Re: adding share permissions via a batch file
From: Herb Martin (news_at_LearnQuick.com)
Date: 03/07/05
- Next message: Herb Martin: "Re: User is a member of too many groups"
- Previous message: Amihai Bareket: "User is a member of too many groups"
- In reply to: Nathan H: "Re: adding share permissions via a batch file"
- Next in thread: Torgeir Bakken \(MVP\): "Re: adding share permissions via a batch file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Mar 2005 08:41:53 -0600
> > Share permissions were added to "net share" in
> > Win2003 server but SetAcl.exe can still set them
> > for older operating systems.
>
> aha.....now that's what I didnt know :)
>
> I tried typing net share /? previously to see the list of commands
> avaliable but to no avail. I couldnt see anything that would allow me to
> change share permissions.... can you give me an example of one please?
NET SHARE
sharename
sharename=drive:path [/GRANT:user,[READ | CHANGE | FULL]]
===============
[/USERS:number | /UNLIMITED]
[/REMARK:"text"]
[/CACHE:Manual | Documents| Programs | None
sharename [/USERS:number | /UNLIMITED]
[/REMARK:"text"]
[/CACHE:Manual | Documents | Programs | None]
{sharename | devicename | drive:path} /DELETE
> > Caveat: SetAcl has the most irrating command line
> > of any Windows utility I know.
>
> Another reason not to use it then ;) easy of use is key after all :)
Your choice.
> >>As the script is so I can process a list of user's to add, it's a little
> >>annoying after adding a load of users to a AD which has worked fine -
> >>having to go and manually change each of the share permissions from:
> >
> >
> >>Everyone - Read Only
> >>to:
> >>Everyone - Full Control
> >
> >
> > And that is likely a poor choice for permissions,
> > especially since you were creating these for each
> > user.
>
> You should read the post fully i think - just below where you commented
> here is something stating that I didnt want comments on wrong or right.
You said in your clarification that these users
are untrustworthy and here you are granting
"Full control" to them AND to EVERYONE
else.
Bad practice. Instead give the LEAST you can
for the situation and give it to the MOST specific
group(s) you can.
[give example]
net share test=C:\Test /grant:Engineers,READ /grant:Administrators,FULL
(Previous is all one line if it breaks)
- Next message: Herb Martin: "Re: User is a member of too many groups"
- Previous message: Amihai Bareket: "User is a member of too many groups"
- In reply to: Nathan H: "Re: adding share permissions via a batch file"
- Next in thread: Torgeir Bakken \(MVP\): "Re: adding share permissions via a batch file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
