/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" Einstein "," Runas with loading Profile script in MSH "," do the MSH - CMD- MSH loop. & RunAs in MSH "," list processes of remote computer from MSH "," MSH Error message line number and Trap. "," Strange behavour of get-member on DataTables "," CodeSigning in Monad" Shell Beta 2 (for .NET Frame... "," WMI viewer script for MSH (GUI) "," Monad Release for Whidbey RTM "," Thow Dices in MSH "," ")
Tuesday, November 01, 2005
Replace Security on existing share using MSH
This script will Change (replace) the security of an existing share, using the SetInfo Method of win32_share. (you can also set Description and Max-users by using the SetInfo method.)
you have to put in the SID as an array manualy,
it is possible (even easy) to get a SID in MSH
See Also : Getting and using a SecurityPrincipal from MSH "
but WMI does want it as an array, (there is also a property SIDstring in win32_trustee that takes the SID as text, that should work after W2K) but it will not work on my XP-box.
looks like I really need the Binary SID for this.
the system.security.principal.securityidentifier class has a function GetBinaryForm,
but it takes a ByteArray ByRef as input to fill it, I don't know how to do that in MSH yet.
*UPDATE* I got some help with this, and also posted a new version of this script
See : Get Binary SID in MSH (Share Security Update)
also with setting ShareSecurity you have to add the Synchronize right by hand, only by FullControl this one gets set. (so maybe just using the Integer values is more handy).
also the AceType and AceFlags properties have Enums in .NET 2.0 also, but as they are so simple in this case I just use the integers.
I did not work this out as a function yet, as I want to resolve the SID issue first.
gr /\/\o\/\/
# Set-ShareInfo.msh
# Sets the security of a Share
# /\/\o\/\/ 2005
# get the needed WMI Classes
$sd = new-object system.management.managementclass Win32_SecurityDescriptor
$ace = new-object system.management.managementclass Win32_ace
$Trustee = new-object system.management.managementclass win32_trustee
# Make AccessMask
# this are the values, With Change and Read (you need to add Synchronize Also if using the FileSystemRights)
# (so maybe better to just use the list of Integers,I leave the FileSystemRights in for reference).
# 2032127 "Full"
# 1245631 "Change"
# 1179817 "Read"
$mode = "Change"
switch ($mode) {
"Full" {$AM = ([System.Security.AccessControl.FileSystemRights]"FullControl").Value__}
"Read" {$AM = ([System.Security.AccessControl.FileSystemRights]"ReadAndExecute").Value__ + ([System.Security.AccessControl.FileSystemRights]"Synchronize").Value__}
"Change" {$AM = ([System.Security.AccessControl.FileSystemRights]"Modify").Value__ + ([System.Security.AccessControl.FileSystemRights]"Synchronize").Value__}
}
# Make the Trustee
$Trustee.Domain = $Null
$Trustee.Name = "Everyone"
#Still looking for A way to get this from text SID (setting SIDstring will not work)
# the SID has a function but I don't know how to do a ByRef in MSH
# $sid.GetBinaryForm($global:ba,0), for now do it by hand.
$Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
$ace.AccessMask = $AM
# AceType Value Meaning
# 0 Access Allowed
# 1 Access Denied
# 2 Audit
$ace.AceType = 0
$ace.AceFlags = 3
$ace.trustee = $trustee.mshobject.baseobject
# add the ACE(s) to the DACL
$SD.DACL = @($ACE.mshobject.baseobject)
#get the Share
$share = get-wmiObject win32_share -filter "name='mp3'"
$inparams = $share.GetMethodParameters("setShareInfo")
#set parameters
#$inParams["Description"] = "test"
$inParams["Access"] = $SD.mshobject.baseobject
#Write back
$share.invokemethod("setshareInfo",$inparams,$null)
