Solved

VBScript Login Script to change share Permissions

Posted on 2009-04-14
6
1,083 Views
Last Modified: 2012-05-06
Hello,
I'm Looking for a VBScript to change all the shares permissions
from EVERYONE - Full Control to EVERYONE - Read
.
0
Comment
Question by:aztechacker
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

It should work if you do it like this.

Just pop out the "WScript.Echo" lines if you want it to run silently.

Chris


Sub ResetShareSecurity(objWMI, strShare)

  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")

  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 

  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_

  objTrustee.Name = "EVERYONE"
 

  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_

  objACE.AceType = 0 ' Allow

  objACE.AceFlags = 0 ' N/A for Shares

  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise

  objACE.Trustee = objTrustee
 

  ' Rewrite the DACL

  objSD.DACL = Array(objACE)
 

  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 

  If intReturn = 0 Then

    WScript.Echo strShare & ": Success"

  Else

    WScript.Echo strShare & ": Failed - Return: " & intReturn

  End If

End Sub
 

' The system to execute this script against

Dim strComputer : strComputer = "."

 

' Connect to WMI

Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

 

' Return all of the shares (Type = 0 means File Shares only, exclude 

' are Administrative, Printer, etc)

Dim colItems : Set colItems = _

  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _

  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 

Dim objItem

For Each objItem in colItems

  ResetShareSecurity objWMI, objItem.Name

Next

Open in new window

0
 

Author Comment

by:aztechacker
Comment Utility
It works great but the scrips removes also the domain users permissions, is there a way to only modify EVERYONE only, and leve the other permissions intact.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 125 total points
Comment Utility

Certainly is... this should do it.

Chris


Sub ResetShareSecurity(objWMI, strShare)

  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")

  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 

  Dim arrDACL : arrDACL = objSD.DACL
 

  Dim i

  For i = 0 To UBound(arrDACL)

    If arrDACL(i).Trustee.Name = "Everyone" Then

      arrDACL(i).AccessMask = 1179817 ' ReadAndExecute and Synchronise

    End If

    i = i + 1

  Next
 

  ' Replace the DACL with the updated version

  objSD.DACL = arrDACL
 

  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 

  If intReturn = 0 Then

    WScript.Echo strShare & ": Success"

  Else

    WScript.Echo strShare & ": Failed - Return: " & intReturn

  End If

End Sub
 

' The system to execute this script against

Dim strComputer : strComputer = "."

 

' Connect to WMI

Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

 

' Return all of the shares (Type = 0 means File Shares only, exclude 

' are Administrative, Printer, etc)

Dim colItems : Set colItems = _

  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _

  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 

Dim objItem

For Each objItem in colItems

  ResetShareSecurity objWMI, objItem.Name

Next

Open in new window

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:aztechacker
Comment Utility
It works but the everyone - full stays full it doesnt change to read only
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hmm really? I tested that so many times before posting it. Which OS is it running against? I'll be a bit more specific in my testing, could just be failing to find "everyone" because of a case-mismatch.

Chris
0
 

Author Comment

by:aztechacker
Comment Utility
I'm testing on Windows XP, Vista and Windows 7
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an addendum to the following article: Acitve Directory based Outlook Signature (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24950055.html) The script is fine, and works in normal client-server domains…
I met Paul Devereux (@pdevereux) today when I responded to his tweet asking “Anybody know how to automate adding files from disk to a folder in #outlook  ?”.  I replied back and told Paul that using automation, in this case scripting, to add files t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now