Powershell or VBS Script to Share a Web Folder and set permissions (Web Sharing)

Not sure why this is under the IIS section as its a script question but...
Here is a vb script that strips out all security and grants "everybody" read permissions. You will have to change that part to setting the permissions for who and what you want.

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_
  objTrustee.Name = "EVERYONE"
 
  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_
  objACE.AceType = 0 ' Allow
  objACE.AceFlags = 0 ' N/A for Shares
  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise
  objACE.Trustee = objTrustee
 
  ' Rewrite the DACL
  objSD.DACL = Array(objACE)
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Select allOpen in new window

The Powershell and VB Zones were picked higher than IIS.

The Web Sharing creates a directory under IIS.  Does this script create the WEB Share?

No, it deals with standard file shares, and only security there (it doesn't create a share).

Is this with IIS 6? Otherwise, which operating system / version of Windows?

Chris

Windows 2003
IIS 6.0

Okay, I have some of those at work, I'll have a poke around and see if I can get it to play in the morning :)

Chris

Okay, so..

Web Sharing, it creates a Virtual Directory in IIS with the path set to the folder. We can do that easily enough :) Would it be fair to assume the Default Web Site is the target?

And when you mentioned permissions, did you mean "Access Permissions"? And if so, what would you like them set to?

Chris

no its not the default website, its a virtual directory under that called Sessions.

Set Access permissions to Read
Set Applicaiton Permissions to Scripts

I'm sorry .  I appreciate your help. I just learned that i have to do some more.

After the virtual directory is created
I have to right click the directory and go to properties
1) Go to the directory security tab.  Click Edit
Enable anonymous access.
2) Go to the ASP.Net tab
select the ASP.NET 2.0.xxxxx
3) Go to the Documents Tab
Add default.aspx.

Okay, cool.

If we were to go with PowerShell (as an example) we could do this...

Chris

$ServerName = "ServerName"
$Folder = Get-Item "FolderOrFolderPath"
 
# The Default Web Site is Site ID 1.
$SessionsDir = [ADSI]"IIS://$ServerName/W3SVC/1/ROOT/Sessions"
# Create a new Virtual Directory
$NewVirtualDirectory = $SessionsDir.Create("IIsWebVirtualDir", $Folder.Name)
# Give it the same name as the folder referred to above
$NewVirtualDirectory.Put("Path", $Folder.FullName)
# Set Read and Run Scripts
$NewVirtualDirectory.Put("AccessFlags", 513)
# Commit the changes
$NewVirtualDirectory.SetInfo()

Select allOpen in new window

Oh okay, no bother. Hold on.

Chris

Well not much bother.

I've done this before, to change between versions of .NET on a virtual directory (or site) the ScriptMaps must be rewritten.

It's not hard, it's just messy because you have to try and swap the version numbers around. Is there a directory that runs the right version of .NET already? If so, copying them from there (in the script) would be really useful.

With that bit pending, these are the other settings. Still in PowerShell. Is that okay? I can rewrite in VbScript if you prefer, it isn't much different, especially not when we're using ADSI like this.

Chris

$ServerName = "ServerName"
$Folder = Get-Item "FolderOrFolderPath"
 
# The Default Web Site is Site ID 1.
$SessionsDir = [ADSI]"IIS://$ServerName/W3SVC/1/ROOT/Sessions"
# Create a new Virtual Directory
$NewVirtualDirectory = $SessionsDir.Create("IIsWebVirtualDir", $Folder.Name)
# Give it the same name as the folder referred to above
$NewVirtualDirectory.Put("Path", $Folder.FullName)
# Set Read and Run Scripts
$NewVirtualDirectory.Put("AccessFlags", 513)
# Configure the application settings
$NewVirtualDirectory.Put("AppRoot",  "/LM/W3SVC/1/Root/Sessions/$($Folder.Name)")
$NewVirtualDirectory.Put("AppIsolated", 2)
# Allow Anonymous Access with the default IUSR account
$NewVirtualDirectory.Put("AuthFlags", 1)
$NewVirtualDirectory.Put("UNCPassword", "")
# Set the default Document
$NewVirtualDirectory.Put("DefaultDoc", "default.aspx")
# Commit the changes
$NewVirtualDirectory.SetInfo()

Select allOpen in new window

Yeah i think VB is better for me.  I'm getting all types of errors in Powershell.  
I created a file with .ps1 as the extention and running the script ./xxxxxx.ps1

Probably better just pasting it into the PowerShell prompt :)

Not to worry... VbScript version of the same, not much difference :)

Chris

Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFolder : Set objFolder = objFSO.GetFolder("FolderOrFolderPath")
 
Dim strServerName : strServerName = "ServerName"
 
' The Default Web Site is Site ID 1.
Set objSessionsDir = GetObject("IIS://" & strServerName & "/W3SVC/1/ROOT/Sessions")
' Create a new Virtual Directory
Set objNewVDir = objSessionsDir.Create("IIsWebVirtualDir", objFolder.Name)
' Give it the same name as the folder referred to above
objNewVDir.Put "Path", objFolder.Path
' Set Read and Run Scripts
objNewVDir.Put "AccessFlags", 513
' Configure the application settings
objNewVDir.Put "AppRoot",  "/LM/W3SVC/1/Root/Sessions/" & objFolder.Name
objNewVDir.Put "AppIsolated", 2
' Allow Anonymous Access with the default IUSR account
objNewVDir.Put "AuthFlags", 1
objNewVDir.Put "UNCPassword", ""
' Set the default Document
objNewVDir.Put "DefaultDoc", "default.aspx"
' Commit the changes
objNewVDir.SetInfo()

Select allOpen in new window

I changed the FolderorFolderPath to C:\sessions
I changed the ServerName to the name of the server SERVER1

I'm getting the system cannot find the path specified
line 7

Hmm I might have misunderstood. When you said Sessions earlier, did you mean you needed to create the new virtual directory underneath that (in IIS)?

Or did you mean that was the name of it?

If it's the name, and doesn't exist, we need to modify the IIS path we feed the script, bringing it up a level (as below). Not a big change, just alters where I thought we were creating the new virtual directory.

Chris

Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFolder : Set objFolder = objFSO.GetFolder("FolderOrFolderPath")
 
Dim strServerName : strServerName = "ServerName"
 
' The Default Web Site is Site ID 1.
Set objWebsite = GetObject("IIS://" & strServerName & "/W3SVC/1/ROOT")
' Create a new Virtual Directory
Set objNewVDir = objWebsite.Create("IIsWebVirtualDir", objFolder.Name)
' Give it the same name as the folder referred to above
objNewVDir.Put "Path", objFolder.Path
' Set Read and Run Scripts
objNewVDir.Put "AccessFlags", 513
' Configure the application settings
objNewVDir.Put "AppRoot",  "/LM/W3SVC/1/Root/" & objFolder.Name
objNewVDir.Put "AppIsolated", 2
' Allow Anonymous Access with the default IUSR account
objNewVDir.Put "AuthFlags", 1
objNewVDir.Put "UNCPassword", ""
' Set the default Document
objNewVDir.Put "DefaultDoc", "default.aspx"
' Commit the changes
objNewVDir.SetInfo()

Select allOpen in new window

That worked!  Sorry i wasnt explaining myself correctly.
So to set the ASP.net version It has to be copied from an existing directory?

Well, it can be set without, but the field looks like the snippet below. We have to modify every .NET version number in there to v2. Okay it's already 2 here, that's because I only have 2 installed on my web server :)

Anyway, it's a fair amount of hassle, so if there is somewhere we can grab it from it would be lovely and quick.

Last time I did it I just replaced v1.somethingorother with v2.0.50727 for each which is fine but you end up hard-coding the version numbers. So if you prefer to set it (rather than copy it) I need to know what version it's set to by default :)

Chris

.asp,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
.cer,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
.cdx,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
.asa,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
.idc,C:\WINDOWS\system32\inetsrv\httpodbc.dll,5,GET,POST
.shtm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.shtml,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.stm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.asax,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ascx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ashx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.asmx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.aspx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.axd,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.vsdisco,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.rem,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.soap,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.config,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.cs,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.csproj,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vb,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vbproj,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.webinfo,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.licx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.resx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.resources,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.master,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.skin,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.compiled,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.browser,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.mdb,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.jsl,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vjsproj,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sitemap,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.msgx,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.ad,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.dd,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldd,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sd,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.cd,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.adprototype,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.lddprototype,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sdm,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sdmDocument,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldb,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.mdf,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldf,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.java,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.exclude,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.refresh,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.svc,c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.xoml,C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.rules,C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG

Select allOpen in new window

Thanks.

If i had to do the same script but the FolderOrFolderPath was set to c:\inetpub\wwwroot\Sessions2

what would change in the rest of the script except the 2nd line?

Nothing except that line. It names everything else after the folder you set there.

Chris

I get path not found. when i change it to c:\inetpub\wwwroot\Sessions2

another question:  If the virtual directory is there in IIS, but not Shared what line can I add to share it.?

It should just be the Path, it seems to happily link back as long as there's a reference in the site.

So..

Set objVDir = GetObject("IIS://" & strServer & "/W3SVC/1/ROOT/WhatEverTheVirtualDirectoryIsCalled")
objVDir.Put "Path", "c:\inetpub\wwwroot\Sessions2"
objVDir.SetInfo()

Chris

THANK YOU!!!

The ASP.net by default is 1.1.4322
the other choice is 2.0.50727

Question for sharepointguru14 or anyone:
This code below strips all security and adds everyone with read permissions.

How can i change it to KEEP the existing security but also add a user (domain\username) with:
Modify, read/execute, list folder contents, Read, Write.

Sub ResetShareSecurity(objWMI, strShare)
  Dim objSecurity : Set objSecurity = objWMI.Get("Win32_LogicalShareSecuritySetting.Name='" & strShare & "'")
  Dim objSD : objSecurity.GetSecurityDescriptor objSD
 
  Dim objTrustee : Set objTrustee = GetObject("winmgmts:Win32_Trustee").SpawnInstance_
  objTrustee.Name = "EVERYONE"
 
  Dim objACE : Set objACE = GetObject("winmgmts:Win32_ACE").SpawnInstance_
  objACE.AceType = 0 ' Allow
  objACE.AceFlags = 0 ' N/A for Shares
  objACE.AccessMask = 1179817 ' ReadAndExecute and Synchronise
  objACE.Trustee = objTrustee
 
  ' Rewrite the DACL
  objSD.DACL = Array(objACE)
 
  Dim intReturn : intReturn = objSecurity.SetSecurityDescriptor(objSD)
 
  If intReturn = 0 Then
    WScript.Echo strShare & ": Success"
  Else
    WScript.Echo strShare & ": Failed - Return: " & intReturn
  End If
End Sub
 
' The system to execute this script against
Dim strComputer : strComputer = "."
 
' Connect to WMI
Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
 
' Return all of the shares (Type = 0 means File Shares only, exclude 
' are Administrative, Printer, etc)
Dim colItems : Set colItems = _
  objWMI.ExecQuery("SELECT * FROM Win32_Share WHERE Type='0'", "WQL", _
  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
Dim objItem
For Each objItem in colItems
  ResetShareSecurity objWMI, objItem.Name
Next

Select allOpen in new window

Ok i got it!  i just need help with the ASP version switch
below changed the permissions on a folder.

Dim strHomeFolder, strHome, strUser
Dim intRunError, objShell, objFSO
 
strHomeFolder = "C:\inetpub\wwwroot\sessions2"
 
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
	If objFSO.FolderExists(strHomeFolder) Then
	intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " _
	& strHomeFolder & " /t /c /g domain\iis_wp:C ", 2, True)
		
		If intRunError <> 0 Then
	Wscript.Echo "Error assigning permissions for user " _
		& strUser & " to home folder " & strHomeFolder
		End If
	End If

Select allOpen in new window

This changed the 1.1.4.322 to blank..  

ok i figured it out..
i changed the "2.0.50727" to "v2.0.50727"

Oops sorry, yeah, that would do it.

Working now?

Chris

Yes it works perfect!  i can't say THank you enough!

Thank you Chris!