/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" Replace Security on existing share using MSH "," Einstein "," Runas with loading Profile script in MSH "," do the MSH - CMD- MSH loop. & RunAs in MSH "," list processes of remote computer from MSH "," MSH Error message line number and Trap. "," Strange behavour of get-member on DataTables "," CodeSigning in Monad" Shell Beta 2 (for .NET Frame... "," WMI viewer script for MSH (GUI) "," Monad Release for Whidbey RTM "," ")
Tuesday, November 01, 2005
Get Binary SID in MSH (Share Security Update)
My problem of gettting the Binary SID, ( Replace Security on existing share using MSH ) had to do with the way I did make the byte-array. as was pointed out to me in the Newsgroup (Pasted post below, THX again from here).
I posted the changed script again, below also.
So now we can make this into a decent function that only Takes :
-share -user -rights.
*remark* the script as is Replaces the compleet Security descriptor, you would also want to make one that first gets the SD from the share, add an ACE and write it back. (should not be difficult, working from wat we have already.) and the same trick will work while creating the share.
but I will not spoil all the fun for you ;-)
gr /\/\o\/\/
-----------------------------------------------------------------------------------
Jouko Kynsijärvi wrote:
This works for me (running MSH on .NET 2.0 RTM):
$Account = new-object system.security.principal.ntaccount("Administrators")
$SID = $Account.translate([system.security.principal.securityidentifier])
[byte[]]$ba = ,0 * $sid.BinaryLength
$sid.GetBinaryForm($ba,0)
$ba
I guess the reason your code didn't work was that $ba was an array of
objects (not bytes), so passing by ref didn't work.
---------------------------------------------------------------------------------
# Set-ShareInfo.msh
# Sets the security of a existing Share
# /\/\o\/\/ 2005
$share = "Test"
$user = "administrators"
$Domain = $null
$mode = "Change"
$sd = new-object system.management.managementclass Win32_SecurityDescriptor
$ace = new-object system.management.managementclass Win32_ace
$Trustee = new-object system.management.managementclass win32_trustee
$Account = new-object system.security.principal.NtAccount($user)
$SID = $Account.translate([system.security.principal.securityidentifier])
[byte[]]$ba = ,0 * $sid.BinaryLength
$Trustee.Domain = $Domain
$Trustee.Name = $user
$Trustee.SID = $ba
switch ($mode) {
"Full" {$ace.AccessMask = 2032127}
"Change" {$ace.AccessMask = 1245631}
"Read" {$ace.AccessMask = 1179817}
}
$ace.AceType = 0
$ace.AceFlags = 3
$ace.trustee = $trustee.mshobject.baseobject
$SD.DACL = @($ACE.mshobject.baseobject)
$share = get-wmiObject win32_share -filter "name='$share'"
$inparams = $share.GetMethodParameters("setShareInfo")
$inParams["Access"] = $SD.mshobject.baseobject
$share.invokemethod("setshareInfo",$inparams,$null)
# Sets the security of a existing Share
# /\/\o\/\/ 2005
$share = "Test"
$user = "administrators"
$Domain = $null
$mode = "Change"
$sd = new-object system.management.managementclass Win32_SecurityDescriptor
$ace = new-object system.management.managementclass Win32_ace
$Trustee = new-object system.management.managementclass win32_trustee
$Account = new-object system.security.principal.NtAccount($user)
$SID = $Account.translate([system.security.principal.securityidentifier])
[byte[]]$ba = ,0 * $sid.BinaryLength
$Trustee.Domain = $Domain
$Trustee.Name = $user
$Trustee.SID = $ba
switch ($mode) {
"Full" {$ace.AccessMask = 2032127}
"Change" {$ace.AccessMask = 1245631}
"Read" {$ace.AccessMask = 1179817}
}
$ace.AceType = 0
$ace.AceFlags = 3
$ace.trustee = $trustee.mshobject.baseobject
$SD.DACL = @($ACE.mshobject.baseobject)
$share = get-wmiObject win32_share -filter "name='$share'"
$inparams = $share.GetMethodParameters("setShareInfo")
$inParams["Access"] = $SD.mshobject.baseobject
$share.invokemethod("setshareInfo",$inparams,$null)
