How do I change default permissions for shares?

[killme]

The default is to allow EVERYONE to have READ access. I want the default to
be MY ACCOUNT and to have FULL access. This will save a lot of time when
creating new shares.

 

[Lanwench [MVP - Exchange]]

I think it's inherited from the higher-level folder/drive. However, note
that if you set your NTFS security properly, the share security really isn't
as important. Create a folder, and create your security as you wish - and
put all the folders to be shared under that.

 

[Torgeir Bakken (MVP)]

The default is to allow EVERYONE to have READ access. I want the default to
be MY ACCOUNT and to have FULL access. This will save a lot of time when
creating new shares.

Hi

Use a script (batch\vbscript) to create the share and set the permissions.


You can use net share to create a share:

Q. How do I create a network share?
http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14842


Example on using SetACL to set permission on a share:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&[email protected]



You can also use RMTShare.exe to create a share and set permission on it, for
the permission part:

Q. How can I modify share permissions from the command line?
http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14459

RMTShare.exe: http://www.jsiinc.com/asp/reghacks.asp?tipnumb=6353

 

[killme]

I think it's inherited from the higher-level folder/drive. However, note
that if you set your NTFS security properly, the share security really isn't
as important. Create a folder, and create your security as you wish - and
put all the folders to be shared under that.

I remember that the default in NT was for EVERYONE to have FULL access and
it was changed later for EVERYONE to have READ. I want to change that so
EVERYONE has NONE and MYACCOUNT has FULL. That way I don't have to edit the
permissions for every share I create and add my accounts one by one.

 

[killme]

i

Use a script (batch\vbscript) to create the share and set the permissions
[SNIP]

I want to be able to do this from within Explorer. Doing a batch would mean
doing it all at once, but I add shares throughout the week and if I could
change the default permissions as the share is created then I wouldn't have
to do it manually after every share I create. Using a script would still
mean me having to type out the permissions and the shares to create and I
would have to do it each time I created a share.

 

[Torgeir Bakken (MVP)]

Use a script (batch\vbscript) to create the share and set the permissions
[SNIP]

I want to be able to do this from within Explorer. Doing a batch would mean
doing it all at once, but I add shares throughout the week and if I could
change the default permissions as the share is created then I wouldn't have
to do it manually after every share I create. Using a script would still
mean me having to type out the permissions and the shares to create and I
would have to do it each time I created a share.

Hi

No, you can create a vbscript or batch file that supports "drag-and-drop" from
Explorer so the only thing you need to is type in the share name the script
asks for. If your share name is always the folder name or the folder name with
$ behind, you can even let the vbscript or the batch file extract the last
folder name from the path that was sent as input to the script (or you can have
two scripts, one that asks for the share name and one that extracts it).

So if you place this script on the desktop, you just drag the folder up on the
file and you will be asked for the share name (if it is not created
automatically), or even better put the script in the SendTo folder, so you can
just right click on the folder and use the 'Send To' menu entry. More easy than
that you can't create a share (unless you get someone else to do the job for
you ;-)

I have created a batch file for you that support the folder as input parameter
(drag and drop/Send To), and asks for a share name when activated. It uses
RMTSHARE.EXE to create the share and set the current user to have FULL control
(Everyone none). The script will list the result before it ends.

Download RMTSHAR.EXE from here and unpack it:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/

If you don't put RMTSHARE.EXE in the path (e.g. in the windows folder), you
need to hard code the path to RMTSHARE.EXE in the batch file below (two
places).

Here is CreateShare.bat (I have tested it on Windows XP):

@echo off
echo.
set /p ShareName=Enter share name:
echo.
@echo on
RMTSHARE.EXE \\%COMPUTERNAME%\"%ShareName%"=%1 /GRANT %USERNAME%:f
@echo off
echo.
echo.
RMTSHARE.EXE \\%COMPUTERNAME%\"%ShareName%"
echo.
pause


If the folder is on a remote server, you will need to substitute
%COMPUTERNAME%, and if the %USERNAME% doesn't work, you might need to change it
to %USERDOMAIN%\%USERNAME%

 

[Roger Abell]

Actually, Torgeir has provide you will a convenient solution.

The issue here is that the defaults are semi-encoded into the interfaces.

If you look at the registry key
HKLM/System/CurrentControlSet/Services/lanmanserver/DefaultSecurity
your answer resides somewher within here.

When a share is defined, an entry is defined in the Shares key
and if it does not have default security then there is an entry
by the name of the share in the Shares/Security key
However, the data in the binary values here do not map directly
to those in DefaultSecurity

IOW, to define a new share with custom security one only needs to
define a new multi-string value at Shares, and a binary value
at Shares/Security, both with the same share name and
then stop and restart the Server service (and dependents).
This is of course easily automated with script also, as
you have the prior shares for models.

Alternatively, someone in a User/Shell specialty might
be able to decode what it is you would need to change,
probably in the DefaultSecurity key

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA

i

Use a script (batch\vbscript) to create the share and set the permissions
[SNIP]

I want to be able to do this from within Explorer. Doing a batch would mean
doing it all at once, but I add shares throughout the week and if I could
change the default permissions as the share is created then I wouldn't have
to do it manually after every share I create. Using a script would still
mean me having to type out the permissions and the shares to create and I
would have to do it each time I created a share.

 

[killme]

I have created a batch file for you that support the folder as input parameter
(drag and drop/Send To), and asks for a share name when activated. It uses
RMTSHARE.EXE to create the share and set the current user to have FULL control
(Everyone none). The script will list the result before it ends.

THANKS! I have no experience with vbscripts, but I guess I should learn. The
batch file works pretty good. A couple small issues: Can I get it to use the
filename I clicked on so I won't have to type in a Share Name? Also, it
automatically adds a remark that it's a remote share. I'd like to have no
remark. I might see if I can find out how to put it on the Context Menu so I
just right-click once and it'll be there. I think I remember a program that
can do that. But thanks for the help. This will save some time.

 

[Torgeir Bakken (MVP)]

THANKS! I have no experience with vbscripts, but I guess I should learn. The
batch file works pretty good. A couple small issues: Can I get it to use the
filename I clicked on so I won't have to type in a Share Name? Also, it
automatically adds a remark that it's a remote share. I'd like to have no
remark. I might see if I can find out how to put it on the Context Menu so I
just right-click once and it'll be there. I think I remember a program that
can do that. But thanks for the help. This will save some time.

Hi

To get rid of the remark, just add /REMARK:"" to the command line of RMTSHARE.EXE

Here is a VBScript that does the same as the batch file, only that it uses the
folder name as share name automatically (put it in a file with a .vbs file
extension):


Set oFSO = CreateObject("Scripting.FileSystemObject")

sPath = WScript.Arguments(0)

If oFSO.FolderExists(sPath) Then

sShareName = oFSO.GetBaseName(sPath)

Set oShell = CreateObject("WScript.Shell")

sCmd = "RMTSHARE.EXE \\%COMPUTERNAME%\""" & sShareName & """=""" & sPath _
& """ /REMARK:"""" /GRANT %USERNAME%:f"

iRC = oShell.Run(sCmd, 0, True)

Else
MsgBox "Input was not a folder!"
End If



WSH 5.6 documentation (local help file) can be downloaded from here if you
haven't got it already:
http://msdn.microsoft.com/downloads/list/webdev.asp