• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1100
  • Last Modified:

VBScript Login Script to change share Permissions

Hello,
I'm Looking for a VBScript to change all the shares permissions
from EVERYONE - Full Control to EVERYONE - Read
.
0
aztechacker
Asked:
aztechacker
  • 3
  • 3
1 Solution
 
Chris DentPowerShell DeveloperCommented:

It should work if you do it like this.

Just pop out the "WScript.Echo" lines if you want it to run silently.

Chris

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_
  objTrustee.Name = "EVERYONE"
 
  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_
  objACE.AceType = 0 ' Allow
  objACE.AceFlags = 0 ' N/A for Shares
  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise
  objACE.Trustee = objTrustee
 
  ' Rewrite the DACL
  objSD.DACL = Array(objACE)
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Open in new window

0
 
aztechackerAuthor Commented:
It works great but the scrips removes also the domain users permissions, is there a way to only modify EVERYONE only, and leve the other permissions intact.
0
 
Chris DentPowerShell DeveloperCommented:

Certainly is... this should do it.

Chris

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim arrDACL : arrDACL = objSD.DACL
 
  Dim i
  For i = 0 To UBound(arrDACL)
    If arrDACL(i).Trustee.Name = "Everyone" Then
      arrDACL(i).AccessMask = 1179817 ' ReadAndExecute and Synchronise
    End If
    i = i + 1
  Next
 
  ' Replace the DACL with the updated version
  objSD.DACL = arrDACL
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Open in new window

0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
aztechackerAuthor Commented:
It works but the everyone - full stays full it doesnt change to read only
0
 
Chris DentPowerShell DeveloperCommented:

Hmm really? I tested that so many times before posting it. Which OS is it running against? I'll be a bit more specific in my testing, could just be failing to find "everyone" because of a case-mismatch.

Chris
0
 
aztechackerAuthor Commented:
I'm testing on Windows XP, Vista and Windows 7
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now