/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" Replace Security on existing share using MSH "," Einstein "," Runas with loading Profile script in MSH "," do the MSH - CMD- MSH loop. & RunAs in MSH "," list processes of remote computer from MSH "," MSH Error message line number and Trap. "," Strange behavour of get-member on DataTables "," CodeSigning in Monad" Shell Beta 2 (for .NET Frame... "," WMI viewer script for MSH (GUI) "," Monad Release for Whidbey RTM "," ")

Tuesday, November 01, 2005


Get Binary SID in MSH (Share Security Update)

My problem of gettting the Binary SID, ( Replace Security on existing share using MSH ) had to do with the way I did make the byte-array. as was pointed out to me in the Newsgroup (Pasted post below, THX again from here).

I posted the changed script again, below also.

So now we can make this into a decent function that only Takes :
-share -user -rights.

*remark* the script as is Replaces the compleet Security descriptor, you would also want to make one that first gets the SD from the share, add an ACE and write it back. (should not be difficult, working from wat we have already.) and the same trick will work while creating the share.

but I will not spoil all the fun for you ;-)

gr /\/\o\/\/
Jouko Kynsijärvi wrote:

This works for me (running MSH on .NET 2.0 RTM):

$Account = new-object system.security.principal.ntaccount("Administrators")
$SID = $Account.translate([system.security.principal.securityidentifier])
[byte[]]$ba = ,0 * $sid.BinaryLength

I guess the reason your code didn't work was that $ba was an array of
objects (not bytes), so passing by ref didn't work.


# Set-ShareInfo.msh
# Sets the security of a existing Share
# /\/\o\/\/ 2005
$share = "Test"
$user = "administrators"
$Domain = $null
$mode = "Change"

$sd = new-object system.management.managementclass Win32_SecurityDescriptor
$ace = new-object system.management.managementclass Win32_ace
$Trustee = new-object system.management.managementclass win32_trustee

$Account = new-object system.security.principal.NtAccount($user)
$SID = $Account.translate([system.security.principal.securityidentifier])
[byte[]]$ba = ,0 * $sid.BinaryLength

$Trustee.Domain = $Domain
$Trustee.Name = $user
$Trustee.SID = $ba

switch ($mode) {
  "Full"   {$ace.AccessMask = 2032127}
  "Change" {$ace.AccessMask = 1245631}
  "Read"   {$ace.AccessMask = 1179817}

$ace.AceType = 0
$ace.AceFlags = 3
$ace.trustee = $trustee.mshobject.baseobject
$SD.DACL = @($ACE.mshobject.baseobject)

$share = get-wmiObject win32_share -filter "name='$share'"

$inparams = $share.GetMethodParameters("setShareInfo")
$inParams["Access"]  =  $SD.mshobject.baseobject


Comments: Post a Comment

Links to this post:

Create a Link

<< Home


October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?