##########################################
Create a bunch of shares with permissions
(C) Dr. Holger Schwichtenberg, www.IT-Visions.de
##########################################
Parameters
$Computer = "."
Subs
Constants
$SHARE_READ = 1179817
$SHARE_CHANGE = 1245462
$SHARE_FULL = 2032127
$SHARE_NONE = 1
$ACETYPEACCESSALLOWED = 0
$ACETYPEACCESSDENIED = 1
$ACETYPESYSTEMAUDIT = 2
$ACEFLAGINHERITACE = 2
$ACEFLAGNO_PROPAGATE_INHERITACE = 4
$ACEFLAGINHERIT_ONLYACE = 8
$ACEFLAGINHERITEDACE = 16
$ACEFLAGVALID_INHERITFLAGS = 31
$ACEFLAGSUCCESSFULACCESS = 64
$ACEFLAGFAILEDACCESS = 128
Get Trustee
function New-Trustee($Domain, $User)
{
$Account = new-object system.security.principal.ntaccount("itv\hs")
$SID = $Account.Translate([system.security.principal.securityidentifier])
$useraccount = [ADSI] ("WinNT://" + $Domain + "/" + $User)
$mc = [WMIClass] "Win32_Trustee"
$t = $MC.CreateInstance()
$t.Domain = $Domain
$t.Name = $User
$t.SID = $useraccount.Get("ObjectSID")
return $t
}
Create ACE
function New-ACE($Domain, $User, $Access, $Type, $Flags)
{
$mc = [WMIClass] "Win32_Ace"
$a = $MC.CreateInstance()
$a.AccessMask = $Access
$a.AceFlags = $Flags
$a.AceType = $Type
$a.Trustee = New-Trustee $Domain $User
return $a
}
Create SD
function Get-SD
{
$mc = [WMIClass] "Win32_SecurityDescriptor"
$sd = $MC.CreateInstance()
$ACE1 = New-ACE "ITV" "Geschäftsführung" $SHAREREAD $ACETYPE_ACCESS_ALLOWED $ACEFLAG_INHERITACE
$ACE2 = New-ACE "ITV" "Vertrieb" $SHAREFULL $ACETYPE_ACCESS_ALLOWED $ACEFLAG_INHERITACE
$ACE3 = New-ACE "ITV" "Produktmanagement" $SHAREFULL $ACETYPE_ACCESS_ALLOWED $ACEFLAG_INHERITACE
[System.Management.ManagementObject[]] $DACL = $ACE1 , $ACE2, $ACE3
$sd.DACL = $DACL
return $sd
}
Function New-Share($Computer,$ShareName, $Path, $Comment, $Access)
{
Info
"Creating Share $ShareName for $Path..."
Delete if exists
get-WmiObject Win32_Share -ComputerName $Computer -Filter "Name='$ShareName'" | foreach {
Write-Warning "Deleting existing share $($_.Name)..."
$_.Delete()
}
Win32_Share anlegen
$MC = [WMIClass] "ROOT\CIMV2:Win32_Share"
$Access = Get-SD
$R = $mc.Create($pfad, $Sharename, 0, 10, $Comment, "", $Access)
Result
if ( $R.ReturnValue -ne 0) { Write-Error ("Error creating share: " + $R.ReturnValue); Exit}
"Share was created!"
}
Get XML file
$doc = [xml] (Get-Content -Path h:\demo\powershell\dateisystem\shares.xml)
$shares = $doc.SelectNodes("//Share")
Loop
foreach ($share in $shares)
{
New-Share $Computer $share.Name $share.Path $share.description
}