Setting share permissions with WMI

With Windows Server 2012 we got the SmbShare Module. But since it's a CDXML module that just defines the mapping between PowerShell cmdlets and CIM class operations or methods, it's bound to the OS having the relevant CIM Classes. So it's not portable to older operating systems.

For Windows Server 2012 and above, there's no problem using the native New-SmbShare and Grant-SmbShareAccess cmdlets.
But for Windows Server 2008, I needed something else.

I ended up creating two functions that would replace the New-SmbShare and Grant-SmbShareAccess.

For creating a new share with specific permissions:

Then, to create a new share:

$params = @{
    ComputerName      = 'myWebServer'
    Path              = 'C:\inetpub\logs\LogFiles' 
    ShareName         = 'IISLogFiles'
    AccountName       = 'CONTOSO\WebOperators'
    AccessPermissions = 'Read'
    ShareDescription  = 'IIS Websites Logs'
New-Share @params

For adding permissions on an existing share:

Then, to update a share's permissions:

$params = @{
    ComputerName      = 'myWebServer'
    ShareName         = 'IISLogFiles'
    AccountName       = 'CONTOSO\WebAdmins'
    AccessPermissions = 'FullControl'
Add-ShareAccess @params

For further reading, see:

Create method of the Win32_Share class:

SetShareInfo method of the Win32_Share class:

Win32_SecurityDescriptor class:

Win32_LogicalShareSecuritySetting class:



Comments (0)

Skip to main content