asked on
Changing permissions on Windows Shares using VB.NET
We have to remediate a number of open shares on our Windows network. There are a significant number and I would like to automate the procedure as much as I can using VB.NET.
Without wishing to delve into the business background, the tasks I hope to automate are the creation of a group object in AD, adding users to the group, the removal the Everyone group permission from each share, and then adding a new group permission to the share. So, the steps are:
1. Audit the access to the share and see which users and groups are accessing the share and the sub-folders (this task is done using Varonis)
2. Create a list of users that have implied access to the share via the Everyone group (this task is done using VB.NET examining the CSV reports from Varonis)
3. Create a group and add the user from step 2 (this task is done using VB.NET)
4. Grant access to the share for the group created in step 3 - to do
5. Remove the Everyone group from the share - to do
I have written the code for steps 1, 2 and 3, the problem I have is how to figure out how to connect to each identified share, remove the Everyone permission and add my new group and the required permission - I don't know how to do it. This task is compounded by the fact the the shares are on NetApp filers too!
Can anyone help me with VB.NET examples of how to access a share on a server, remove the Everyone permission and add a new permission for my newly created group please?
Thank you.
Without wishing to delve into the business background, the tasks I hope to automate are the creation of a group object in AD, adding users to the group, the removal the Everyone group permission from each share, and then adding a new group permission to the share. So, the steps are:
1. Audit the access to the share and see which users and groups are accessing the share and the sub-folders (this task is done using Varonis)
2. Create a list of users that have implied access to the share via the Everyone group (this task is done using VB.NET examining the CSV reports from Varonis)
3. Create a group and add the user from step 2 (this task is done using VB.NET)
4. Grant access to the share for the group created in step 3 - to do
5. Remove the Everyone group from the share - to do
I have written the code for steps 1, 2 and 3, the problem I have is how to figure out how to connect to each identified share, remove the Everyone permission and add my new group and the required permission - I don't know how to do it. This task is compounded by the fact the the shares are on NetApp filers too!
Can anyone help me with VB.NET examples of how to access a share on a server, remove the Everyone permission and add a new permission for my newly created group please?
Thank you.
Visual Basic.NET.NET ProgrammingWindows OSNetworkingActive Directory
Last Comment
it_saige
ASKER
Hi Shaun
This appears to be more for VBScript (for scripting hosts) and not for use with VB.NET. The documentation only suggests VBScript. Do you have any examples of using this tool with VB.NET please?
This appears to be more for VBScript (for scripting hosts) and not for use with VB.NET. The documentation only suggests VBScript. Do you have any examples of using this tool with VB.NET please?
From a previous EE_PAQ - https:/Q_28734001.html#a41016321
Imports System.IO
Imports System.Runtime.CompilerServices
Imports System.Security.AccessControl
Imports System.Security.Principal
Module Module1
Sub Main()
Dim folder = "C:\testingFolder"
folder.CreateDirectory()
End Sub
End Module
Module Extensions
<Extension()> _
Public Sub CreateDirectory(ByVal path As String)
Try
If Not Directory.Exists(path) Then
Dim fEveryone = New SecurityIdentifier(WellKnownSidType.WorldSid, Nothing)
Dim fDirectorySecurity = New DirectorySecurity()
Dim fFileSystemRights = FileSystemRights.FullControl
Dim fInheritanceFlags = InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit
Dim fPropagationFlags = PropagationFlags.None
Dim fAccessControlType = AccessControlType.Allow
Dim fDirectoryAccessRule = New FileSystemAccessRule(fEveryone, fFileSystemRights, fInheritanceFlags, fPropagationFlags, fAccessControlType)
fDirectorySecurity.AddAccessRule(fDirectoryAccessRule)
Directory.CreateDirectory(path, fDirectorySecurity)
End If
Catch ex As PathTooLongException
Console.WriteLine("The path {0}; was too long.", path)
Catch ex As UnauthorizedAccessException
Console.WriteLine("The path {0}; cannot be created because you do not have the rights to create it.", path)
Catch ex As Exception
Console.WriteLine("Exception in {0} - {1}; {2}", ex.Source, ex, ex.Message)
End Try
End Sub
End Module
ASKER
Hi
Thank you for your contribution - it looks like the code is creating a folder and setting NTFS permissions for it, whereas I need to set permissions on an existing share which is a different proposal I believe. Am I correct in my observation or have I misread the code please?
Many thanks again for your help.
Thank you for your contribution - it looks like the code is creating a folder and setting NTFS permissions for it, whereas I need to set permissions on an existing share which is a different proposal I believe. Am I correct in my observation or have I misread the code please?
Many thanks again for your help.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
You are correct that this creates a new directory, but setting the permissions on a preexisting directory are just about the same.
-saige-
-saige-
https://helgeklein.com/setacl/