+ Post New Thread
Results 1 to 9 of 9
Windows Thread, Command line tool for share permissions in Technical; Does anyone know of a better commandline tool for setting share permissions other than Code: NET SHARE share$=<filepath> /GRANT:user,permission On ...
  1. #1

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Command line tool for share permissions

    Does anyone know of a better commandline tool for setting share permissions other than
    Code:
    NET SHARE share$=<filepath>  /GRANT:user,permission
    On Windows 2003 servers, Microsoft set the default permisions on share to be everyone read only. The problem is it doesn't be an easy way to adjust this. So I just reshare the share with everyone change and rely on NTFS permissions on the drive to provide the security.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,617
    Thank Post
    648
    Thanked 1,618 Times in 1,448 Posts
    Rep Power
    421

    Re: Command line tool for share permissions

    I do the same as you.

    Ben

  3. #3
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Command line tool for share permissions

    The best command line tool for managing permissions I have ever used SetACL. It can do just about everything related to permissions on files, folders, shares, registry, printers and services.

  4. #4

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Command line tool for share permissions

    Quote Originally Posted by NetworkGeezer
    Does anyone know of a better commandline tool for setting share permissions other than
    Code:
    NET SHARE share$=<filepath>  /GRANT:user,permission
    On Windows 2003 servers, Microsoft set the default permisions on share to be everyone read only. The problem is it doesn't be an easy way to adjust this. So I just reshare the share with everyone change and rely on NTFS permissions on the drive to provide the security.
    Yeah- that's actually best practise in a lot of Microsoft training courses now. In Server 2000 they had Everyone with the lot, and then in 2003 said "OK, how can we make the share safer from the get go" and came up with setting Everyone: Read by default. I actually think it's a good idea. And normally (no- most all the time) I use the Share MMC to handle things like sharing folders and the GUI for setting them.

    Now MIcrosoft are telling everyone to set the share permission to Everyone: Full Control and advising the use of NTFS to further restrict. Again, a good idea. Share permission are messy- they don't replicate, and backing them up is a futile exercise in pain-filled living. NTFS permissions all the way!

    But personally- I would use the GUI if it's that much of a time consumer.

    Enjoy!

  5. #5
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: Command line tool for share permissions

    You could use XCALS, I use it as part of the new intake script I run every August.

    When I get into the office on Monday I will post a link to it and a copy of the script I use, it is really easy and straight forward and modifies the permissions on the share and the NTFS permissions also.

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,596
    Thank Post
    109
    Thanked 764 Times in 595 Posts
    Rep Power
    181

    Re: Command line tool for share permissions

    XACLS for me with chown for ownership.

  7. #7

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Command line tool for share permissions

    Thanks for all the responses. I think I will have to go with AJBrittons suggestion, i.e. using SetACL. From what I can see XCACLS just provides finer control over NTFS permissions.

  8. #8
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: Command line tool for share permissions

    If you just want a simple tool you could do with rmtshare.exe which sets everyone full control by default. I think it's a resource kit tool. Obviously check the version that you have sets the correct permissions as Microsoft may have "updated" it in later versions. As the name suggests, it will set a share on a remote server.

    I much prefer using everyone - full control on shares. It's recommended practice because trying to administer access controls in 2 places is always going to lead to oversights. Seeing as NTFS permissions give much more precise control than share perms do, NTFS is the obvious pick.

  9. #9

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Command line tool for share permissions

    Thanks sahmeepee. I'll have a look at that too.

SHARE:
+ Post New Thread

Similar Threads

  1. Command Line ISO Creator
    By russdev in forum Windows
    Replies: 1
    Last Post: 27th September 2007, 08:04 PM
  2. Command line enviroment for pupils.
    By Teth in forum How do you do....it?
    Replies: 16
    Last Post: 16th January 2007, 01:17 PM
  3. Replies: 3
    Last Post: 4th January 2007, 09:09 PM
  4. Command LIne
    By wesleyw in forum Windows
    Replies: 4
    Last Post: 12th October 2006, 11:10 AM
  5. Command line installs? heeellllppp
    By contink in forum How do you do....it?
    Replies: 2
    Last Post: 2nd October 2006, 04:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •