Need help on permission on AdvanceSharing

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Raj A Raj A 6 months, 2 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #36357
    Profile photo of Raj A
    Raj A
    Participant

    Hi All,
    i have create a remove share using powershell and i want to enable everyone to have a "change" permission on the share i have create. I have used the below script to do so. But it is creating permission on the security no on the sharing permission.

    We are using sql 2008, so i can use New-smbshare also. Is there any way to do?

    $acl = Get-Acl \\servername\test
    $permission = "xxxx","Change","Allow"
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl \\servername\test

    #36368
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Get- and Set-ACL don't work with share permissions; they work with file permissions. That's why this isn't working for you. If you're not on 2012 or later, you don't have the SMB commands that would make this easy. I'd consider using the Cacls.exe command for this, instead.

    #36373
    Profile photo of Stein Petersen
    Stein Petersen
    Participant

    Hi

    To set permissions you need to enable both NTFS permissions and the share permissions. Your code apply the NTFS permissions.
    Use the New-SmbShare cmdlet to both create the share and set the share permissions to suit your needs.

    #36413
    Profile photo of Raj A
    Raj A
    Participant

    Jones, thanks for you reply. Yes i found that it won't work with the security. I have found solutions through Win32_trustee,WInt32_ACE and WIn32_securityDescriptor to create share and share permission. Please find the below code. It worked fine for me..

    Thanks all for your quick responses. ..

    Function errMsg($intErr)
    {
    Switch($intErr)
    {
    0 { "Success – Share created" }
    2 { "Access denied – Permission?" }
    8 { "Unknown failure" }
    9 { "Invalid name" }
    10 { "Invalid level" }
    21 { "Invalid parameter" }
    22 { "Duplicate share – Already created" }
    23 { "Redirected path" }
    24 { "Unknown device or directory" }
    25 { "Net name not found" }
    DEFAULT { "$intErr has an Unknown value" }
    }
    $host.PrivateData.ErrorForegroundColor = 'Red'
    }

    #Username/Group to give permissions to
    $trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
    $trustee.Domain = "NT Authority"
    $trustee.Name = "Everyone"

    #Accessmask values
    $fullcontrol = 2032127
    $change = 1245631
    $read = 1179785

    #Create access-list
    $ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
    $ace.AccessMask = $change
    $ace.AceFlags = 3
    $ace.AceType = 0
    $ace.Trustee = $trustee

    #Securitydescriptor containting access
    $sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
    $sd.ControlFlags = 4
    $sd.DACL = $ace
    $sd.group = $trustee
    $sd.owner = $trustee

    $share = Get-WmiObject Win32_Share -List -ComputerName $computername
    $success = $share.create($folderpath, $sharename, 0, 100, $sharename, "", $sd) | select returnValue
    errMsg($Success.returnValue)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.