Re: adding share permissions via a batch file

From: Nathan H (annonymous_at_discussions.microsoft.com)
Date: 03/06/05


Date: Sun, 06 Mar 2005 14:42:51 +0000

Hi Herb and thanks for the quick response.

While I'm not against opinions or anything, I did forget to mention the
whole story (as I had had a few drinks like I said) and completely
forgot to mention that I needed the information for a "usermaker"
style-script for creating bulk users on Server 2003 that I have already
and works great...

>>Hi all
>>It may have been covered before and I apologize if it has but does
>>anyone know a way of assigning full *share* permissions to the user you
>>are creating via a batch file?
>
>
> Sure but that is generally the wrong approach.
> (Depends on the OS whether it is built in or
> not, but even then you can use the free SetAcl.exe
> from SourceForge.net.)

...whether you believe it is the wrong approach or not.

As the users in question are school pupil's, the are likely to be the
worst at messing around and trying to do stuff they arent meant to,
unlike office workers or call-centre employee's so I'd appreciate a
little more tact with your comments please :)

>
>>i.e.
>>I create the folder \\servername\%username%$ (for the users home dir)
>
>
> Usually permissions should be handled by groups,
> and each user should NOT have a separate share
> but only a directory within the share for groups of
> users, (e.g., all Engineers or even all users.)

Sorry ....again, no offense but every establishment that I've visited in
the county or spoke to so far, uses individual (hidden) shares for each
user.

This method has worked fine for the past 5(ish) years - from the NT
server/domain that I had, to the recent conversion to 2003 server.

I'd rather be safe in the knowledge that if one share stops working (for
whatever reason), all the users aren't affected.

Either way, that's not the topic here ;)

>
>>Now, I can assign the NTFS permissions fine with cacls like this (as an
>>example):
>>cacls d:\homedir\%username% /t /e /c /g %username%:f
>>
>>(don't worry about the above syntax - I've had a few drinks hehe)
>>
>>I just cant seem to find a way of assigning share permissions using any
>>sort of command.
>
>
> Share permissions were added to "net share" in
> Win2003 server but SetAcl.exe can still set them
> for older operating systems.

aha.....now that's what I didnt know :)

I tried typing net share /? previously to see the list of commands
avaliable but to no avail. I couldnt see anything that would allow me to
change share permissions.... can you give me an example of one please?

> Caveat: SetAcl has the most irrating command line
> of any Windows utility I know.

Another reason not to use it then ;) easy of use is key after all :)

>
>>As the script is so I can process a list of user's to add, it's a little
>>annoying after adding a load of users to a AD which has worked fine -
>>having to go and manually change each of the share permissions from:
>
>
>>Everyone - Read Only
>>to:
>>Everyone - Full Control
>
>
> And that is likely a poor choice for permissions,
> especially since you were creating these for each
> user.

You should read the post fully i think - just below where you commented
here is something stating that I didnt want comments on wrong or right.

In another post elsewhere in the newsgroup, I read a debate on this.

I did mean to add after the above:

"(or perhaps preferably... Creator Owner - Full Control, %username% -
Full Control, Administrators - Full Control)"

but as I've mentioned, it was late and i'd been drinking lol

>
>>(i don't want a discussion on whether this is right or wrong however -
>>just a way of doing it using some command line tool in a normal bat/cmd
>>scripted way)
>
>
> If you ask you get the whole answer since it would
> mislead others to tell you how to do something without
> giving the full story.

er... I didnt ask, I only asked for the way of setting share permissions
via a batch script.

Maybe i shouldnt have bothered explaining a little and just posted that
question. I didnt because I was trying to explaining in what context it
was for, not expecting or asking for debate on it hehe :)

>>Many thanks to anyone that can give me a hand with this :)
>
>
> SetAcl.exe

Yep....

but please can you give me an example of doing it by way of "net share"?

Kind Regards,
Nathan H.



Relevant Pages

  • Re: adding share permissions via a batch file
    ... > Usually permissions should be handled by groups, ... server/domain that I had, to the recent conversion to 2003 server. ... here is something stating that I didnt want comments on wrong or right. ... via a batch script. ...
    (microsoft.public.windows.server.general)
  • IIS & ASP security advice
    ... I have a user who has requested special permissions on my IIS 5.0 server. ... that they do but IIS does not allow this to happen unless an ASP script is ...
    (microsoft.public.inetserver.iis.security)
  • Re: using a general browser as a form-based capture method
    ... You are saying we find a simple web server which gets messages ... permissions ... possible to write to the local file system without modifying the user's ... either saved to a local file, or script support will be ...
    (comp.lang.javascript)
  • Re: VBScript to audit shares and share permissions
    ... You can also use SRVCHECK tool included in Windows Server Resources Kit. ... A simple script will allow you to scan all your network. ... see all shares. ... VBScript to audit shares and share permissions ...
    (Focus-Microsoft)
  • RE: [PHP] mkdir permission errors
    ... you're running the above script as root. ... Then if you run the same script via the web server, ... and permissions. ... understanding of those if you're going to administer the server. ...
    (php.general)