none
Powershell Script to Assign Share Permission RRS feed

  • Question

  • Hello,

    We are trying to streamline the folder access permissions. We see that on many NAS shares Everyone is provided full share permission, but the NTFS permissions do not have everyone group.

    What we wanted is a script that will take the NFTS permissions for the respective folder and apply that as a share permission by overwriting the existing share permission for the respective shared folder.

    Thank you.

    Raj

    Wednesday, September 11, 2019 4:46 PM

Answers

  • what you want is not a good practice.

    It is certain that making a script that would do what you ask is possible. After all, everyone can do what they want, the best and the worst ... and what you ask is the worst.

    Consider that : Between rights on the share and NTFS permissions is the most restrictive that wins.So anonymous users can't show the shares (To live happy, live hidden)

    If you want to increase security, just change the EveryOne group by DOmain Users (if you have only one domain) or Authenticated users.

    Moreover, if in your share there are several directories of 1st level, see lower level, how are you going to handle this? It will be just unmanageable!

    Consider thebill remark, and please go the the Internet  and look for best practices about shares.

    Olivier

    P.S. : It was just advice from me, but just remember that counselors are not the payers

    Wednesday, September 11, 2019 5:28 PM

All replies

  • Please read the following:

    This forum is for scripting questions rather than script requests


    -- Bill Stewart [Bill_Stewart]

    Wednesday, September 11, 2019 4:51 PM
    Moderator
  • what you want is not a good practice.

    It is certain that making a script that would do what you ask is possible. After all, everyone can do what they want, the best and the worst ... and what you ask is the worst.

    Consider that : Between rights on the share and NTFS permissions is the most restrictive that wins.So anonymous users can't show the shares (To live happy, live hidden)

    If you want to increase security, just change the EveryOne group by DOmain Users (if you have only one domain) or Authenticated users.

    Moreover, if in your share there are several directories of 1st level, see lower level, how are you going to handle this? It will be just unmanageable!

    Consider thebill remark, and please go the the Internet  and look for best practices about shares.

    Olivier

    P.S. : It was just advice from me, but just remember that counselors are not the payers

    Wednesday, September 11, 2019 5:28 PM
  • Oliv is correct. We do not mange permissions on shares that way. The old share permissions are used in a work group but in a domain  this is done on NTFS.

    I recommend searching for articles on how to manage permissions in a domain and following the best practices recommended.  You must clearly understand this before you start changing anything.


    \_(ツ)_/

    Wednesday, September 11, 2019 5:32 PM
  • thanks jvr

    I try to be didactic and explain as much i can with my poor english. Explain, discuss, explain again, and again ... did you understand ? ... Ok, so now you know what to do then do it. Sometimes I think I call myself Don Quichotte, and it's bring :-)

    Olivier

    Wednesday, September 11, 2019 6:30 PM
  • thanks jvr

    I try to be didactic and explain as much i can with my poor english. Explain, discuss, explain again, and again ... did you understand ? ... Ok, so now you know what to do then do it. Sometimes I think I call myself Don Quichotte, and it's bring :-)

    Olivier

    It was clear enough I just wanted to add that a search would find more for the user.  You are correct that permissions management via share would be insane and very difficult to maintain.


    \_(ツ)_/

    Wednesday, September 11, 2019 6:35 PM