Avatar of Paul May
Paul May
 asked on

Changing permissions on Windows Shares using VB.NET

We have to remediate a number of open shares on our Windows network.  There are a significant number and I would like to automate the procedure as much as I can using VB.NET.

Without wishing to delve into the business background, the tasks I hope to automate are the creation of a group object in AD, adding users to the group, the removal the Everyone group permission from each share, and then adding a new group permission to the share.  So, the steps are:

1. Audit the access to the share and see which users and groups are accessing the share and the sub-folders (this task is done using Varonis)
2. Create a list of users that have implied access to the share via the Everyone group (this task is done using VB.NET examining the CSV reports from Varonis)
3. Create a group and add the user from step 2 (this task is done using VB.NET)
4. Grant access to the share for the group created in step 3 - to do
5. Remove the Everyone group from the share - to do

I have written the code for steps 1, 2 and 3, the problem I have is how to figure out how to connect to each identified share, remove the Everyone permission and add my new group and the required permission - I don't know how to do it.  This task is compounded by the fact the the shares are on NetApp filers too!

Can anyone help me with VB.NET examples of how to access a share on a server, remove the Everyone permission and add a new permission for my newly created group please?

Thank you.
Visual Basic.NET.NET ProgrammingWindows OSNetworkingActive Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon
Shaun Vermaak

SetACl has a command line version and an OCX version that you can use in your .NET applications
Paul May

Hi Shaun

This appears to be more for VBScript (for scripting hosts) and not for use with VB.NET.  The documentation only suggests VBScript.   Do you have any examples of using this tool with VB.NET please?

From a previous EE_PAQ - https:/Q_28734001.html#a41016321
Imports System.IO
Imports System.Runtime.CompilerServices
Imports System.Security.AccessControl
Imports System.Security.Principal

Module Module1
	Sub Main()
		Dim folder = "C:\testingFolder"
	End Sub
End Module

Module Extensions
	<Extension()> _
	Public Sub CreateDirectory(ByVal path As String)
			If Not Directory.Exists(path) Then
				Dim fEveryone = New SecurityIdentifier(WellKnownSidType.WorldSid, Nothing)
				Dim fDirectorySecurity = New DirectorySecurity()
				Dim fFileSystemRights = FileSystemRights.FullControl
				Dim fInheritanceFlags = InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit
				Dim fPropagationFlags = PropagationFlags.None
				Dim fAccessControlType = AccessControlType.Allow
				Dim fDirectoryAccessRule = New FileSystemAccessRule(fEveryone, fFileSystemRights, fInheritanceFlags, fPropagationFlags, fAccessControlType)
				Directory.CreateDirectory(path, fDirectorySecurity)
			End If
		Catch ex As PathTooLongException
			Console.WriteLine("The path {0}; was too long.", path)
		Catch ex As UnauthorizedAccessException
			Console.WriteLine("The path {0}; cannot be created because you do not have the rights to create it.", path)
		Catch ex As Exception
			Console.WriteLine("Exception in {0} - {1}; {2}", ex.Source, ex, ex.Message)
		End Try
	End Sub
End Module

Open in new window

I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Paul May


Thank you for  your contribution - it looks like the code is creating a folder and setting NTFS permissions for it, whereas I need to set permissions on an existing share which is a different proposal I believe.  Am I correct in my observation or have I misread the code please?

Many thanks again for your help.
Shaun Vermaak

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

You are correct that this creates a new directory, but setting the permissions on a preexisting directory are just about the same.