Solved

VBScript Login Script to change share Permissions

Posted on 2009-04-14
6
1,084 Views
Last Modified: 2012-05-06
Hello,
I'm Looking for a VBScript to change all the shares permissions
from EVERYONE - Full Control to EVERYONE - Read
.
0
Comment
Question by:aztechacker
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24147649

It should work if you do it like this.

Just pop out the "WScript.Echo" lines if you want it to run silently.

Chris


Sub ResetShareSecurity(objWMI, strShare)

  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")

  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 

  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_

  objTrustee.Name = "EVERYONE"
 

  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_

  objACE.AceType = 0 ' Allow

  objACE.AceFlags = 0 ' N/A for Shares

  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise

  objACE.Trustee = objTrustee
 

  ' Rewrite the DACL

  objSD.DACL = Array(objACE)
 

  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 

  If intReturn = 0 Then

    WScript.Echo strShare & ": Success"

  Else

    WScript.Echo strShare & ": Failed - Return: " & intReturn

  End If

End Sub
 

' The system to execute this script against

Dim strComputer : strComputer = "."

 

' Connect to WMI

Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

 

' Return all of the shares (Type = 0 means File Shares only, exclude 

' are Administrative, Printer, etc)

Dim colItems : Set colItems = _

  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _

  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 

Dim objItem

For Each objItem in colItems

  ResetShareSecurity objWMI, objItem.Name

Next

Open in new window

0
 

Author Comment

by:aztechacker
ID: 24148676
It works great but the scrips removes also the domain users permissions, is there a way to only modify EVERYONE only, and leve the other permissions intact.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 24155461

Certainly is... this should do it.

Chris


Sub ResetShareSecurity(objWMI, strShare)

  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")

  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 

  Dim arrDACL : arrDACL = objSD.DACL
 

  Dim i

  For i = 0 To UBound(arrDACL)

    If arrDACL(i).Trustee.Name = "Everyone" Then

      arrDACL(i).AccessMask = 1179817 ' ReadAndExecute and Synchronise

    End If

    i = i + 1

  Next
 

  ' Replace the DACL with the updated version

  objSD.DACL = arrDACL
 

  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 

  If intReturn = 0 Then

    WScript.Echo strShare & ": Success"

  Else

    WScript.Echo strShare & ": Failed - Return: " & intReturn

  End If

End Sub
 

' The system to execute this script against

Dim strComputer : strComputer = "."

 

' Connect to WMI

Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

 

' Return all of the shares (Type = 0 means File Shares only, exclude 

' are Administrative, Printer, etc)

Dim colItems : Set colItems = _

  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _

  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 

Dim objItem

For Each objItem in colItems

  ResetShareSecurity objWMI, objItem.Name

Next

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:aztechacker
ID: 24159515
It works but the everyone - full stays full it doesnt change to read only
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24159536

Hmm really? I tested that so many times before posting it. Which OS is it running against? I'll be a bit more specific in my testing, could just be failing to find "everyone" because of a case-mismatch.

Chris
0
 

Author Comment

by:aztechacker
ID: 24159680
I'm testing on Windows XP, Vista and Windows 7
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an addendum to the following article: Acitve Directory based Outlook Signature (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24950055.html) The script is fine, and works in normal client-server domains…
This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now