- This topic has 3 replies, 2 voices, and was last updated 2 weeks, 5 days ago by
June 17, 2020 at 4:12 pm #236281ParticipantTopics: 1Replies: 1Points: 14Rank: Member
I want to create a script from Domain Controller that gives permission to a specific user to folders situated on a File Server.
My domain controller name is DC01, my File Server is FileServer01
I want to give access to two folders with paths:
“s:\data\project01” and “s:\data\project01\2020”
“s:\data” has the resource manager quota and all the subfolders.
I want to assign to “s:\data\project01” read/write permission to “user1″
and to”s:\data\project01\2020” just read permission to “user1”
I have create this script:
$cim=New-CimSession -ComputerName FileServer01
Grant-Fileshareacces -Name “2020” -AccessRight Read -AccountName “user1” -CimSession $cim
It doesn’t work because even if it is a file share server and every folders has got a share path like \\FileServer01\data\project01\2020 to be able to see the folders when I run the command:
Get-smbshare -CimSession $cim
I have to go on the folder and click advanced share and tick the box.Otherwise the only folder that I can see with Get-smbshare is “s:\data”.
Anyone has any idea or examples to how to address this task?
June 18, 2020 at 1:41 am #236422ParticipantTopics: 3Replies: 417Points: 1,462Rank: Community Hero
When you post code, error messages, sample data or console output format it as code, please.
In the “Text” view you can use the code tags “PRE“, in the “Visual” view you can use the format template “Preformatted“. You can go back edit your post and fix the formatting – you don’t have to create a new one.
Thanks in advance.
We need to distinguish between share permissions and filesystem permissions.
Share permissions are set on the host of the folder\share under properties > sharing tab. Grant-Fileshareaccess or Grant-SMBShareAccess are able to work with shared folders, any that you see in the output of Get-SMBShare (accept hidden admin shares, of course.) Any subfolders of that share, may or may not be shares themselves, you’ll have to look. If they are not, the user will still need read access on that share to be able to navigate through that share path to the subfolders.
Filesystem permissions are set on the host of the folder that’s shared under properties > security. The user needs to have read permissions on the folder that’s shared in order to be able to open the shared folder as well as modify to write to it. Even if they have full permissions in share permissions, they won’t be able to write without the filesystem permissions.
Change your command to point at the actual share name for user1. That will control whether they can get into that share or any children or not (granted they have the filesystem permissions)
I hope this helps.
June 18, 2020 at 4:22 am #236455ParticipantTopics: 1Replies: 1Points: 14Rank: Member
- From Grant-FileShareAccess -Name “2020” -AccessRight Full -AccountName “mmay” -CimSession $cim
-FileShareAccess : fileserver01: No MSFT_FileShare objects found with property 'Name' equal to '2020'. Verify the value of the property and retry. At C:\Users\Administrator\Documents\Untitled1.ps1:4 char:1 + Grant-FileShareAccess -Name "2020" -AccessRight Full -AccountNam ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (2020:String) [Grant-FileShareAccess], CimJobE xception + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Grant-FileShareAccess + PSComputerName : fileserver01
- From Get-Smbshare -CimSession $cim
Name ScopeName Path Description PSComputerName
—- ——— —- ———– ————–
project01 * S:\data\project01 fileserver01
ADMIN$ * C:\Windows Remote Admin fileserver01
C$ * C:\ Default share fileserver01
IPC$ * Remote IPC fileserver01
1819 * S:\data\project01\1819 f. ileserver01
S$ * S:\ Default share fileserver01
data * S:\data fileserver01
1819 is the folder that I have manually shared on Propertie—>Sharing—>Advanced Sharing–>Box Share this folder. (I don’t want to do that)
At the moment I am doing this process manually right click on the folder –> share with Specific People The user that I want to add to that specific folder is there in the window than I click on share.
- This reply was modified 2 weeks, 6 days ago by caphix51.
June 18, 2020 at 10:13 am #236545ParticipantTopics: 3Replies: 417Points: 1,462Rank: Community Hero
So your command would be
Grant-FileShareAccess -Name "1819" -AccessRight Full -AccountName "mmay" -CimSession $cim
Where are you even getting the name “2020”?
And if you don’t want to manually create the share, why not look at New-SMBShare?
- You must be logged in to reply to this topic.