Solved

VBScript Login Script to change share Permissions

Posted on 2009-04-14
6
1,086 Views
Last Modified: 2012-05-06
Hello,
I'm Looking for a VBScript to change all the shares permissions
from EVERYONE - Full Control to EVERYONE - Read
.
0
Comment
Question by:aztechacker
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24147649

It should work if you do it like this.

Just pop out the "WScript.Echo" lines if you want it to run silently.

Chris

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_
  objTrustee.Name = "EVERYONE"
 
  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_
  objACE.AceType = 0 ' Allow
  objACE.AceFlags = 0 ' N/A for Shares
  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise
  objACE.Trustee = objTrustee
 
  ' Rewrite the DACL
  objSD.DACL = Array(objACE)
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Open in new window

0
 

Author Comment

by:aztechacker
ID: 24148676
It works great but the scrips removes also the domain users permissions, is there a way to only modify EVERYONE only, and leve the other permissions intact.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 24155461

Certainly is... this should do it.

Chris

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim arrDACL : arrDACL = objSD.DACL
 
  Dim i
  For i = 0 To UBound(arrDACL)
    If arrDACL(i).Trustee.Name = "Everyone" Then
      arrDACL(i).AccessMask = 1179817 ' ReadAndExecute and Synchronise
    End If
    i = i + 1
  Next
 
  ' Replace the DACL with the updated version
  objSD.DACL = arrDACL
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Open in new window

0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:aztechacker
ID: 24159515
It works but the everyone - full stays full it doesnt change to read only
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24159536

Hmm really? I tested that so many times before posting it. Which OS is it running against? I'll be a bit more specific in my testing, could just be failing to find "everyone" because of a case-mismatch.

Chris
0
 

Author Comment

by:aztechacker
ID: 24159680
I'm testing on Windows XP, Vista and Windows 7
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question