Chapter 5. Programmatic Group ManipulationManaging groups and group membership is typically the core operation for administrators tasked with managing file system security. With Visual Basic, you can use methods of the IADsGroup and IADsUser interfaces to query and manipulate groups in the Windows NT namespace. By employing the code segments in this chapter, you can also access the SAM to create applications that use the default authentication and access control mechanisms for managing Windows NT security. Using this system is more desirable than using JET (MS_Access) databases, the Registry, or other insecure data stores to house application security information. In addition to basic group-membership manipulation, this chapter will explore a proven best-practice method for managing file system security when you require extremely granular access to the files and directories that make up the structure of an NT File System (NTFS) partition. You will also continue the creation of the NTAdmin.DLL COM server application you started in Chapter 3, "Container Enumeration Methods and Programmatic Domain Account Policy Manipulation." |
Top |