Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Script when run on a local machine has to check each share and change the permission of all users and groups not to have full ownership.

Avatar of bsharath
bsharathFlag for India asked on
Programming Languages-OtherScripting LanguagesVB Script
46 Comments1 Solution2364 ViewsLast Modified:
Hi,

Script when run on a local machine has to check each share and change the permission of all users and groups not to have full ownership.
What i mean is.
Say a user has full permissions on a folder in a remote machine. he can change like add user to the share from his machine on the remote machine. I want to remote those powers. Not sure on how to do it. Can we have a script that can check all the 100's of shares that i have in the machine and do that change for all the shares except 1 group.

i have the group name as "Nas Admin" only this has to have all the powers and change any other even the Administrator should not have permissions.

Regards
Sharath
@ECHO on
SETLOCAL ENABLEDELAYEDEXPANSION
Set CSVFile=C:\EveryoneShareSecurity.csv
 
IF NOT EXIST "%CSVFile%" ECHO "Machine Name","Share Name","Share/Security Info">"%CSVFile%"
 
for /F %%a in (C:\Computers.txt) do CALL :PROCESS %%a
 
GOTO :EOF
 
:PROCESS
for /f "tokens=1 delims=:" %%a in ('rmtshare \\%1^| find /v /i "default share" ^| find /v /i "Remote admin" ^| find /v /i "Remote IPC" ^| FIND /v /i "Printer drivers" ^| FIND ":"') DO (
    set Share=%%a
    set Share=!Share:~0,-2!
    For /l %%z in (1,1,30) DO if "!Share:~-1!" == " " Set Share=!Share:~0,-1!
 
    Set EveryoneSharePerm=
    RMTSHARE \\%1\"!Share!" | find /i "\everyone" | find /i "FULL CONTROL"
    IF NOT ERRORLEVEL 1 Set EveryoneSharePerm=Writeable
 
    if not defined EveryoneSharePerm (
        RMTSHARE \\%1\"!Share!" | find /i "\everyone" | find /i "CHANGE"
        IF NOT ERRORLEVEL 1 Set EveryoneSharePerm=Writeable
    )
 
    
    IF DEFINED EveryoneSharePerm (
        ECHO "%1","!Share!","Share permissions for everyone is writeable">>"%CSVFile%"
        ECHO "%1","!Share!","Changing everyone share permmissions to read">>"%CSVFile%"
        RMTSHARE \\%1\"!Share!" /grant everyone:R
        RMTSHARE \\%1\"!Share!" | find /i "everyone" | find /i "READ"
        IF NOT ERRORLEVEL 1 (
            ECHO "%1","!Share!","Successfully changed everyone share permissions to read">>"%CSVFile%"
            Set EveryoneSharePerm=
        ) ELSE (
            ECHO "%1","!Share!","Error occurred while Changing everyone share permissions to read">>"%CSVFile%"
        )
    )
 
    Set EveryoneSecurityPerm=
        FOR /f "tokens=1,*" %%b in ('rmtshare \\%1\"!Share!" ^| FIND /i "Path"') DO (
            Set SharePath=%%c
            Set SharePath=!SharePath::=$!          
            cacls "\\%1\!SharePath!" | find /i "everyone" | findstr /e /i /c:"F "
            IF NOT ERRORLEVEL 1 Set EveryoneSecurityPerm=Writeable
 
            IF NOT DEFINED EveryoneSecurityPerm (
                cacls "\\%1\!SharePath!" | find /i "everyone" | findstr /e /i /c:"C "
                IF NOT ERRORLEVEL 1 Set EveryoneSecurityPerm=Writeable
            )
  
            IF DEFINED EveryoneSecurityPerm (
                ECHO "%1","!Share!","Security everyone is writeable">>"%CSVFile%"
                ECHO "%1","!Share!","Changing everyone security to read">>"%CSVFile%"
                cacls "\\%1\!SharePath!" /e /t /p everyone:R
                cacls "\\%1\!SharePath!" | find /i "everyone" | findstr /e /i /c:"R "
                IF NOT ERRORLEVEL 1 (
                    ECHO "%1","!Share!","Successfully changed everyone security to read">>"%CSVFile%"
                    Set EveryoneSecurityPerm=
                ) ELSE (
                    ECHO "%1","!Share!","Error occurred while Changing everyone security to read">>"%CSVFile%"
                )
            )
        )
    IF DEFINED EveryoneSharePerm IF DEFINED EveryoneSecurityPerm ECHO "%1","!Share!","Share/Security permissions for everyone is writeable">>"%CSVFile%" 
)
ASKER CERTIFIED SOLUTION
Avatar of AmazingTech
Commented:
This problem has been solved!
Unlock 1 Answer and 46 Comments.
See Answers