We help IT Professionals succeed at work.

How to set share permission on folders - Everyone Permission

2,584 Views
Last Modified: 2018-02-06
Hello Sir,

Below script is working perfectly,  applying security group permission correctly .
My requirement is created folders should have  everyone shared permission on the folders, please help
_____________________________________________________________

Set-Location "C:\Users\narasimha.s\Desktop\foldertest"
$Folders = Import-Csv C:\Users\Narasimha.s\Desktop\foldertest\project.csv
ForEach ($Folder in $Folders) {
    $newFolder = New-Item -name $Folder.Name -type directory
    $acl = Get-Acl $newFolder.FullName

    $ace = New-Object System.Security.AccessControl.FileSystemAccessRule('Domain\shr-projectsnew', 'Modify,Synchronize', 'ContainerInherit,ObjectInherit', 'None', 'Allow')
    $acl.AddAccessRule($ace)

    Set-Acl $newFolder.FullName -AclObject $acl
}
Comment
Watch Question

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
Do you mean you need to create a file share based on the folder? At the moment you're setting NTFS permissions and the new folder is not shared.

If it's NTFS permissions, what rights do you wish to assign Everyone?
SAM ITAD windows Admin  

Author

Commented:
yes. once folder created and assigned security permission , created folders has to shared with everyone with Full access
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
Got it.

Which version of PowerShell and Windows are you working with? The more modern versions have commands built in for this kind of thing, the earlier versions... not so much.

I can give you examples of either, but the examples where there are no commands are much more complex.
SAM ITAD windows Admin  

Author

Commented:
Windows server 2012

Name                           Value
----                           -----
PSVersion                      4.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.42000
BuildVersion                   6.3.9600.17400
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion      2.2
PowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
SAM ITAD windows Admin  

Author

Commented:
Getting below error now . folders are getting crated but now security permissions also not getting apply and everyone share permissions not getting apply

PS C:\Users\narasimha.s\Desktop\foldertest> Set-Location "C:\Users\narasimha.s\Desktop\foldertest"
$Folders = Import-Csv C:\Users\Narasimha.s\Desktop\foldertest\project.csv
ForEach ($Folder in $Folders) {
    $newFolder = New-Item -name $Folder.Name -type directory
    $acl = Get-Acl $newFolder.FullName

    $ace = New-Object System.Security.AccessControl.FileSystemAccessRule('Domain\shr-projectsnew', 'Modify,Synchronize', 'ContainerInherit,ObjectInherit', 'None', 'Allow')
    $acl.AddAccessRule($ace)

    Set-Acl $newFolder.FullName -AclObject $acl

    New-SmbShare -Name $newFolder.Name -Path $newFolder.FullName -FullAccess Everyone
}

Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At line:8 char:5
+     $acl.AddAccessRule($ace)
+     ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IdentityNotMappedException
 

Name                                  ScopeName                             Path                                  Description                         
----                                  ---------                             ----                                  -----------                         
b                                     *                                     C:\Users\narasimha.s\Desktop\folde...                                     
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At line:8 char:5
+     $acl.AddAccessRule($ace)
+     ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IdentityNotMappedException
 
c                                     *                                     C:\Users\narasimha.s\Desktop\folde...                                     

Open in new window

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
Don't forget to update the domain name for your group again. The script is failing to figure out the group name.
SAM ITAD windows Admin  

Author

Commented:
Share is getting apply not with everyone , getting apply with Domain\shr-projectsnew
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
Only if you changed the New-SmbShare parameters. Only the NTFS rights should involve the group. The share level should have Everyone, but nothing else.
SAM ITAD windows Admin  

Author

Commented:
I have not changed the new-smbshare parameters
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
I can't reproduce the problem, the share permissions on mine have Everyone / FullControl.

What do you see if you run this?
Get-SmbShare <yourNewShare> | Get-SmbShareAccess

Open in new window

SAM ITAD windows Admin  

Author

Commented:
no luck
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
As in it shows nothing at all? Throws an error? What does "no luck" mean? Please remember that I cannot see your screen.
SAM ITAD windows Admin  

Author

Commented:
Below error I am getting

PS C:\Users\Narasimha.s> Set-Location "C:\Users\narasimha.s\Desktop\foldertest"
$Folders = Import-Csv C:\Users\Narasimha.s\Desktop\foldertest\project.csv
ForEach ($Folder in $Folders) {
    $newFolder = New-Item -name $Folder.Name -type directory
    $acl = Get-Acl $newFolder.FullName

    $ace = New-Object System.Security.AccessControl.FileSystemAccessRule('woodgroup\altaf.kalburgi', 'Modify,Synchronize', 'ContainerInherit,ObjectInherit', 'None', 'Allow')
    $acl.AddAccessRule($ace)

    Set-Acl $newFolder.FullName -AclObject $acl

    New-SmbShare -Name $newFolder.Name -Path $newFolder.FullName -FullAccess Everyone
    Get-SmbShare $newFolder | Get-SmbShareAccess
}
New-SmbShare : Access is denied. 
At line:12 char:5
+     New-SmbShare -Name $newFolder.Name -Path $newFolder.FullName -FullAccess Eve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
    + FullyQualifiedErrorId : Windows System Error 5,New-SmbShare
 
Get-SmbShare : No MSFT_SMBShare objects found with property 'Name' equal to 'C:\Users\narasimha.s\Desktop\foldertest\8'.  Verify the value of the property and retry.
At line:13 char:5
+     Get-SmbShare $newFolder | Get-SmbShareAccess
+     ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\Users\narasi...op\foldertest\8:String) [Get-SmbShare], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Get-SmbShare
 
New-SmbShare : Access is denied. 
At line:12 char:5
+     New-SmbShare -Name $newFolder.Name -Path $newFolder.FullName -FullAccess Eve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
    + FullyQualifiedErrorId : Windows System Error 5,New-SmbShare
 
Get-SmbShare : No MSFT_SMBShare objects found with property 'Name' equal to 'C:\Users\narasimha.s\Desktop\foldertest\98'.  Verify the value of the property and retry.
At line:13 char:5
+     Get-SmbShare $newFolder | Get-SmbShareAccess
+     ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\Users\narasi...p\foldertest\98:String) [Get-SmbShare], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Get-SmbShare

Open in new window

SAM ITAD windows Admin  

Author

Commented:
Script I run

Set-Location "C:\Users\narasimha.s\Desktop\foldertest"
$Folders = Import-Csv C:\Users\Narasimha.s\Desktop\foldertest\project.csv
ForEach ($Folder in $Folders) {
    $newFolder = New-Item -name $Folder.Name -type directory
    $acl = Get-Acl $newFolder.FullName

    $ace = New-Object System.Security.AccessControl.FileSystemAccessRule('domain\shr-projectsnew', 'Modify,Synchronize', 'ContainerInherit,ObjectInherit', 'None', 'Allow')
    $acl.AddAccessRule($ace)

    Set-Acl $newFolder.FullName -AclObject $acl

    New-SmbShare -Name $newFolder.Name -Path $newFolder.FullName -FullAccess Everyone
    Get-SmbShare $newFolder | Get-SmbShareAccess
}

Open in new window

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
There you go, Access Denied:
New-SmbShare : Access is denied. 
At line:12 char:5
+     New-SmbShare -Name $newFolder.Name -Path $newFolder.FullName -FullAccess Eve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
    + FullyQualifiedErrorId : Windows System Error 5,New-SmbShare

Open in new window

You'll need to be running this as Administrator to create the share.
SAM ITAD windows Admin  

Author

Commented:
I am running this commend through Admin rights. let me try this script from different server
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
It explicitly needs the right-click "Run as Administrator". This is not the same as being the Administrator user, or being a member of the Administrators group.

If it still throws access denied, try creating a share outside of your user profile area. However, Access Denied is the thing stopping you and no amount of scripting will fix that bit.
SAM ITAD windows Admin  

Author

Commented:
I got your point. I am getting access denied messages still in diff server as well

let me try this in test env and let you know the update
SAM ITAD windows Admin  

Author

Commented:
best solution
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.