CODEWITHSUNDEEP
windowspowershellpermissionsshare
Redcoatwright
Redcoatwright

Reputation: 157

Changing share permissions using Powershell

I'm trying to modify the share permissions of share drives on a bunch of windows servers which are running either 2008 R2 or 2012.

I worked up a script which you can find here:

Import-Module ActiveDirectory

$list = Get-ADComputer -Filter 'SamAccountName -like "*FP*"' | Select -Exp Name

foreach ($Computer in $list)   
{ 
    Grant-SmbShareAccess -Name User -CimSession Server -AccountName "username" -AccessRight Full -confirm:$false
    $acl = (Get-Item \\$Computer\d$\User ).GetAccessControl('Access')
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ("Corp\uc4serv","FullControl","ContainerInherit, ObjectInherit","None","Allow")
    $acl.AddAccessRule($rule)
    Set-Acl \\$Computer\d$\User $acl
    Write-Host -ForegroundColor DarkGreen "Permissions granted on $Computer"
}
Write-Host -ForegroundColor DarkBlue "Command Has Completed"

But it doesn't work on 2008 servers presumably because they can't run the Get-SmbShareAccess cmdlet.

What I'm trying to do is very similar to this post here: How to set share permissions on a remote share with Powershell? but specifically on Windows servers.

I also found this code on a website (http://windowsitpro.com/powershell/managing-file-shares-windows-powershell):

$acl = Get-Acl `
    \\servername\c$\Users\username\sharetest
$permission = "corp\uc4serv","FullControl","Allow"
$accessRule = New-Object `
    System.Security.AccessControl.FileSystemAccessRule `
    $permission
$acl.SetAccessRule($accessRule)
$acl |
    Set-Acl \\servername\c$\Users\username\sharetest

But this just sets the Security on the share instead of the share permissions.

I also looked into using the Net Share command but in order to change share permissions with that, it has to delete and re-create the share drive completely.

Upvotes: 1

Views: 13972

Answers (1)

kekimian
kekimian

Reputation: 947

You can use "Net Share". Use Invoke-Command to run it on each remote server.

Source - https://social.technet.microsoft.com/Forums/windowsserver/en-US/3edcabac-f1a8-4c4a-850c-8ba4697930a2/using-net-share-within-powershell

Example

Source - $server = "MYSRV" ; $user = "username" ; $SrvPath = "E:\Users\$user"
$sb = {
param($User,$SrvPath)
  NET SHARE $User$=$SrvPath "/GRANT:Domain Admins,FULL" "/GRANT:$User,CHANGE" /REMARK:"Home folder for $SrvPath"
  } 

Invoke-Command -Computername "$Server" -ScriptBlock $sb -ArgumentList $user,$SrvPath

Upvotes: 1

Related Questions