Give Folder permission to user on a File Server from Domain Controller

Welcome Forums General PowerShell Q&A Give Folder permission to user on a File Server from Domain Controller

Viewing 3 reply threads
  • Author
    Posts
    • #236281
      Participant
      Topics: 1
      Replies: 1
      Points: 14
      Rank: Member

      Hi,

      I want to create a script from Domain Controller that gives permission to a specific user to folders situated on a File Server.

      My domain controller name is DC01, my File Server is FileServer01

      I want to give access to two folders with paths:

      “s:\data\project01”  and “s:\data\project01\2020”

       

      “s:\data” has the resource manager quota and all the subfolders.

       

      I want to assign to “s:\data\project01” read/write permission to “user1″

      and to”s:\data\project01\2020” just read permission to “user1”

      I have create this script:

       

         $cim=New-CimSession -ComputerName FileServer01

      Grant-Fileshareacces -Name “2020” -AccessRight Read -AccountName “user1” -CimSession $cim

      It doesn’t work because even if it is a file share server and every folders has got a share path like \\FileServer01\data\project01\2020  to be able to see the folders when I run the command:

      Get-smbshare -CimSession $cim

      I have to go on the folder and click advanced share and tick the box.Otherwise the only folder that I can see with Get-smbshare is “s:\data”.

      Anyone has any idea or examples to how to address this task?

       

      Thanks

       

       

    • #236422
      Participant
      Topics: 3
      Replies: 417
      Points: 1,462
      Helping Hand
      Rank: Community Hero

      Max,

      When you post code, error messages, sample data or console output format it as code, please.
      In the “Text” view you can use the code tags “PRE“, in the “Visual” view you can use the format template “Preformatted“. You can go back edit your post and fix the formatting – you don’t have to create a new one.
      Thanks in advance.

      We need to distinguish between share permissions and filesystem permissions.

      Share permissions are set on the host of the folder\share under properties > sharing tab. Grant-Fileshareaccess or Grant-SMBShareAccess are able to work with shared folders, any that you see in the output of Get-SMBShare (accept hidden admin shares, of course.) Any subfolders of that share, may or may not be shares themselves, you’ll have to look. If they are not, the user will still need read access on that share to be able to navigate through that share path to the subfolders.

      Filesystem permissions are set on the host of the folder that’s shared under properties > security. The user needs to have read permissions on the folder that’s shared in order to be able to open the shared folder as well as modify to write to it. Even if they have full permissions in share permissions, they won’t be able to write without the filesystem permissions.

      Change your command to point at the actual share name for user1. That will control whether they can get into that share or any children or not (granted they have the filesystem permissions)

      I hope this helps.

    • #236455
      Participant
      Topics: 1
      Replies: 1
      Points: 14
      Rank: Member
      • From Grant-FileShareAccess -Name “2020” -AccessRight Full -AccountName “mmay” -CimSession $cim

       

      -FileShareAccess : fileserver01: No MSFT_FileShare objects found with property 'Name' equal to '2020'. Verify the value of the property and retry. At C:\Users\Administrator\Documents\Untitled1.ps1:4 char:1 + Grant-FileShareAccess -Name "2020" -AccessRight Full -AccountNam ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (2020:String) [Grant-FileShareAccess], CimJobE xception + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Grant-FileShareAccess + PSComputerName : fileserver01
      
       
      
      • From Get-Smbshare -CimSession $cim

      Name      ScopeName          Path                Description          PSComputerName
      —-           ———                 —-                     ———–          ————–
      project01      *               S:\data\project01                                    fileserver01
      ADMIN$      *              C:\Windows            Remote Admin           fileserver01
      C$                  *              C:\                            Default share              fileserver01
      IPC$             *                                                 Remote IPC                fileserver01
      1819              *              S:\data\project01\1819                         f.  ileserver01
      S$                  *             S:\                             Default share              fileserver01
      data              *              S:\data                                                              fileserver01

       

      1819 is the folder that I have manually shared on Propertie—>Sharing—>Advanced Sharing–>Box Share this folder.    (I don’t want to do that)

      At the moment I am doing this process manually right click on the folder –> share with Specific People  The user that I want to add to that specific folder is there in the window than I click on share.

      • This reply was modified 2 weeks, 6 days ago by caphix51.
    • #236545
      Participant
      Topics: 3
      Replies: 417
      Points: 1,462
      Helping Hand
      Rank: Community Hero

      So your command would be

      Grant-FileShareAccess -Name "1819" -AccessRight Full -AccountName "mmay" -CimSession $cim
      

      Where are you even getting the name “2020”?

      And if you don’t want to manually create the share, why not look at New-SMBShare?

Viewing 3 reply threads
  • You must be logged in to reply to this topic.