Add to Technorati Favorites
Welcome to ThePowerShellGuy.com Sign in | Join | Help

Replace security on existing share with WMI in PowerShell (update post)

This is an update of the script from my old Blog /\/\o\/\/ PowerShelled: Replace Security on existing share using MSH to PowerShell V2, I came at this post while recourcing a question about translating a SID, that I tested a lot with on my old blog see also the other posts about this here where you can find more examples.

As I was at it I rewrote the existing script to work in PowerShell V2

Changes,

  • Changed MshObject to PsObject (name change after Beta)
  • Added CreateInstance() to create the Abstract WMI Classes (seems that that was not needed before WMI wrapper was added in RC1)
  • By testing I found out that the script also did work with SID in string form now, before I could not get it working

Of course this script is also a candidate for further refactoring to an advanced function ( for example to check the value for mode if it is valid), but thats might be for a followup post.

# Set-SharePermission function
# Sets the security of a existing Share
# /\/\o\/\/ 2005-2010

Function set-Sharepermissions {
  PARAM (
    $share = "Test"
    $user = "administrators"
    $Domain = $null
    $mode = "Change"
  )

  $sd = (new-object management.managementclass Win32_SecurityDescriptor).CreateInstance()
  $ace = (new-object management.managementclass Win32_ace).CreateInstance()
  $Trustee = (new-object management.managementclass win32_trustee).CreateInstance()

  $Account = new-object system.security.principal.NtAccount($user)
  $SID = $Account.translate([system.security.principal.securityidentifier])
  #[byte[]]$ba = ,0 * $sid.BinaryLength
  #$sid.GetBinaryForm($ba,0)

  $Trustee.Domain = $Domain
  $Trustee.Name = $user
  #$Trustee.SID = $ba
  $Trustee.SIDString = $sid.Value

  switch ($mode) {
    "Full"   {$ace.AccessMask = 2032127}
    "Change" {$ace.AccessMask = 1245631}
    "Read"   {$ace.AccessMask = 1179817}
  }

  $ace.AceType = 0
  $ace.AceFlags = 3
  $ace.trustee = $trustee
  $SD.DACL = @($ACE.psobject.baseObject)

  $share = get-wmiObject win32_share -filter "name='$share'"

  $inparams = $share.GetMethodParameters("setShareInfo")
  $inParams["Access"]  =  $SD.psobject.baseObject

  $share.invokemethod("setshareInfo",$inparams,$null)
}

 On my old blog you can also find another post : /\/\o\/\/ PowerShelled: PowerShell Import Shares and Security info ... to complely export and import a complete share complete with security.

With the example in this post you should also be able to get that sample working again. 

Enjoy,

Greetings /\/\o\/\/

 

Published Wednesday, June 02, 2010 2:24 PM by MoW
Filed under: ,

Comments

# Twitter Trackbacks for The PowerShell Guy : Replace security on existing share with WMI in PowerShell (update post) [thepowershellguy.com] on Topsy.com

PingBack from http://topsy.com/trackback?utm_source=pingback&utm_campaign=L2&url=http://thepowershellguy.com/blogs/posh/archive/2010/06/02/replace-security-on-existing-share-with-wmi-in-powershell-update-post.aspx

Wednesday, June 02, 2010 4:21 PM by Twitter Trackbacks for The PowerShell Guy : Replace security on existing share with WMI in PowerShell (update post) [thepowershellguy.com] on Topsy.com

# re: Replace security on existing share with WMI in PowerShell (update post)

How could this be accomplished on a remote 2008 R2 server.  My modification that is below does not seem to work.

$Computer = "RemoteServerName"

$Class = "Win32_Share"

$Method = "Create"

$name = "Temp"

$path = "C:\temp"

$description = "This is shared for me to test"

$sd = ([WMIClass] "\\$Computer\root\cimv2:Win32_SecurityDescriptor").CreateInstance()

$ACE = ([WMIClass] "\\$Computer\root\cimv2:Win32_ACE").CreateInstance()

$Trustee = ([WMIClass] "\\$Computer\root\cimv2:Win32_Trustee").CreateInstance()

$Trustee.Name = "EVERYONE"

$Trustee.Domain = $Null

$Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)

$ace.AccessMask = 2032127

$ace.AceFlags = 3

$ace.AceType = 0

$ACE.Trustee = $Trustee

$sd.DACL += $ACE.psObject.baseobject

$mc = [WmiClass]"\\$Computer\ROOT\CIMV2:$Class"

$InParams = $mc.psbase.GetMethodParameters($Method)

$InParams.Access = $Null

$InParams.Description = $description

$InParams.MaximumAllowed = $Null

$InParams.Name = $name

$InParams.Password = $Null

$InParams.Path = $path

$InParams.Type = [uint32]0

$R = $mc.PSBase.InvokeMethod($Method, $InParams, $Null)

switch ($($R.ReturnValue))

{

0 {Write-Host "Share:$name Path:$path Result:Success"; break}

2 {Write-Host "Share:$name Path:$path Result:Access Denied" -foregroundcolor red -backgroundcolor yellow;break}

8 {Write-Host "Share:$name Path:$path Result:Unknown Failure" -foregroundcolor red -backgroundcolor yellow;break}

9 {Write-Host "Share:$name Path:$path Result:Invalid Name" -foregroundcolor red -backgroundcolor yellow;break}

10 {Write-Host "Share:$name Path:$path Result:Invalid Level" -foregroundcolor red -backgroundcolor yellow;break}

21 {Write-Host "Share:$name Path:$path Result:Invalid Parameter" -foregroundcolor red -backgroundcolor yellow;break}

22 {Write-Host "Share:$name Path:$path Result:Duplicate Share" -foregroundcolor red -backgroundcolor yellow;break}

23 {Write-Host "Share:$name Path:$path Result:Reedirected Path" -foregroundcolor red -backgroundcolor yellow;break}

24 {Write-Host "Share:$name Path:$path Result:Unknown Device or Directory" -foregroundcolor red -backgroundcolor yellow;break}

25 {Write-Host "Share:$name Path:$path Result:Network Name Not Found" -foregroundcolor red -backgroundcolor yellow;break}

default {Write-Host "Share:$name Path:$path Result:*** Unknown Error ***" -foregroundcolor red -backgroundcolor yellow;break}

}

Thursday, June 10, 2010 1:52 PM by
Anonymous comments are disabled