Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Using WMI to set share permission?

27 views
Skip to first unread message

Goshi Key

unread,
May 10, 2005, 10:28:05 AM5/10/05
to
Creating a share on a Windows server with WMI is a pretty simple process,
but modifying the share level permissions has me looking for help. Anybody
know of a simple way to do this? I'd like to avoid using another tool (i.e.;
rmtshare.exe) if at all possible.


Scott McNairy (MVP)

unread,
May 10, 2005, 1:23:43 PM5/10/05
to
If I remember correctly this script worked. It may take some modification
but it walks through the steps pretty well.

''''''''' Begin Script '''''''''''''''
Const Path = "C:\Share"
Const Name = "NewShare"

'Access masks
Const F_List = 1 'can read a file or list folder contents
Const F_Add = 2 'can write to a file or add a file to a folder
Const F_Append = 4 'can append to a file or add a subfolder to a folder
Const F_Rd_EA = 8 'can read Extended Attributes
Const F_Wr_EA = 16 'can write Extended Attributes
Const F_Ex_Trav = 32 'can execute a file or traverse folders
Const F_Del_Child = 64 'can delete a folder And its contents, even RO
files
Const F_Rd_Attr = 128 'can read attributes
Const F_Wr_Attr = 256 'can write attributes
Const F_Delete = 65536 'can delete files And folders
Const F_Rd_Contr = 131072 'assigns read access for this user
Const F_Wr_DAC = 262144 'can change DACL
Const F_Wr_Owner = 524288 'can take ownership
Const F_Synch = 1048576 'synch changes And wait for synch

WR = F_Wr_Attr + F_Wr_EA + F_Append + F_Add
Wscript.Echo "Write access = 0x" & Hex(WR)
RD = F_Rd_Contr + F_Rd_Attr + F_Rd_EA + F_List
Wscript.Echo "Read access = 0x" & Hex(RD)
RX = RD + F_Ex_Trav
Wscript.Echo "RX access = 0x" & Hex(RX)
Modify = (RX + WR + F_Delete)
Wscript.Echo "Modify access = 0x" & Hex(Modify)
Full = Modify + F_Wr_Owner + F_Wr_DAC + F_Del_Child
Wscript.Echo "Full access = 0x" & Hex(Full)

'ACE types
Const Allow = 0
Const Deny = 1
Const Audit = 2

'ACE flags
Const ObjInh = 1 'non-container children inherit this ace
Const ContInh = 2 'container objects inherit this ace
Const NoProp = 4 'do not propagate beyond first child
Const InhOnly = 8 'only controls access to children

Set objWMI = GetObject("winmgmts:root\cimv2")


'*** Get the Win32_SecurityDescriptor class and spawn a new instance
****
Set objSecDescriptor =
objWMI.Get("Win32_SecurityDescriptor").SpawnInstance_

'****** Prepare the security descriptor for the new share ******
objSecDescriptor.ControlFlags = 32772

' this query can be slow unless you limit it by Domain =
"YourLocalWorkStation" as well
Set Group = objWMI.ExecQuery("Select Domain, Name, SID from Win32_Group
where SID = 'S-1-5-32-544'")

Wscript.Echo "Group = " & Group.Count
For Each User in Group 'there will be only one, but it still has to be
enumerated
Wscript.Echo User.Domain & "\" & User.Name & " = " & User.SID
Set Trustee = SetTrustee(objWMI, _
User.Domain, _
User.Name, _
User.SID _
)
Next
objSecDescriptor.DACL = SetACE(objWMI, _
RX, _
0, _
Allow, _
Trustee _
)

'****** set the securitydescriptor ******
Set NewSecDescriptor =
GetObject("winmgmts:Win32_LogicalShareSecuritySetting.Name='" & Name & "'")
Rtn = NewSecDescriptor.SetSecurityDescriptor(objSecDescriptor)
If Err or Rtn <> 0 Then
Wscript.Echo "Problem encountered: Error 0x" & Err.Number & ", Rtn = " &
CStr(Rtn)
Else
Wscript.Echo "status is good.."
End If

'************************* HELPER FUNCTIONS *********************
Function SetTrustee(objWMI, _
strDomain, _
strName, _
strSID _
)
Dim objTrustee

Set objTrustee = objWMI.Get("Win32_Trustee").SpawnInstance_
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.SIDString = strSID
Wscript.Echo "SetTrustee = " & _
objTrustee.Domain & _
"\" & objTrustee.Name & _
" = " & _
objTrustee.SIDString
Set SetTrustee = objTrustee
End Function

Function SetACE(objWMI, _
AccessMask, _
AceFlags, _
AceType, _
objTrustee _
)
Dim objAce

Set objAce = objWMI.Get("Win32_Ace").SpawnInstance_
objAce.AccessMask = AccessMask
objAce.AceFlags = AceFlags
objAce.AceType = AceType
objAce.Trustee = objTrustee
Wscript.Echo "SetACE = " & _
Hex(objAce.AccessMask) & "; " & _
Hex(objAce.AceFlags) & "; " & _
CInt(objAce.AceType) & _
" for: " & objTrustee.Name
Set SetACE = objAce
End Function

--
Scott McNairy
Microsoft MVP - Windows Server Management Infrastructure


"Goshi Key" <kgo...@cox.net> wrote in message
news:Sz3ge.40256$_K.39501@fed1read03...

Al Dunbar [MS-MVP]

unread,
May 11, 2005, 1:33:50 PM5/11/05
to
Good stuff, great example! thanks.

/Al

"Scott McNairy (MVP)" <v-sc...@online.microsoft.com> wrote in message
news:Ob7REUYV...@TK2MSFTNGP14.phx.gbl...

0 new messages