none
Powershell - Remote Server - Set Share Permissions to Everyone Full Control RRS feed

  • Question

  • I have been trying for a couple days to create a share on a remote server and assign "Everyone" "Full Control"

    I can create the share on the remote server, but can not set Everyone to have full control.  No errors, it just doesn't work.  If I use VBScript I can, but not Powershell.  Very weird, it seems as though you are unable to do this on a remote server (2008 Server R2 - UAC off)  I am an Administrator, of course since I can create the shares.

    The PowerShell script I am using is:

    $Computer = "RemoteServerName"
    $Class = "Win32_Share"
    $Method = "Create"
    $name = "Temp"
    $path = "C:\temp"
    $description = "This is shared for me to test"
    $sd = ([WMIClass] "\\$Computer\root\cimv2:Win32_SecurityDescriptor").CreateInstance()
    $ACE = ([WMIClass] "\\$Computer\root\cimv2:Win32_ACE").CreateInstance()
    $Trustee = ([WMIClass] "\\$Computer\root\cimv2:Win32_Trustee").CreateInstance()
    $Trustee.Name = "EVERYONE"
    $Trustee.Domain = $Null
    $Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
    $ace.AccessMask = 2032127
    $ace.AceFlags = 3
    $ace.AceType = 0
    $ACE.Trustee = $Trustee
    $sd.DACL += $ACE.psObject.baseobject
    $mc = [WmiClass]"\\$Computer\ROOT\CIMV2:$Class"
    $InParams = $mc.psbase.GetMethodParameters($Method)
    $InParams.Access = $Null
    $InParams.Description = $description
    $InParams.MaximumAllowed = $Null
    $InParams.Name = $name
    $InParams.Password = $Null
    $InParams.Path = $path
    $InParams.Type = [uint32]0
    $R = $mc.PSBase.InvokeMethod($Method, $InParams, $Null)
    switch ($($R.ReturnValue))
     {
      0 {Write-Host "Share:$name Path:$path Result:Success"; break}
      2 {Write-Host "Share:$name Path:$path Result:Access Denied" -foregroundcolor red -backgroundcolor yellow;break}
      8 {Write-Host "Share:$name Path:$path Result:Unknown Failure" -foregroundcolor red -backgroundcolor yellow;break}
      9 {Write-Host "Share:$name Path:$path Result:Invalid Name" -foregroundcolor red -backgroundcolor yellow;break}
      10 {Write-Host "Share:$name Path:$path Result:Invalid Level" -foregroundcolor red -backgroundcolor yellow;break}
      21 {Write-Host "Share:$name Path:$path Result:Invalid Parameter" -foregroundcolor red -backgroundcolor yellow;break}
      22 {Write-Host "Share:$name Path:$path Result:Duplicate Share" -foregroundcolor red -backgroundcolor yellow;break}
      23 {Write-Host "Share:$name Path:$path Result:Reedirected Path" -foregroundcolor red -backgroundcolor yellow;break}
      24 {Write-Host "Share:$name Path:$path Result:Unknown Device or Directory" -foregroundcolor red -backgroundcolor yellow;break}
      25 {Write-Host "Share:$name Path:$path Result:Network Name Not Found" -foregroundcolor red -backgroundcolor yellow;break}
      default {Write-Host "Share:$name Path:$path Result:*** Unknown Error ***" -foregroundcolor red -backgroundcolor yellow;break}
     }

    The vbscript that will perform the same but give Eveyone Full Control is":

    '==========================================================================
    'ShareSetup.vbs
    '==========================================================================
    Option Explicit
    Const FILE_SHARE = 0
    Const MAXIMUM_CONNECTIONS = 25
    Dim strComputer
    Dim objWMIService
    Dim objNewShare

    strComputer = "RemoteServerName"
    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set objNewShare = objWMIService.Get("Win32_Share")

    Call sharesec ("C:\Temp", "Temp", "Test Share")


    Sub sharesec(Fname,shr,info) 'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to
    Dim FSO
    Dim Services
    Dim SecDescClass
    Dim SecDesc
    Dim Trustee
    Dim ACE
    Dim Share
    Dim InParam
    Dim Network
    Dim FolderName
    Dim AdminServer
    Dim ShareName

    FolderName = Fname
    AdminServer = "\\" & strComputer
    ShareName = shr

    Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2")
    Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
    Set SecDesc = SecDescClass.SpawnInstance_()

    Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_
    Trustee.Domain = Null
    Trustee.Name = "EVERYONE"
    Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)

    Set ACE = Services.Get("Win32_Ace").SpawnInstance_
    ACE.Properties_.Item("AccessMask") = 2032127
    ACE.Properties_.Item("AceFlags") = 3
    ACE.Properties_.Item("AceType") = 0
    ACE.Properties_.Item("Trustee") = Trustee
    SecDesc.Properties_.Item("DACL") = Array(ACE)
    Set Share = Services.Get("Win32_Share")
    Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
    InParam.Properties_.Item("Access") = SecDesc
    InParam.Properties_.Item("Description") = "Public Share"
    InParam.Properties_.Item("Name") = ShareName
    InParam.Properties_.Item("Path") = FolderName
    InParam.Properties_.Item("Type") = 0
    Share.ExecMethod_ "Create", InParam
    End Sub

    Any help would be greatly appreciated.

    Thursday, June 10, 2010 5:40 PM

Answers

All replies