NewEgg.com Watching Microsoft Like a Hawk !I haven’t blogged in awhile because of things happening at work and too busy working on the Scripting Games scripts (Yeah right ) . I will write more soon .
Funny thing happened to me recently I was creating a script using vb-script and that restarted the WMI service on servers .Well I was using WMI in my script and well needless to say I had a lot of problems :) .
Chris
I’m sure allot of you are entering the scripting games today if you have time too that it .I have done the first beginners challenge in Powershell . It took me awhile . I will post my code after the deadline . I will try and do the advanced challenge this weekend .
I’m doing all Powershell contests but you can do vbscript and perl as well .
Have Fun thats what its all about !
Powerhsell basics has a nice intro in .wmv format . The view go here.
Presenting Powershell this way visually will make it easier for people to learn . Videos are a great way to acheive that .
Thanks
Chris
I was trying to search for info on how to do this and came up with this . It uses a couple of classes .
First off we need to use the System.management namespace to retrieve these classes . So if your building a project make sure you add this namespace and also have a using statement .
using System.management;
The classes that are used are :
ManagementPath
ConnectionOptions
ManagementClass
Management Scope
ManagementObjectCollection
Here is the whole piece of code :
try
{
//New instance of the management path so we can use its properties
ManagementPath path = new ManagementPath();
//Set the Servername
path.Server = ServerName;
//Set the WMI namespace
path.NamespacePath = @"root\cimv2";
//Here we are using the default connections but we can also use different.
//Username and password if we need to.
ConnectionOptions oConn = new ConnectionOptions();
//Set the Scope ...Computername and WMI namespace
ManagementScope scope = new ManagementScope(path, oConn);
//Set the WMI Class
path.RelativePath = "Win32_Share";
RSS - Posts//Set shares to null
ManagementClass Shares = null;//Here we are connecting using the Servername and WMI Namespace/Class
using (Shares = new ManagementClass(scope, path, null))
{
//Return a collection of Shares here
ManagementObjectCollection moc = Shares.GetInstances();
//Go thru each share and display its name property in the list box.
foreach (ManagementObject mo in moc)
{
lstShares.Items.Add(mo["Name"]);
}
}
}
catch (Exception) //catch any exceptions we might have .
{
MessageBox.Show("Unable to return sharenames . Please make share Servername is correct.");
}
}
I will explain more in a later Blog . Busy Day . This basically will return all shares (even Hidden Shares ) of a computer/Server. You can see that I'm putting the result in a listbox called lstShares.
Thanks
Chris
I know I said I was going to do more C# stuff but this powershell stuff is so cool 
. If you ever have to do a massive task like set security across multiple servers on a particular Folder or Files you certainly do not want to do this manually . You can do this in a lot languages . In regular batch scripting using calcs.exe or vbcript . Today I’m going to give a powershell example using 2 cmdlets get-acl and set-acl.
So for example you had to set security on a folder c:\temp (not sure why you would want to but its just an example ) .
what you first have to do is get the ACL list from the folder like so :
$acl = Get-Acl c:\temp
next you can setup your account name that you want to add , Set the permission level (i.e. FullControl) and lastly set the allow permission or deny permission set .Lets take a look .
$permission = "domainName\Username","FullControl","Allow"
So now we use $permission in our .net class FileSystemAccessRule like so :
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
We instantiated to use the .net class and passed our variable to set our permisson but we have not set it yet .
$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp
Now we did . Now check your folder and it should show full control for the username you specified .
Cool huh ?
I know this may not replace a cacls.exe but it will do the job also this cmdlet (set-acl) will work on the registry provider too which calcs.exe doesn’t do .
Full program
$acl = Get-Acl c:\temp
$permission = "domain\user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp
Hope this helps .
Chris
Superb, thanks for this. Just what I needed for my world domination script (provisioning new customers in a highly segregated terminal server hosting environment)
Super
But IS there a way to make this apply on a Subfolder and files
Thanks
You need a different constructor. This sets the inheritanceflag:
$acl = get-acl -path “D:\Folder\test”
$new = “Local\User”,”FullControl”,”ContainerInherit,ObjectInherit”,”None”,”Allow”
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $new
$acl.SetAccessRule($accessRule)
$acl | Set-Acl “D:\Folder\test”
and how can i add multiple users with different rights?
user1 with full controll and user2 with modify?
thanks for some inputs.
Couldn’t get this to work. Getting this error:
Set-Acl : The security identifier is not allowed to be the owner of this object.
Mark 9:00 am on July 21, 2008 Permalink
I tried this but I’m getting an “Access is denied” exception (after removing the trycatch). Any ideas?
Chris 10:22 am on July 21, 2008 Permalink
Mark ,
Can you tell me which line is the the one giving the error ? Does it work with the Try and Catch ?
I think you do need Admin rights to the target machine .
Chris
paul grosjean 6:33 pm on January 19, 2009 Permalink
I can add the administrator username and password and this code works fine. How can I get the instances of only those shares that have the “Everyone” account?
Chris 6:11 pm on January 20, 2009 Permalink
Hi Paul ,
I believe you would add code to the foreach loop . In there before adding the share to the listbox you can place code that checks to see if the everyone group is present and if so then add the share to the lisbox . I will try and look into doing that .
Chris