##########################################
New-Share (with Permissions)
(C) Dr. Holger Schwichtenberg
##########################################
Parameters
$Computer = "."
$ShareName = "Kunden"
$Pfad = "g:\Daten\Kunden"
$Comment = "Alle unsere Kundenkorrespondenz"
Constants
$SHARE_READ = 1179817
$SHARE_CHANGE = 1245462
$SHARE_FULL = 2032127
$SHARE_NONE = 1
$ACETYPEACCESSALLOWED = 0
$ACETYPEACCESSDENIED = 1
$ACETYPESYSTEMAUDIT = 2
$ACEFLAGINHERITACE = 2
$ACEFLAGNO_PROPAGATE_INHERITACE = 4
$ACEFLAGINHERIT_ONLYACE = 8
$ACEFLAGINHERITEDACE = 16
$ACEFLAGVALID_INHERITFLAGS = 31
$ACEFLAGSUCCESSFULACCESS = 64
$ACEFLAGFAILEDACCESS = 128
Get Trustee
function New-Trustee($Domain, $User)
{
$Account = new-object system.security.principal.ntaccount("itv\hs")
$SID = $Account.Translate([system.security.principal.securityidentifier])
$useraccount = [ADSI] ("WinNT://" + $Domain + "/" + $User)
$mc = [WMIClass] "Win32_Trustee"
$t = $MC.CreateInstance()
$t.Domain = $Domain
$t.Name = $User
$t.SID = $useraccount.Get("ObjectSID")
return $t
}
Create ACE
function New-ACE($Domain, $User, $Access, $Type, $Flags)
{
$mc = [WMIClass] "Win32_Ace"
$a = $MC.CreateInstance()
$a.AccessMask = $Access
$a.AceFlags = $Flags
$a.AceType = $Type
$a.Trustee = New-Trustee $Domain $User
return $a
}
Create SD
function Get-SD
{
$mc = [WMIClass] "Win32_SecurityDescriptor"
$sd = $MC.CreateInstance()
$ACE1 = New-ACE "ITV" "HP" $SHAREREAD $ACETYPE_ACCESS_ALLOWED $ACEFLAG_INHERITACE
$ACE2 = New-ACE "ITV" "HS" $SHAREFULL $ACETYPE_ACCESS_ALLOWED $ACEFLAG_INHERITACE
$ACE3 = New-ACE "ITV" "Produktmanagement" $SHAREFULL $ACETYPE_ACCESS_ALLOWED $ACEFLAG_INHERITACE
[System.Management.ManagementObject[]] $DACL = $ACE1 , $ACE2, $ACE3
$sd.DACL = $DACL
return $sd
}
before
"Vorher:"
Get-WmiObject Win32_Share -Filter "Name='$ShareName'"
get-WmiObject Win32Share -Filter "Name='$ShareName'" | foreach-object { $.Delete() }
Win32_Share anlegen
$MC = [WMIClass] "ROOT\CIMV2:Win32_Share"
$Access = Get-SD
$R = $mc.Create($pfad, $Sharename, 0, 10, $Comment, "", $Access)
if ( $R.ReturnValue -ne 0) { Write-Error "Fehler beim Anlegen: "+ $R.ReturnValue; Exit}
"Freigabe wurde angelegt!"
after
"Nachher:"
get-WmiObject Win32Share -Filter "Name='$ShareName'" | foreach { $.GetAccessMask() } | gm