Create and Add Permissions to a Share

Home Forums Scripting Windows Script Host Create and Add Permissions to a Share

This topic contains 4 replies, has 3 voices, and was last updated by Avatar Lan 8 years, 9 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    Lan
    Member
    #151829

    Hi all,

    Has anyone had any experience in creating a script to create a new share and add permissions to it…

    I have found a script to create a new share, but can’t manage to get one working to allow a security group access to modify files in it – it only gets generic read only access…

    Code:
    Const FILE_SHARE = 0
    Const MAXIMUM_CONNECTIONS = 25
    strComputer = “.”
    Set objWMIService = GetObject(“winmgmts:” _
    & “{impersonationLevel=impersonate}!\” & strComputer & “rootcimv2”)
    Set objNewShare = objWMIService.Get(“Win32_Share”)
    errReturn = objNewShare.Create _
    (“C:test”, “newshare$”, FILE_SHARE, _
    MAXIMUM_CONNECTIONS, “Script generated share”)
    Wscript.Echo errReturn

    Any thoughts?

    The reason we want this is to roll out in a group policy to all workstations so we can share out a folder for admin purposes, but we don’t want to give local admin rights on all workstations, otherwise they could just use c$

    Also should mention that this is for XP clients – hence there isn’t the ability to use /grant access on net share

    Many thanks in advance

    Avatar
    Ossian
    Moderator
    #183098

    Re: Create and Add Permissions to a Share

    If you have Server 2008 DCs you can use Group Policy Preferences (computer) to create a share on multiple machines

    Avatar
    Lan
    Member
    #298636

    Re: Create and Add Permissions to a Share

    I wish we had some 2008 DCs, but alas 2003 R2 is the best we have at the moment :(

    I also wanted a 2008 DC for setting up printers by policy too but ended up resorting to a login script for that too.

    Do you know of any other ways?
    Thanks

    Rems
    Rems
    Moderator
    #227878

    Re: Create and Add Permissions to a Share

    The default share permissions in Windows Server 2003 and Windows Xp is: Everyone = Read

    If you create a sharedfolder by script, you might like to change the default sharepermissions.

    1) You can set the permissions by modifying the existing DACL
    http://www.experts-exchange.com: “Using VBScript to Edit Share Permissions”
    http://www.tek-tips.com: “Need script to change share permissions”

    2) OR, by editing the registry (you will use a reference computer), see sample below,

    Const FILE_SHARE = 0 ‘ Disk Drive
    Const MAXIMUM_CONNECTIONS = [COLOR=”blue”]4294967295[/COLOR]
    Const HKEY_LOCAL_MACHINE = &H80000002

    strSharename = “[COLOR=”Blue”]newshare$[/COLOR]”
    strComment = “[COLOR=”blue”]Script generated share[/COLOR]”
    strFolder = “[COLOR=”blue”]C:test[/COLOR]”

    strComputer = “.”

    ‘——————————————————
    ‘ Create share
    ‘——————————————————
    Set objWMIService = GetObject(“winmgmts:” _
    & “{impersonationLevel=impersonate}!\” _
    & strComputer & “rootcimv2”)

    Set objNewShare = objWMIService.Get(“Win32_Share”)
    errReturn = objNewShare.Create _
    (strFolder, strSharename, FILE_SHARE, _
    MAXIMUM_CONNECTIONS, strComment)

    If errReturn = 0 OR errReturn = 22 then
    ‘ # Continue script setting the share permissions
    SetSharePemissions
    ‘Note… errReturn = 22 is “Duplicate Share” !!!
    ‘ [URL=”http://msdn.microsoft.com/en-us/library/aa389393(VS.85).aspx”]http://msdn.microsoft.com/en-us/library/aa389393(VS.85).aspx[/URL]
    Else
    wscript.echo “unsuccessfull! (code”, errReturn & “)” & vbNewLine _
    & “http://msdn.microsoft.com/en-us/library/aa389393(VS.85).aspx”
    End If

    Wscript.quit

    Sub SetSharePemissions
    ‘——————————————————
    ‘ set share permissions by using registry entry from a reference computer
    ‘——————————————————
    [COLOR=”Red”]’ 1. On a reference computer set the correct share permissions!
    ‘ 2. Then use Regedit.exe to export this key,
    ‘ HKLMSYSTEMCurrentControlSetServiceslanmanserverSharesSecurity
    ‘ 3. From the reg file, copy the hex value of the entry.
    ‘ 4. Paste the value in this script at “strHexValues =”.
    ‘ 5. Modify the pasted value by
    ‘ removing
    ‘ so you get a one line value without spaces and backslash
    ‘ (Afterwards, you might want to break the long line in the script
    ‘ see sample below).

    ‘ [/COLOR]I.E. set share permisions general -> Everyone = Full Control
    strHexValues = “[COLOR=”blue”]hex:01,00,04,80,30,00,00,00,4c,00,00,00,00,00,00,[/COLOR]” _
    & “[COLOR=”blue”]00,14,00,00,00,02,00,1c,00,01,00,00,00,00,00,14,00,ff,01,1f,[/COLOR]” _
    & “[COLOR=”blue”]00,01,01,00,00,00,00,00,01,00,00,00,00,01,05,00,00,00,00,00,[/COLOR]” _
    & “[COLOR=”blue”]05,15,00,00,00,3a,05,d1,49,b4,02,cc,af,e7,e5,ed,17,f4,01,00,[/COLOR]” _
    & “[COLOR=”blue”]00,01,05,00,00,00,00,00,05,15,00,00,00,3a,05,d1,49,b4,02,cc,[/COLOR]” _
    & “[COLOR=”blue”]af,e7,e5,ed,17,01,02,00,00[/COLOR]”

    arrHexValues = Split(Replace(strHexValues, “hex:”, “”), “,”)
    arrDecValues = DecimalNumbers(arrHexValues)

    Set objRegistry=GetObject( _
    “winmgmts:{impersonationLevel=impersonate}!\” & _
    strComputer & “rootdefault:StdRegProv”)

    strKeyPath = “SYSTEMCurrentControlSetServiceslanmanserverSharesSecurity”
    objRegistry.SetBinaryValue HKEY_LOCAL_MACHINE, _
    strKeyPath, strSharename, arrDecValues
    End Sub

    Function DecimalNumbers(arrHex)
    Dim i, strDecValues
    For i = 0 to Ubound(arrHex)
    If isEmpty(strDecValues) Then
    strDecValues = CLng(“&H” & arrHex(i))
    Else
    strDecValues = strDecValues & “,” & CLng(“&H” & arrHex(i))
    End If
    next
    DecimalNumbers = split(strDecValues, “,”)
    End Function
    [/CODE]

    Rems[CODE]
    Const FILE_SHARE = 0 ‘ Disk Drive
    Const MAXIMUM_CONNECTIONS = 4294967295
    Const HKEY_LOCAL_MACHINE = &H80000002

    strSharename = “newshare$
    strComment = “Script generated share
    strFolder = “C:test

    strComputer = “.”


    ‘ Create share


    Set objWMIService = GetObject(“winmgmts:” _
    & “{impersonationLevel=impersonate}!\” _
    & strComputer & “rootcimv2”)

    Set objNewShare = objWMIService.Get(“Win32_Share”)
    errReturn = objNewShare.Create _
    (strFolder, strSharename, FILE_SHARE, _
    MAXIMUM_CONNECTIONS, strComment)

    If errReturn = 0 OR errReturn = 22 then
    ‘ # Continue script setting the share permissions
    SetSharePemissions
    ‘Note… errReturn = 22 is “Duplicate Share” !!!
    http://msdn.microsoft.com/en-us/library/aa389393(VS.85).aspx
    Else
    wscript.echo “unsuccessfull! (code”, errReturn & “)” & vbNewLine _
    & “http://msdn.microsoft.com/en-us/library/aa389393(VS.85).aspx”
    End If

    Wscript.quit

    Sub SetSharePemissions


    ‘ set share permissions by using registry entry from a reference computer


    ‘ 1. On a reference computer set the correct share permissions!
    ‘ 2. Then use Regedit.exe to export this key,
    ‘ HKLMSYSTEMCurrentControlSetServiceslanmanserverSharesSecurity
    ‘ 3. From the reg file, copy the hex value of the entry.
    ‘ 4. Paste the value in this script at “strHexValues =”.
    ‘ 5. Modify the pasted value by
    ‘ removing
    ‘ so you get a one line value without spaces and backslash
    ‘ (Afterwards, you might want to break the long line in the script
    ‘ see sample below).

    I.E. set share permisions general -> Everyone = Full Control
    strHexValues = “hex:01,00,04,80,30,00,00,00,4c,00,00,00,00,00,00,” _
    & “00,14,00,00,00,02,00,1c,00,01,00,00,00,00,00,14,00,ff,01,1f,” _
    & “00,01,01,00,00,00,00,00,01,00,00,00,00,01,05,00,00,00,00,00,” _
    & “05,15,00,00,00,3a,05,d1,49,b4,02,cc,af,e7,e5,ed,17,f4,01,00,” _
    & “00,01,05,00,00,00,00,00,05,15,00,00,00,3a,05,d1,49,b4,02,cc,” _
    & “af,e7,e5,ed,17,01,02,00,00

    arrHexValues = Split(Replace(strHexValues, “hex:”, “”), “,”)
    arrDecValues = DecimalNumbers(arrHexValues)

    Set objRegistry=GetObject( _
    “winmgmts:{impersonationLevel=impersonate}!\” & _
    strComputer & “rootdefault:StdRegProv”)

    strKeyPath = “SYSTEMCurrentControlSetServiceslanmanserverSharesSecurity”
    objRegistry.SetBinaryValue HKEY_LOCAL_MACHINE, _
    strKeyPath, strSharename, arrDecValues
    End Sub

    Function DecimalNumbers(arrHex)
    Dim i, strDecValues
    For i = 0 to Ubound(arrHex)
    If isEmpty(strDecValues) Then
    strDecValues = CLng(“&H” & arrHex(i))
    Else
    strDecValues = strDecValues & “,” & CLng(“&H” & arrHex(i))
    End If
    next
    DecimalNumbers = split(strDecValues, “,”)
    End Function
    [/CODE]

    Rems

    Avatar
    Lan
    Member
    #298638

    Re: Create and Add Permissions to a Share

    Thanks Rems – that registry from a source machined seemed to work – I had problems but then realised I was running it on a Windows 7 machine which seemed to leave the default permissions – works much better on a XP machine though!

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Register for this Petri Webinar!

Want to Make Your Backup Storage Unlimited & Ready for the Cloud? – Free Thurrott Premium Account with Webinar Registration!

Tuesday, August 27, 2019 @ 1:00 pm EDT

A Scale-Out Backup storage infrastructure is a must-have technology for your backups. In this webinar, join expert Rick Vanover for a look on what real-world problems are solved by the Scale-Out Backup Repository.

Register Now

Sponsored By