/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" Einstein "," Runas with loading Profile script in MSH "," do the MSH - CMD- MSH loop. & RunAs in MSH "," list processes of remote computer from MSH "," MSH Error message line number and Trap. "," Strange behavour of get-member on DataTables "," CodeSigning in Monad" Shell Beta 2 (for .NET Frame... "," WMI viewer script for MSH (GUI) "," Monad Release for Whidbey RTM "," Thow Dices in MSH "," ")

Tuesday, November 01, 2005

 


Replace Security on existing share using MSH



This script will Change (replace) the security of an existing share, using the SetInfo Method of win32_share. (you can also set Description and Max-users by using the SetInfo method.)

you have to put in the SID as an array manualy,
it is possible (even easy) to get a SID in MSH
See Also : Getting and using a SecurityPrincipal from MSH "

but WMI does want it as an array, (there is also a property SIDstring in win32_trustee that takes the SID as text, that should work after W2K) but it will not work on my XP-box.

looks like I really need the Binary SID for this.

the system.security.principal.securityidentifier class has a function GetBinaryForm,
but it takes a ByteArray ByRef as input to fill it, I don't know how to do that in MSH yet.

*UPDATE* I got some help with this, and also posted a new version of this script
See : Get Binary SID in MSH (Share Security Update)

also with setting ShareSecurity you have to add the Synchronize right by hand, only by FullControl this one gets set. (so maybe just using the Integer values is more handy).

also the AceType and AceFlags properties have Enums in .NET 2.0 also, but as they are so simple in this case I just use the integers.

I did not work this out as a function yet, as I want to resolve the SID issue first.

gr /\/\o\/\/



# Set-ShareInfo.msh
# Sets the security of a Share
# /\/\o\/\/ 2005

# get the needed WMI Classes

$sd = new-object system.management.managementclass Win32_SecurityDescriptor
$ace = new-object system.management.managementclass Win32_ace
$Trustee = new-object system.management.managementclass win32_trustee

# Make AccessMask

# this are the values, With Change and Read (you need to add Synchronize Also if using the FileSystemRights)
# (so maybe better to just use the list of Integers,I leave the FileSystemRights in for reference).

# 2032127 "Full"
# 1245631 "Change"
# 1179817 "Read"

$mode = "Change"
switch ($mode) {
"Full" {$AM = ([System.Security.AccessControl.FileSystemRights]"FullControl").Value__}
"Read" {$AM = ([System.Security.AccessControl.FileSystemRights]"ReadAndExecute").Value__ + ([System.Security.AccessControl.FileSystemRights]"Synchronize").Value__}
"Change" {$AM = ([System.Security.AccessControl.FileSystemRights]"Modify").Value__ + ([System.Security.AccessControl.FileSystemRights]"Synchronize").Value__}
}

# Make the Trustee

$Trustee.Domain = $Null
$Trustee.Name = "Everyone"

#Still looking for A way to get this from text SID (setting SIDstring will not work)
# the SID has a function but I don't know how to do a ByRef in MSH
# $sid.GetBinaryForm($global:ba,0), for now do it by hand.

$Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)

$ace.AccessMask = $AM

# AceType Value Meaning
# 0 Access Allowed
# 1 Access Denied
# 2 Audit

$ace.AceType = 0
$ace.AceFlags = 3
$ace.trustee = $trustee.mshobject.baseobject

# add the ACE(s) to the DACL

$SD.DACL = @($ACE.mshobject.baseobject)

#get the Share

$share = get-wmiObject win32_share -filter "name='mp3'"
$inparams = $share.GetMethodParameters("setShareInfo")

#set parameters

#$inParams["Description"] = "test"
$inParams["Access"] = $SD.mshobject.baseobject

#Write back

$share.invokemethod("setshareInfo",$inparams,$null)







Links to this post:

Create a Link



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?