File System Provider::CopyFile

This procedure copies files from a source directory to a destination directory. It contains an option to set security and attributes for the copied files, as well as an option to overwrite copied files. It is used by Microsoft Provisioning Framework (MPF).

Arguments

Input Arguments

The following table describes the XML elements and attributes. Unless otherwise indicated, the data type is string.

Input Argument Required Description

<fileName> Yes Name of the file to copy.

<sourcePath> Yes Path of the directory to copy from.

<destPath> Yes Path of the target directory for the copy operation.

<newName> No Name of the new file.

Empty element with one optional attribute that further refine the copy operation.

replace:Enumeration ("true" or "false") that specifies whether the copy overwrites existing files in the destination directory. The default value is "false".

Encapsulates miscellaneous properties of the copied file. It has four optional attributes.

encompress:Enumeration ("encrypt", "compress", "decrypt", or "uncompress").
hidden:Enumeration ("true" or "false") that specifies whether the copied file is hidden. The default value is "false".
indexing:Enumeration ("true" or "false) that specifies whether an indexing service is allowed to index the copied file. The default value is "false".
readOnly:Enumeration ("true" or "false") that specifies whether the copied file is read-only. The default value is "false".

<security>/<acl>/<ace> No Access control elements (ACEs) for the copied file.

Value containing standard, specific, and generic rights. These rights are used in ACEs and are the primary means of specifying the requested or granted access to an object. This value can be either a number or string from any of the following tables. Multiple permission elements can be concatenated by a bitwise OR to create a single value.

Standard and generic permissions (ACCESS_MASK):

0x00010000L	DELETE	Delete access
0x00020000L	READ_CONTROL	Read access to the owner, group, and DACL of the security descriptor
0x00040000L	WRITE_DAC	Write access to the DACL
0x00080000L	WRITE_OWNER	Write access to owner
0x00100000L	SYNCHRONIZE	Microsoft® Windows NT® and Windows® 2000: Synchronize access
0x01000000L	ACCESS_SYSTEM_SECURITY	Access system security (ACCESS_SYSTEM_SECURITY). This flag is not a typical access type. It is used to indicate access to a SACL. This type of access requires the calling process to SE_SECURITY_NAME (Manage auditing and security log) privilege. If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.
0x02000000L	MAXIMUM_ALLOWED	Maximum allowed
0x10000000L	GENERIC_ALL	Generic all
0x20000000L	GENERIC_EXECUTE	Generic execute
0x40000000L	GENERIC_WRITE	Generic write
0x80000000L	GENERIC_READ	Generic read

Active Directory permissions (ADS_RIGHTS_ENUM):

0x1	ADS_RIGHT_DS_CREATE_CHILD	The right to create children of the object. The ObjectType member of an ACE can contain a GUID that identifies the type of child object whose creation is being controlled. If ObjectType does not contain a GUID, the ACE controls the creation of all child object types.
0x2	ADS_RIGHT_DS_DELETE_CHILD	The right to delete children of the object. The ObjectType member of an ACE can contain a GUID that identifies a type of child object whose deletion is being controlled. If ObjectType does not contain a GUID, the ACE controls the deletion of all child object types.
0x4	ADS_RIGHT_ACTRL_DS_LIST	The right to list children of this object.
0x8	ADS_RIGHT_DS_SELF	The right to modify the group membership of a group object.
0x10	ADS_RIGHT_DS_READ_PROP	The right to read properties of the object. The ObjectType member of an ACE can contain a GUID that identifies a property set or property. If ObjectType does not contain a GUID, the ACE controls the right to read all of the object's properties.
0x20	ADS_RIGHT_DS_WRITE_PROP	The right to write properties of the object. The ObjectType member of an ACE can contain a GUID that identifies a property set or property. If ObjectType does not contain a GUID, the ACE controls the right to write all of the object's properties.
0x40	ADS_RIGHT_DS_DELETE_TREE	The right to delete all children of this object, regardless of the permission on the children.
0x80	ADS_RIGHT_DS_LIST_OBJECT	The right to list an object. If the user is not granted such a right, the object is hidden from the user.
0x100	ADS_RIGHT_DS_CONTROL_ACCESS	The right to perform an operation controlled by an extended access right. The ObjectType member of an ACE can contain a GUID that identifies the extended right. If ObjectType does not contain a GUID, the ACE controls the right to perform all extended right operations associated with the object.
0x10000	ADS_RIGHT_DELETE	The right to delete the object.
0x20000	ADS_RIGHT_READ_CONTROL	The right to read information from the security descriptor of the object, not including the information in the SACL.
0x40000	ADS_RIGHT_WRITE_DAC	The right to modify the DACL in the object's security descriptor.
0x80000	ADS_RIGHT_WRITE_OWNER	The right to assume ownership of the object. The user must be a trustee of the object. The user cannot transfer the ownership to other users.
0x100000	ADS_RIGHT_SYNCHRONIZE	The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state.
0x1000000	ADS_RIGHT_ACCESS_SYSTEM_SECURITY	The right to get or set the SACL in the object's security descriptor.
0x10000000	ADS_RIGHT_GENERIC_ALL	The right to create or delete children, delete a subtree, read and write properties, examine children and the object itself, add and remove the object from the directory, and read or write with an extended right.
0x20000000	ADS_RIGHT_GENERIC_EXECUTE	The right to list children of this object.
0x40000000	ADS_RIGHT_GENERIC_WRITE	The right to write all the properties and write to the DACL. The user can add and remove the object to and from the directory.
0x80000000	ADS_RIGHT_GENERIC_READ	The right to read from the security descriptor, examine the object as well as its children, and read all properties.

Registry permissions:

0x0001	KEY_QUERY_VALUE	Permission to query subkey data.
0x0002	KEY_SET_VALUE	Permission to set subkey data.
0x0004	KEY_CREATE_SUB_KEY	Permission to create subkeys.
0x0008	KEY_ENUMERATE_SUB_KEYS	Permission to enumerate subkeys.
0x0010	KEY_NOTIFY	Permission for change notification.
0x0020	KEY_CREATE_LINK	Permission to create a symbolic link.
0x20006	KEY_WRITE	Combines the READ_CONTROL, KEY_SET_VALUE, and KEY_CREATE_SUB_KEY access rights.
0x20019	KEY_EXECUTE	Permission for read access.
0x20019	KEY_READ	Combines the READ_CONTROL, KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY access rights.
0xF003F	KEY_ALL_ACCESS	Combines the KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY, KEY_CREATE_SUB_KEY, KEY_CREATE_LINK, and KEY_SET_VALUE access rights, plus all the standard access rights except SYNCHRONIZE.

File system permissions:

0x0001	FILE_LIST_DIRECTORY, FILE_READ_DATA	Right to read data from a file. For a directory, the right to list the contents of a directory.
0x0002	FILE_WRITE_DATA	Right to write data to a file. For a directory, the right to create a file in a directory.
0x0004	FILE_ADD_SUBDIRECTORY, FILE_APPEND_DATA	Right to append data to the file. For a directory, the right to create a subdirectory.
0x0008	FILE_READ_EA	Right to read extended attributes.
0x0010	FILE_WRITE_EA	Right to write extended attributes.
0x0020	FILE_EXECUTE	Right to execute a program.
0x0020	FILE_TRAVERSE	Right to execute a file. For a directory, the directory can be traversed.
0x0040	FILE_DELETE_CHILD	For a directory, the right to delete a subdirectory.
0x0080	FILE_READ_ATTRIBUTES	Right to read file attributes.
0x0100	FILE_WRITE_ATTRIBUTES	Right to write file attributes.
0x120089	FILE_GENERIC_READ	Combination of permissions.
0x1200A0	FILE_GENERIC_EXECUTE	Combination of permissions.
0x120116	FILE_GENERIC_WRITE	Combination of permissions.

<mode>

Indicates whether the DACL or SACL allows or denies the specified access rights.

1	GRANT_ACCESS	The new ACE combines the specified rights with any existing allowed or denied rights of the trustee.
2	SET_ACCESS	On input, this flag discards any matching access-control information for the trustee and adds the new ACE. See REVOKE_ACCESS for limitations on what is discarded.
3	DENY_ACCESS	On input, this flag denies the specified rights in addition to any currently denied rights of the trustee. It also modifies or deletes any existing access-control information for the trustee that allows the specified rights.
4	REVOKE_ACCESS	An input flag that removes matching access-control information for the trustee. When modifying an existing DACL or SACL, specify REVOKE_ACCESS to remove any existing ACEs for the specified trustee. However, note that the operating system typically converts generic permissions to specific ones. Use GetFileAttributes to generate a list of all specific permissions, then SetFileAttributes to revoke individual permissions.

Type of value in the trustee node. Specifies a value from the following TRUSTEE_FORM enumeration. If an objectTypeName or inheritedObjectTypeName is supplied, it should be either TRUSTEE_IS_OBJECTS_AND_NAME or TRUSTEE_IS_OBJECTS_AND_SID.

0	TRUSTEE_IS_SID	trustee is the SID of the trustee.
1	TRUSTEE_IS_NAME	trustee is the name of the trustee.
3	TRUSTEE_IS_OBJECTS_AND_SID	trustee is the SID of the trustee and either objectTypeName or inheritedObjectTypeName is supplied.
4	TRUSTEE_IS_OBJECTS_AND_NAME	trustee is the name of the trustee and either objectTypeName or inheritedObjectTypeName is supplied.

Identifies the user, group, or program (such as a Microsoft® Win32® service) to which the ACE applies. Can be either a sAMAccountName, LDAP path or security identifier (SID), depending on the value for the trusteeForm node. For TRUSTEE_IS_NAME or TRUSTEE_IS_OBJECTS_AND_NAME, trustee should be a valid sAMAccountName. For TRUSTEE_IS_SID or TRUSTEE_IS_OBJECTS_AND_SID, trustee must be a SID or LDAP path. If trustee begins with "LDAP://", the procedure assumes it is an LDAP path; otherwise, the procedure assumes trustee is a SID in string format. For LDAP path, the procedure gets the objectSid of the object and stores the SID.

Note: sAMAccountName cannot be longer than 20 characters. See SAM-Account-Name Attribute for more information.

Indicates whether the trustee is a user account, a group account, or the account type is unknown. Specifies a value from the TRUSTEE_TYPE enumeration. The default is TRUSTEE_IS_UNKNOWN.

0	TRUSTEE_IS_UNKNOWN	Trustee type is unknown, but not necessarily invalid.
1	TRUSTEE_IS_USER	Indicates a user.
2	TRUSTEE_IS_GROUP	Indicates a group.
3	TRUSTEE_IS_DOMAIN	Indicates an Active Directory or Windows NT domain.
4	TRUSTEE_IS_ALIAS	Indicates an alias.
5	TRUSTEE_IS_WELL_KNOWN_GROUP	Indicates a well-known group.
6	TRUSTEE_IS_DELETED	Indicates a deleted account.
7	TRUSTEE_IS_INVALID	Indicates an invalid trustee type.
8	TRUSTEE_IS_COMPUTER	Indicates a computer.

Set of bit flags that determines whether other containers or objects can inherit the access control entry (ACE) from the primary object to which the DACL or SACL is attached. This value can be either a number or an AceFlags string (See the following AceFlags table).

The value for this element corresponds to the inheritance portion (low-order byte) of the AceFlags member of the ACE_HEADER structure. This parameter can be NO_INHERITANCE to indicate that the ACE is not inheritable, or it can be a combination of the values from the AceFlags table following the sample code. An ace parent can have multiple inheritance elements whose values are concatenated by a bitwise OR to build a single inheritance value.

The following example creates an ACE with an inheritance value of 3.

<ace>
  <inheritance>SUB_OBJECTS_ONLY_INHERIT</inheritance>
  <inheritance>2</inheritance>
</ace>

AceFlags values:

0x0	NO_INHERITANCE	Default. This ACE will not be inherited by other objects.
0x1	SUB_OBJECTS_ONLY_INHERIT	Non-container objects contained by the primary object inherit the ACE.
0x2	SUB_CONTAINERS_ONLY_INHERIT	Other containers contained by the primary object inherit the ACE.
0x3	SUB_CONTAINERS_AND_OBJECTS_INHERIT	Both containers and non-container objects contained by the primary object inherit the ACE.
0x4	INHERIT_NO_PROPAGATE	The SUB_OBJECTS_ONLY_INHERIT and SUB_CONTAINERS_ONLY_INHERIT flags are not propagated to an inherited ACE.
0x8	INHERIT_ONLY	The ACE does not apply to the primary object to which the DACL or SACL is attached, but objects contained by the primary object inherit the ACE.

<objectTypeName> No String that identifies the type of object, property set, or property protected by the ACE. If this ACE is inherited, it identifies the type of object, property set, or property protected by the inherited ACE. If the trusteeForm node is TRUSTEE_IS_OBJECTS_AND_NAME, objectTypeName must be a valid LDAP display name in the Active Directory schema. For TRUSTEE_IS_OBJECTS_AND_SID, this must be an LDAP path or GUID of an extended right. If it begins with "LDAP://", the procedure gets the object and stores the "rightsGUID" of the object. Otherwise, the string must be a GUID string such as "{12345678-1234-1234-1234-123456789abc}". The permission element should be ADS_RIGHT_DS_CONTROL_ACCESS when setting an extended right. There can be at most one of these elements. There is no default value. The procedure will fail if this element exists and trusteeForm is not TRUSTEE_IS_OBJECTS_AND_NAME or TRUSTEE_IS_OBJECTS_AND_SID.

<inheritedObjectTypeName> No Type of objects that can inherit the ACE. If the value for the trusteeForm node is TRUSTEE_IS_OBJECTS_AND_NAME, inheritedObjectTypeName must be a valid lightweight directory access protocol (LDAP) display name in the Microsoft® Active Directory® schema. For TRUSTEE_IS_OBJECTS_AND_SID, this must be an LDAP path or a globally unique identifier (GUID) of an extended right. If it begins with "LDAP://", the procedure gets the object and stores the "rightsGUID" of the object. Otherwise, the string must be a GUID string such as "{12345678-1234-1234-1234-123456789abc}". There is no default value. The procedure will fail if this element exists and trusteeForm is not TRUSTEE_IS_OBJECTS_AND_NAME or TRUSTEE_IS_OBJECTS_AND_SID.

<summary> No Encapsulates summary information on the file to copy.

Encapsulates descriptive attributes of the copied file. It has five optional attributes:

category: Category of the file;
comments: Comments about the file;
keywords: Keywords for searches on the file content;
subject: Subject of the file;
title: Title of the file.

Encapsulates miscellaneous information on the file. It has four optional attributes:

author: Author of the file;
lastSavedBy: Person who last modified the file;
revisionNumber: Revision number of the file;
source: Source of the file.

Remarks

Schema Defination

<executeData>
  <fileName>test.txt</fileName>
  <newName>newtest.txt</newName>
  <sourcePath>c:\MyDir</sourcePath>
  <destPath>\\viraljain\maps</destPath> 
  <controlInfo replace="true"/>
  <properties encompress="compress" readOnly="false" hidden="false" indexing="false"/>
  <security>
	<acl>
	<ace>
		<permission>GENERIC_ALL</permission>
		<mode>GRANT_ACCESS</mode>
		<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
		<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
		<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
		<trustee>BUILTIN\Administrators</trustee>
	</ace>
	</acl>
  </security>
  <summary>
	<description title=".." category=".." subject=".." keywords=".." comments=".."/>
	<origin source=".." author=".." revisionNumber=".." lastSavedBy=".."/>
  </summary>
</executeData>

Sample Code

Applies To