Setting share permissions with WMI


With Windows Server 2012 we got the SmbShare Module. But since it's a CDXML module that just defines the mapping between PowerShell cmdlets and CIM class operations or methods, it's bound to the OS having the relevant CIM Classes. So it's not portable to older operating systems.

For Windows Server 2012 and above, there's no problem using the native New-SmbShare and Grant-SmbShareAccess cmdlets.
But for Windows Server 2008, I needed something else.

I ended up creating two functions that would replace the New-SmbShare and Grant-SmbShareAccess.

For creating a new share with specific permissions:

Then, to create a new share:

$params = @{
    ComputerName      = 'myWebServer'
    Path              = 'C:\inetpub\logs\LogFiles' 
    ShareName         = 'IISLogFiles'
    AccountName       = 'CONTOSO\WebOperators'
    AccessPermissions = 'Read'
    ShareDescription  = 'IIS Websites Logs'
}
New-Share @params



For adding permissions on an existing share:

Then, to update a share's permissions:

$params = @{
    ComputerName      = 'myWebServer'
    ShareName         = 'IISLogFiles'
    AccountName       = 'CONTOSO\WebAdmins'
    AccessPermissions = 'FullControl'
}
Add-ShareAccess @params


For further reading, see:

Create method of the Win32_Share class: https://msdn.microsoft.com/en-us/library/aa389393

SetShareInfo method of the Win32_Share class: https://msdn.microsoft.com/en-us/library/aa393598

Win32_SecurityDescriptor class: https://msdn.microsoft.com/en-us/library/aa394402

Win32_LogicalShareSecuritySetting class: https://msdn.microsoft.com/en-us/library/aa394188


HTH,

\Martin

Comments (0)

Skip to main content