Announcement

Collapse
No announcement yet.

Create and Add Permissions to a Share

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Create and Add Permissions to a Share

    Hi all,

    Has anyone had any experience in creating a script to create a new share and add permissions to it...

    I have found a script to create a new share, but can't manage to get one working to allow a security group access to modify files in it - it only gets generic read only access...

    Code:
    Const FILE_SHARE = 0
    Const MAXIMUM_CONNECTIONS = 25
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set objNewShare = objWMIService.Get("Win32_Share")
    errReturn = objNewShare.Create _
        ("C:\test", "newshare$", FILE_SHARE, _
            MAXIMUM_CONNECTIONS, "Script generated share")
    Wscript.Echo errReturn
    Any thoughts?


    The reason we want this is to roll out in a group policy to all workstations so we can share out a folder for admin purposes, but we don't want to give local admin rights on all workstations, otherwise they could just use c$


    Also should mention that this is for XP clients - hence there isn't the ability to use /grant access on net share

    Many thanks in advance
    Last edited by Lan; 1st November 2010, 18:37. Reason: reason for requesting
    This is my signature.

  • #2
    Re: Create and Add Permissions to a Share

    If you have Server 2008 DCs you can use Group Policy Preferences (computer) to create a share on multiple machines
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Create and Add Permissions to a Share

      I wish we had some 2008 DCs, but alas 2003 R2 is the best we have at the moment

      I also wanted a 2008 DC for setting up printers by policy too but ended up resorting to a login script for that too.

      Do you know of any other ways?
      Thanks
      This is my signature.

      Comment


      • #4
        Re: Create and Add Permissions to a Share

        The default share permissions in Windows Server 2003 and Windows Xp is: Everyone = Read

        If you create a sharedfolder by script, you might like to change the default sharepermissions.

        1) You can set the permissions by modifying the existing DACL
        - www.experts-exchange.com: "Using VBScript to Edit Share Permissions"
        - www.tek-tips.com: "Need script to change share permissions"

        2) OR, by editing the registry (you will use a reference computer), see sample below,
        Code:
        Const FILE_SHARE          = 0  ' Disk Drive
        Const MAXIMUM_CONNECTIONS = 4294967295
        Const HKEY_LOCAL_MACHINE  = &H80000002
        
        strSharename = "newshare$"
        strComment   = "Script generated share"
        strFolder    = "C:\test"
        
        strComputer  = "."
        
        '------------------------------------------------------
        '    Create share
        '------------------------------------------------------
        Set objWMIService = GetObject("winmgmts:" _
            & "{impersonationLevel=impersonate}!\\" _
            & strComputer & "\root\cimv2")
        
        Set objNewShare = objWMIService.Get("Win32_Share")
        errReturn = objNewShare.Create _
            (strFolder, strSharename, FILE_SHARE, _
                MAXIMUM_CONNECTIONS, strComment)
        
        If errReturn = 0 OR errReturn = 22 then
           ' # Continue script setting the share permissions
           SetSharePemissions
           'Note...  errReturn = 22 is "Duplicate Share" !!!
           ' http://msdn.microsoft.com/en-us/libr...93(VS.85).aspx
        Else
           wscript.echo "unsuccessfull! (code", errReturn & ")" & vbNewLine _
             & "http://msdn.microsoft.com/en-us/library/aa389393(VS.85).aspx"
        End If
        
        Wscript.quit
        
        
        Sub SetSharePemissions
        '------------------------------------------------------
        '    set share permissions by using registry entry from a reference computer
        '------------------------------------------------------
        ' 1. On a reference computer set the correct share permissions!
        ' 2. Then use Regedit.exe to export this key,
        '    HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security
        ' 3. From the reg file, copy the hex value of the <sharename> entry.
        ' 4. Paste the value in this script at "strHexValues =".
        ' 5. Modify the pasted value by
        '    removing <backslash><linebreak><space><space>
        '    so you get a one line value without spaces and backslash
        '    (Afterwards, you might want to break the long line in the script
        '    see sample below).
        '
        ' I.E. set share permisions general -> Everyone = Full Control
        strHexValues = "hex:01,00,04,80,30,00,00,00,4c,00,00,00,00,00,00," _
           & "00,14,00,00,00,02,00,1c,00,01,00,00,00,00,00,14,00,ff,01,1f," _
           & "00,01,01,00,00,00,00,00,01,00,00,00,00,01,05,00,00,00,00,00," _
           & "05,15,00,00,00,3a,05,d1,49,b4,02,cc,af,e7,e5,ed,17,f4,01,00," _
           & "00,01,05,00,00,00,00,00,05,15,00,00,00,3a,05,d1,49,b4,02,cc," _
           & "af,e7,e5,ed,17,01,02,00,00"
        
        arrHexValues = Split(Replace(strHexValues, "hex:", ""), ",")
        arrDecValues = DecimalNumbers(arrHexValues)
        
        Set objRegistry=GetObject( _
           "winmgmts:{impersonationLevel=impersonate}!\\" & _
           strComputer & "\root\default:StdRegProv")
        
        strKeyPath = "SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security"
        objRegistry.SetBinaryValue HKEY_LOCAL_MACHINE, _
           strKeyPath, strSharename, arrDecValues
        End Sub
        
        Function DecimalNumbers(arrHex)
           Dim i, strDecValues
           For i = 0 to Ubound(arrHex)
             If isEmpty(strDecValues) Then
               strDecValues = CLng("&H" & arrHex(i))
             Else
               strDecValues = strDecValues & "," & CLng("&H" & arrHex(i))
             End If
           next
           DecimalNumbers = split(strDecValues, ",")
        End Function
        \Rems
        Last edited by Rems; 6th November 2010, 12:58.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Create and Add Permissions to a Share

          Thanks Rems - that registry from a source machined seemed to work - I had problems but then realised I was running it on a Windows 7 machine which seemed to leave the default permissions - works much better on a XP machine though!
          This is my signature.

          Comment

          Working...
          X