-time the profile string is physically moved to the top of the list, which is how Windows NT determines the default value. Beginning with Windows Vista, SystemStartupSetting is obsolete because Boot.ini is not used to configure system startup. Instead, use the BCD classes supplied by the Boot Configuration Data (BCD) WMI provider or the Bcdedit command. Windows Server 2003, Windows XP, and Windows 2000: This property is available and supported. You can use SystemStartupSetting, with SystemStartupDelay and SystemStartupOptions to modify Boot.ini system startup settings.
SystemType - System running on the Windows-based computer. This property must have a value.
The following list identifies the values for this property.
"X86-based PC"
"MIPS-based PC"
"Alpha-based PC"
"Power PC"
"SH-x PC"
"StrongARM PC"
"64-bit Intel PC"
"64-bit Alpha PC"
"Unknown"
"X86-Nec98 PC"
ThermalState - Thermal state of the system when last booted.
Значение |
Описание |
1 (0x1) |
Other |
2 (0x2) |
Unknown |
3 (0x3) |
Safe |
4 (0x4) |
Warning |
5 (0x5) |
Critical |
6 (0x6) |
Nonrecoverable |
TotalPhysicalMemory - Qualifiers: Units(Bytes)
Total size of physical memory. Be aware that, under some circumstances, this property may not return an accurate value for the physical memory. For example, it is not accurate if the BIOS is using some of the physical memory. For an accurate value, use the Capacity property in Win32_PhysicalMemory instead.
UserName - Name of a user that is logged on currently. This property must have a value. In a terminal services session, UserName returns the name of the user that is logged on to the console—not the user logged on during the terminal service session.
WakeUpType - Event that causes the system to power up.
Значение |
Описание |
0 (0x0) |
Reserved |
1 (0x1) |
Other |
2 (0x2) |
Unknown |
3 (0x3) |
APM Timer |
4 (0x4) |
Modem Ring |
5 (0x5) |
LAN Remote |
6 (0x6) |
Power Switch |
7 (0x7) |
PCI PME# |
8 (0x8) |
AC Power Restored |
Workgroup - Name of the workgroup for this computer. If the value of the PartOfDomain property is False, then the name of the workgroup is returned. Windows 2000 and Windows NT: This property is not available.
Класс Win32_Group
Методы
В классе Win32_Group определены следующие методы.
Метод |
Описание |
Rename |
Изменение имени группы. |
Свойства
В классе Win32_Group определены следующие свойства.
Caption - Short description of the object—a one-line string.
Description - Description of the object.
Domain - Name of the Windows domain to which the group account belongs.
InstallDate - Object was installed. This property does not require a value to indicate that the object is installed.
LocalAccount- Defined on the local computer. To retrieve only accounts defined on the local computer, create a query that includes the condition LocalAccount=TRUE . Windows 2000 and Windows NT 4.0: This property is not available.
Name- Name of the Windows group account on the domain specified by the Domain property of this class.
SID -Security identifier (SID) for this account. An SID is a string value of variable length used to identify a trustee. Each account has a unique SID issued by an authority, such as a Windows domain, stored in a security database. When a user logs on, the system retrieves the user SID from the database and places it in the user access token. The system uses the SID in the user access token to identify the user in all subsequent interactions with Windows security. When an SID has been used as the unique identifier for a user or group, it cannot be used again to identify another user or group.
SIDType - Enumerated values that specify the type of security identifier (SID).
Значение |
Описание |
1 |
SidTypeUser |
2 |
SidTypeGroup |
3 |
SidTypeDomain |
4 |
SidTypeAlias |
5 |
SidTypeWellKnownGroup |
6 |
SidTypeDeletedAccount |
7 |
SidTypeInvalid |
8 |
SidTypeUnknown |
9 |
SidTypeComputer |
Status - Current status of the object. Various operational and nonoperational statuses can be defined. Operational statuses include: "OK", "Degraded", and "Pred Fail" (an element, such as a SMART-enabled hard disk drive, may be functioning properly, but predicting a failure in the near future). Nonoperational statuses include: "Error", "Starting", "Stopping", and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is online, yet the managed element is neither "OK" nor in one of the other states.
The values are:
"OK"
"Error"
"Degraded"
"Unknown"
"Pred Fail"
"Starting"
"Stopping"
"Service"
"Stressed"
"NonRecover"
"No Contact"
"Lost Comm"