Link to home
Start Free TrialLog in
Avatar of entint
entint

asked on

Help with scripting share permissions

Hi all, My developers have written a VB script  that shares all listed subfolders with "Everyone - Full Control". However, when running this on Server 2008 R2 x64, it only applies the "Read " bit. Please review the script to see what can be changed, or at least advise on a second script that can be ran afterwards. Thank you!

==========================================================================

Dim strFolder, strHome, strUser
Dim intRunError, objShell, objFSO
Dim strComputer
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 9999

'---------- CHANGE DIRECTORY PATH HERE ----------
strFolder = "E:\home"
'------------------------------------------------
strComputer = "."

Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.GetFolder(strFolder)
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")

SetPermissions objFSO.GetFolder(strFolder)

Function SetPermissions(Folder)

    For Each Subfolder in Folder.SubFolders
   
          'Reset Folder ACL
            If objFSO.FolderExists(strFolder) Then
                  intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls """ & Subfolder.Path & """ /t /c /g everyone:F", 2, True)
            End If
   
          'Share Folder
          intRunError = objNewShare.Create(Subfolder.Path,Subfolder.Name,FILE_SHARE,MAXIMUM_CONNECTIONS,"")  

    Next
      
End Function
Avatar of Martin_J_Parker
Martin_J_Parker
Flag of United Kingdom of Great Britain and Northern Ireland image

I suspect you are running foul of the sort of User Access Control crap that Vista started.
Does it run correctly if you right click it and "run as administrator"?
Avatar of entint
entint

ASKER

Tried that and UAC is turned off.
Your VB program appears to work fine on my Win 2008 R2 x64 server!
I do have admin privileges (not logged in as administrator but as AD user with admin rights).
I assume that your user does have full priv. in the E:\Home folder?
Avatar of entint

ASKER

Yes I am logged in as a Domain Admin. Server is on the Domain, so this group is in the local Administrators group. UAC and Windows Firewall are both off, so what else could be in the way. I have been tested this on new OS installs, not off an image, only clan installs.
Unless you have some strange non-standard cacls command in your path I don't see any reason why it should fail.  My system is pretty bog standard and fairly recently clean installed as well - although the AD and group permissions are set centrally so I can't be 100% sure that it hasn't been modified!
Avatar of entint

ASKER

No CACL command in DOS, only running the script above.No added paremeters if this is what you mean
ASKER CERTIFIED SOLUTION
Avatar of Martin_J_Parker
Martin_J_Parker
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of entint

ASKER

Admins have Full Control at the parent level. I tried to create a new folder and verified permissions with and without inheritance. I even took my account as owner. What could be so differnet about all of our servers here compared to yours?
Avatar of entint

ASKER

Can this be reopened? No one ever replied