Solved

VBScript Login Script to change share Permissions

Posted on 2009-04-14
6
1,088 Views
Last Modified: 2012-05-06
Hello,
I'm Looking for a VBScript to change all the shares permissions
from EVERYONE - Full Control to EVERYONE - Read
.
0
Comment
Question by:aztechacker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24147649

It should work if you do it like this.

Just pop out the "WScript.Echo" lines if you want it to run silently.

Chris

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_
  objTrustee.Name = "EVERYONE"
 
  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_
  objACE.AceType = 0 ' Allow
  objACE.AceFlags = 0 ' N/A for Shares
  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise
  objACE.Trustee = objTrustee
 
  ' Rewrite the DACL
  objSD.DACL = Array(objACE)
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Open in new window

0
 

Author Comment

by:aztechacker
ID: 24148676
It works great but the scrips removes also the domain users permissions, is there a way to only modify EVERYONE only, and leve the other permissions intact.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 24155461

Certainly is... this should do it.

Chris

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim arrDACL : arrDACL = objSD.DACL
 
  Dim i
  For i = 0 To UBound(arrDACL)
    If arrDACL(i).Trustee.Name = "Everyone" Then
      arrDACL(i).AccessMask = 1179817 ' ReadAndExecute and Synchronise
    End If
    i = i + 1
  Next
 
  ' Replace the DACL with the updated version
  objSD.DACL = arrDACL
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:aztechacker
ID: 24159515
It works but the everyone - full stays full it doesnt change to read only
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24159536

Hmm really? I tested that so many times before posting it. Which OS is it running against? I'll be a bit more specific in my testing, could just be failing to find "everyone" because of a case-mismatch.

Chris
0
 

Author Comment

by:aztechacker
ID: 24159680
I'm testing on Windows XP, Vista and Windows 7
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question