Reputation: 55
Scripting Windows Shares - VBS
So i am totally new to VBS, never used it. I am trying to create multiple shares and i found a Microsoft VBS script that can do this(http://gallery.technet.microsoft.com/scriptcenter/6309d93b-fcc3-4586-b102-a71415244712) My question is, this script only allows for one domain group or user to be added for permissions where i am needing to add a couple with different permissions(got that figured out) Below is the script that i have modified for my needs but just need to add in the second group with the other permissions. If there is an easier way to do this please let me know.
'ShareSetup.vbs
'==========================================================================
Option Explicit
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 25
Dim strComputer
Dim objWMIService
Dim objNewShare
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")
Sub sharesec(Fname,shr,info,account)
'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to
Dim FSO
Dim Services
Dim SecDescClass
Dim SecDesc
Dim Trustee
Dim ACE
Dim Share
Dim InParam
Dim Network
Dim FolderName
Dim AdminServer
Dim ShareName
FolderName = Fname
AdminServer = "\\" & strComputer
ShareName = shr
Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_()
'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_
'Trustee.Domain = Null
'Trustee.Name = "EVERYONE"
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
ACE.Properties_.Item("AccessMask") = 1179817
ACE.Properties_.Item("AceFlags") = 3
ACE.Properties_.Item("AceType") = 0
ACE.Properties_.Item("Trustee") = Trustee
SecDesc.Properties_.Item("DACL") = Array(ACE)
Set Share = Services.Get("Win32_Share")
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
InParam.Properties_.Item("Access") = SecDesc
InParam.Properties_.Item("Description") = "Public Share"
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("Type") = 0
Share.ExecMethod_ "Create", InParam
End Sub
Sub sharesec2(Fname,shr,info,account)
'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to
Dim FSO
Dim Services
Dim SecDescClass
Dim SecDesc
Dim Trustee
Dim ACE2
Dim Share
Dim InParam
Dim Network
Dim FolderName
Dim AdminServer
Dim ShareName
FolderName = Fname
AdminServer = "\\" & strComputer
ShareName = shr
Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_()
'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_
'Trustee.Domain = Null
'Trustee.Name = "EVERYONE"
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_
ACE2.Properties_.Item("AccessMask") = 1179817
ACE2.Properties_.Item("AceFlags") = 3
ACE2.Properties_.Item("AceType") = 0
ACE2.Properties_.Item("Trustee") = Trustee
SecDesc.Properties_.Item("DACL") = Array(ACE2)
End Sub
Function SetAccountTrustee(strDomain, strName)
set objTrustee = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
set account = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetAccountTrustee = objTrustee
End Function
Function SetGroupTrustee(strDomain, strName)
Dim objTrustee
Dim account
Dim accountSID
set objTrustee = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetGroupTrustee = objTrustee
End Function
Upvotes: 0
Views: 2442
Answers (2)
Reputation: 125
I think you will find it easier to script the permissions at NTFS level using icacls rather than at share level using VBS and simply assign all users full access in your VBScript.
You may also wish to look into using powershell to create the shares, there is some guidance on this here: http://blogs.technet.com/b/heyscriptingguy/archive/2010/09/16/how-to-use-powershell-to-create-shared-folders-in-windows-7.aspx
In the future we will be able to do this in powershell with cmdlet new-smbshare :-) http://technet.microsoft.com/en-us/library/jj635726.aspx
Upvotes: 1
Reputation: 39653
Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")
I am assuming for some reasons you create the extra function sharesec2 for some odd reason, but that is the wrong thing to do. You are basically trying to create the share twice. Which doesn't make sense. Duplicating that function has no valid purpose.
What you would really have to do is re-work that function. For example you might change the fourth parameter of the sharesec so that it accepts an array. Then You need to loop over the array and build up your discretionary access control list (DACL) for the share. With one access control entry (ACE) per user/group.
I am not going to write the code for you since I abhor VBS, but this is the section would want to loop over this section and build up the DACL.
' loop over the list of users
` create ACE for single user/group
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_
ACE2.Properties_.Item("AccessMask") = 1179817
ACE2.Properties_.Item("AceFlags") = 3
ACE2.Properties_.Item("AceType") = 0
ACE2.Properties_.Item("Trustee") = Trustee
` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array
In any case, I strongly suggest you look at Powershell instead.
Upvotes: 1
Related Questions
- Mapping a network drive and checking for its existence in VBScript
- VBScript map network drive (domain)
- How to record error messages when mapping a shared server to a network drive with VBS?
- VBS script to copy files and folders across network
- Access network share from within VBScript eg FileSystemObject
- VBS echo share exist from remote share path
- VBS- Login script to map drive with multiple NICs
- How to invoke "map a network drive"?
- VBScript copy a file from a Network Server to another Network Server
- Check if share exists - if so then continue