Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
Solved

Change share permissions remotely

Posted on 2006-05-25
Medium Priority
2,012 Views
Hello experts,

I'm a network admin with about 100 computers that I watch. I want to change sharing permissions on a specific folder on each and every computer. Basically everyone has read access to this folder and I would like to change it so that only a specific user has access to that folder and if at all possible I'd like to change this stuff remotely so i dont have to go around to each computer individually to do this. Basically I know how to do it if I'm at the person's computer - I right click on the folder, click on properties, sharing tab, permissions, and i add in/remove names there. However, if I'm in someone else's computer through \\computername\c$and I right click on the folder, I don't get the sharing tab. Also, I can remote into their system as admin, but I don't want to disrupt their work. Any suggestions? 0 Question by:ciphron • 6 • 5 • 3 14 Comments LVL 1 Author Comment ID: 16764826 oh, and also, we're running a windows 2003 server with a combination of 2000 and XP machines 0 LVL 97 Assisted Solution Lee W, MVP earned 700 total points ID: 16764842 Don't bother changing the share permissions. In general, I recommend leaving them all set to EVERYONE:FULL CONTROL. Instead, modify NTFS permissions - this is easily scripted. Besides, share permissions have NO EFFECT on the logged on user whereas NTFS permissions apply to EVERYONE on the network and locally logged on. 0 LVL 1 Author Comment ID: 16764869 Alright, just how do I edit NTFS permissions then? Is that just through scripting? 0 LVL 24 Accepted Solution Kenneniah earned 700 total points ID: 16764889 Right-click My Computer and hit Manage. Then right-click Computer Management (Local) and hit Connect to another computer.... Enter the computer name and hit ok. Then browse to System Tools|Shared Folders|Shares. From there you can edit share permissions, create new shares etc. 0 LVL 1 Author Comment ID: 16764915 thanks, that will save a ton of time 0 LVL 97 Expert Comment ID: 16764944 You think that will save a ton of time? You should have waited for me to respond... 0 LVL 97 Expert Comment ID: 16765010 Create a GROUP with write privilages to the folder you want to allow a particular user to have write privilages to (yes, you could assign permissions to the user directly, but that's poor management as every time you want to add or remove a user you need to reset permissions - by using a group you just add the user to the group or remove them from the group. now, Create a list of computers, names only, one per line. I'll assume you call it "computers.txt" Then put the following in a batch file: --------------------------------8<------------------------------------------------ for /f "tokens=*" %%a in (computers.txt) do ( cacls "\\%%a\c$\path\to\shared\folder" /t /c /g WriteGroup:F
cacls "\\%%a\c\$\path\to\shared\folder" /t /e /c /g "domain users":R
)
--------------------------------8<------------------------------------------------

This does require the shared folder to be in the same place on every PC.  If it's not, then there are other things that can be done - for example, put the path of the share in the the same file as the computer names - but this is an example of why proper confiiguration can save HOURS of time OR MORE.

Run this script as a domain administrator.  In about 2-10 minutes you'll be done.

(Intially, you'll want to use a small sample of computers and TEST it first - even when you THINK you've got it, you need to be sure by testing it on a small sample first.  You can also get more elaborate and create a report to know which systems were off when you ran the script).
0

LVL 24

Expert Comment

ID: 16765235
Yeah, in most situations using Everyone on the share and controlling access with NFTS can work.
There are cases where you might want some users to have remote access, but not others, yet need them all to have local access however. This is usally in rare circumstances, and usually on some kind of shared computer.

The scripting NTFS permissions is great if you don't have too many variables. As you mentioned, different share locations can be fixed, and so can if they want a different user account for each share (in that case just using a group doesn't work). So then the text file would need computer name, local share path, and username. If that is the case, making the text file would take almost as long as doing it manually. So it's kind of situational. Don't get me wrong leew, I'm not saying anything bad about your method. I don't think share permissions is the best way either.

The BEST answer in the long run in my opinion, is to look at why you need to share a folder for one user on all these computers. Depending on the answer to that, the best option would be to start using a file server for those kinds of things.
0

LVL 97

Expert Comment

ID: 16765286
indeed, we should know WHY they have to share out folders on a local system.

But, that said, unless you're using a really messed up environment with different share names where no two are alike, you can still do all this via scripts.  For 10 computers, it's not really worth it, but for 100, it definitely is.  As usual, for such circumstances, I would take this time to compile something of a database of information about these systems that can also be used in the script to make the changes.
0

LVL 1

Author Comment

ID: 16768758
Well, we need a shared folder on everyone's individual computer because each user has a different file-set and each file is customized to that person with their name and contractor info etc in it. I want it to be shared because, well for one, my boss wants access to each and every one of those files and I want to allow access to those files across the network without having to bog down server harddrive space. Also, if the server is ever down for any period of time, they can still make proposals and do work without needing connection to the network. And the previous network admin set up this network, I'm just getting in to it so I've got a lot of changes to make - such as the names of the shared folder on everyone's computer :/
0

LVL 97

Expert Comment

ID: 16770244
Place that folder on the network and configure offline files for that file folder - otherwise, how else is it backed up?  In this circumstance, I see no reason to have a shared folder on the local system - it's just creating unnecessary administrator overhead.  I know you said someone else did it, so I hope you're planning to fix it.
0

LVL 1

Author Comment

ID: 16771472
Oh yeah, I had forgotten about offline files. That would definitely be a better solution.
0

LVL 24

Expert Comment

ID: 16771595
And as for taking up hard drive space on a server...that's what servers are for :)
0

LVL 1

Author Comment

ID: 16771674
yeah yeah... :)
0

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Integration Management Part 2
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses
Course of the Month11 days, 19 hours left to enroll