+ Post New Thread
Results 1 to 5 of 5
Scripts Thread, Powershell script for NT sharing and security. in Coding and Web Development; Hello All, I need a powershell script for applying NT sharing and security for a application folder. For eg: D:\Appfolder ...
  1. #1

    Join Date
    Apr 2013
    Posts
    32
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Post Powershell script for NT sharing and security.

    Hello All,

    I need a powershell script for applying NT sharing and security for a application folder.

    For eg:

    D:\Appfolder

    I want to share this folder with "xyz" name, and give sharing permissions to aspnet and domain admins.

    Then, in security tab I want to add aspnet and user.

    The folder D:\Appfolder contains a sub folder i.e. D:\Appfolder\bin

    this \bin folder should have read-only permission for aspnet group which we added in security tab.


    I need this urgently , please help me out.

    Thanks in Advance!!!!

  2. #2


    Join Date
    May 2009
    Posts
    3,395
    Thank Post
    301
    Thanked 917 Times in 684 Posts
    Rep Power
    346

  3. #3

    Join Date
    Apr 2013
    Posts
    32
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks pcstru! But this is not helpful.

    I need simple ps1 script, which can do sharing and security for a folder.

  4. #4

    Join Date
    Jul 2012
    Location
    Boerne Texas USA
    Posts
    45
    Thank Post
    0
    Thanked 9 Times in 9 Posts
    Rep Power
    6
    Section from my student account creation script that does the share and permissions:
    Code:
    function createUserDirectory {                                     #CREATE USER DIRECTORY
        try {
            $homeDir=$UsersDir+"\"+$User
            if (!(Test-Path -path $homeDir)) {
                New-Item $homeDir -type directory | Out-Null
                Set-ItemProperty $homeDir -name attributes -value ([System.IO.FileAttributes]::Hidden)
            }
        } catch [Exception] { 
            write-host $_.Exception.ToString()+" "+$homeDir+$Logon+"ERROR 700"; ExitWithCode (700)
        }
    
    
        $LocalPath="M:\"+$School+"\students"
        $Sharename = $Logon+"$"
        $checkShare = Get-WmiObject Win32_Share -computername $HomeSrv -Filter "Name='$ShareName'"
        if ($checkShare -ne $null) { 
            # "Share exists and will now be deleted!!!" 
            write-host "Share exists and will now be deleted!!!"+$ShareName
            get-WmiObject Win32_Share -computername $HomeSrv -Filter "Name='$ShareName'" | foreach-object { $_.Delete() } | Out-Null
        } 
        
        try {
            #share the new home directory  
            $Class = "Win32_Share"
            $Method = "Create"
            $description = "Home drive for:"+$User
            $sd = ([WMIClass] "\\$HomeSrv\root\cimv2:Win32_SecurityDescriptor").CreateInstance()
            $ACE = ([WMIClass] "\\$HomeSrv\root\cimv2:Win32_ACE").CreateInstance()
            $Trustee = ([WMIClass] "\\$HomeSrv\root\cimv2:Win32_Trustee").CreateInstance()
            $Trustee.Name = "EVERYONE"
            $Trustee.Domain = $Null
            $Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
            $ace.AccessMask = 2032127
            $ace.AceFlags = 3
            $ace.AceType = 0
            $ACE.Trustee = $Trustee
            $sd.DACL += $ACE.psObject.baseobject 
            $mc = [WmiClass]"\\$HomeSrv\ROOT\CIMV2:$Class"
            $InParams = $mc.psbase.GetMethodParameters($Method)
            $InParams.Access = $sd
            $InParams.Description = $description
            $InParams.MaximumAllowed = 4
            $InParams.Name = $Sharename
            $InParams.Password = $Null
            $InParams.Path = $LocalPath+"\"+$user
            $InParams.Type = [uint32]0
            $R = $mc.PSBase.InvokeMethod($Method, $InParams, $Null)
            switch ($($R.ReturnValue)) {
                0 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Success"; break}  
                2 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Access Denied" -foregroundcolor red -backgroundcolor yellow;break}  
                8 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Unknown Failure" -foregroundcolor red -backgroundcolor yellow;break}  
                9 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Invalid Name" -foregroundcolor red -backgroundcolor yellow;break}  
                10 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Invalid Level" -foregroundcolor red -backgroundcolor yellow;break}  
                21 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Invalid Parameter" -foregroundcolor red -backgroundcolor yellow;break}  
                22 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Duplicate Share" -foregroundcolor red -backgroundcolor yellow;break}  
                23 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Reedirected Path" -foregroundcolor red -backgroundcolor yellow;break}  
                24 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Unknown Device or Directory" -foregroundcolor red -backgroundcolor yellow;break}  
                25 {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:Network Name Not Found" -foregroundcolor red -backgroundcolor yellow;break}  
                default {Write-Host "Share:$Sharename Path:$LocalPath\$user Result:*** Unknown Error ***" -foregroundcolor red -backgroundcolor yellow;break}
            }
        } catch [Exception] { 
            write-host $_.Exception.ToString()+$Logon+"$ "+$LocalPath+"\"+$user+"ERROR 800"; ExitWithCode (800)
        }
        
        try {
            # set access permissions
            $acl = Get-Acl $homeDir
            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Logon,"ReadData,ReadAttributes,ReadExtendedAttributes,ReadPermissions,WriteData,AppendData,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,Delete,Synchronize,Traverse,TakeOwnership", "ContainerInherit", "None", "Allow")
            $acl.AddAccessRule($rule)
            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Logon,"ReadData,ReadAttributes,ReadExtendedAttributes,ReadPermissions,WriteData,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,Delete,Synchronize,TakeOwnership", "ObjectInherit", "InheritOnly ", "Allow")
            $acl.AddAccessRule($rule)
            $acl.SetOwner([System.Security.Principal.NTAccount] $Logon)
            Set-Acl $homeDir $acl
        } catch [Exception] { 
            Start-Sleep -Seconds 60      # WAIT AND TRY AGAIN
            $acl = Get-Acl $homeDir
            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Logon,"ReadData,ReadAttributes,ReadExtendedAttributes,ReadPermissions,WriteData,AppendData,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,Delete,Synchronize,Traverse,TakeOwnership", "ContainerInherit", "None", "Allow")
            $acl.AddAccessRule($rule)
            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Logon,"ReadData,ReadAttributes,ReadExtendedAttributes,ReadPermissions,WriteData,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,Delete,Synchronize,TakeOwnership", "ObjectInherit", "InheritOnly ", "Allow")
            $acl.AddAccessRule($rule)
            $acl.SetOwner([System.Security.Principal.NTAccount] $Logon)
            Set-Acl $homeDir $acl
        }

  5. #5

    Join Date
    Apr 2013
    Posts
    32
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks jklight!!

    But I need something like below powershell script I am newbie to this.

    ### -------------------------------------------------------------------
    ### Configures Sharing and Security
    ### -------------------------------------------------------------------
    Import-Module WebAdministration
    function New-Share
    {
    #Variables
    Write-Host "Gathering Variables"
    $LocalPath = Read-Host "Enter Directory Path"
    $Sharename = Read-Host "Enter Share Nme"
    $CompanyName = Read-Host "Enter client OU"
    $Webuser = Read-Host 'Enter webuser'

    # Assign the Permissions to Administrators
    Write-Host "Creating Sharing"


    $AccessRule =New-Object System.Security.AccessControl.FileSystemAccessRule ("Domain admins","FullControl","ContainerInherit,ObjectInhe rit","None","Allow")
    $acl=get-acl -Path $LocalPath\$Sharename
    $ACL.SetAccessRule($AccessRule)
    set-acl -Path $LocalPath\$Sharename -AclObject $acl
    # Remove “Everyone” from Share permissions and assign the Share Permissions to “Administrators”
    Revoke-SmbShareAccess -Path $LocalPath -CimSession $LocalPath -AccountName Everyone -Force
    Grant-SmbShareAccess -Path $LocalPath -CimSession $LocalPath -AccountName Administrators -AccessRight Full –Force
    }





    Please Help, I know is this not correct please write correct for me please!!!!



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 14th May 2013, 08:08 AM
  2. Replies: 1
    Last Post: 15th November 2012, 12:28 PM
  3. Output of share and security permissions to a file
    By bodminman in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 10th September 2012, 03:15 PM
  4. Replies: 2
    Last Post: 24th February 2011, 02:01 PM
  5. Backup Script for NT backup and Robocopy
    By ChrisH in forum Scripts
    Replies: 12
    Last Post: 20th October 2005, 02:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •