使用Powershell如何创build共享并设置访问权限。
例如如下
这应该做的伎俩:
net share "Public=c:\shares\foo" "/GRANT:Users,READ" 当然,您需要启动具有pipe理权限的PowerShell,具体取决于您在何处/如何执行此操作。
使用Win32_Share创build方法。 例:
(Get-WmiObject -List -ComputerName . | Where-Object -FilterScript {$_.Name -eq "Win32_Share"}).InvokeMethod("Create", ("C:\FolderToShare","ShareName",0,100,"Share description"))
你可以在MSDN上find这个方法的文档。
uint32 Create( [in] string Path, [in] string Name, [in] uint32 Type, [in] uint32 MaximumAllowed, [in] string Description, [in] string Password, [in] Win32_SecurityDescriptor Access );
参数:
有关如何设置访问权限的详细信息,请参阅MSDN上的此页面: Win32_SecurityDescriptor类 。 本文也是一个很好的起点: WMI任务:文件和文件夹 。
下面的function就是一个例子,可以根据你的需要进行调整。 正如所写的,它期望一个DirectoryInfo对象作为它的参数,但是要适应string并不难。 该示例包含两个不同对象(一个用户和一个组)的文件夹的权限,每个对象具有不同的访问types,以便您可以看到如何混合和匹配复杂的权限要求:
# $folder is a DirectoryInfo object Function Create-FileShare($folder) { $name = $folder.Name $path = $folder.FullName $description = "$name" $domain = "example.com" #AD Domain name here (Optional/Not really used/Here for completeness) $Method = "Create" $sd = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance() #AccessMasks: #2032127 = Full Control #1245631 = Change #1179817 = Read #Share with the user $ACE = ([WMIClass] "Win32_ACE").CreateInstance() $Trustee = ([WMIClass] "Win32_Trustee").CreateInstance() $Trustee.Name = $name $Trustee.Domain = $Null #original example assigned this, but I found it worked better if I left it empty #$Trustee.SID = ([wmi]"win32_userAccount.Domain='$domain',Name='$name'").sid $ace.AccessMask = 1245631 $ace.AceFlags = 3 #Should almost always be three. Really. don't change it. $ace.AceType = 0 # 0 = allow, 1 = deny $ACE.Trustee = $Trustee $sd.DACL += $ACE.psObject.baseobject #Share with Domain Admins $ACE = ([WMIClass] "Win32_ACE").CreateInstance() $Trustee = ([WMIClass] "Win32_Trustee").CreateInstance() $Trustee.Name = "Domain Admins" $Trustee.Domain = $Null #$Trustee.SID = ([wmi]"win32_userAccount.Domain='$domain',Name='$name'").sid $ace.AccessMask = 2032127 $ace.AceFlags = 3 $ace.AceType = 0 $ACE.Trustee = $Trustee $sd.DACL += $ACE.psObject.baseobject $mc = [WmiClass]"Win32_Share" $InParams = $mc.psbase.GetMethodParameters($Method) $InParams.Access = $sd $InParams.Description = $description $InParams.MaximumAllowed = $Null $InParams.Name = $name $InParams.Password = $Null $InParams.Path = $path $InParams.Type = [uint32]0 $R = $mc.PSBase.InvokeMethod($Method, $InParams, $Null) switch ($($R.ReturnValue)) { 0 {Write-Host "Share:$name Path:$path Result:Success"; break} 2 {Write-Host "Share:$name Path:$path Result:Access Denied" -foregroundcolor red -backgroundcolor yellow;break} 8 {Write-Host "Share:$name Path:$path Result:Unknown Failure" -foregroundcolor red -backgroundcolor yellow;break} 9 {Write-Host "Share:$name Path:$path Result:Invalid Name" -foregroundcolor red -backgroundcolor yellow;break} 10 {Write-Host "Share:$name Path:$path Result:Invalid Level" -foregroundcolor red -backgroundcolor yellow;break} 21 {Write-Host "Share:$name Path:$path Result:Invalid Parameter" -foregroundcolor red -backgroundcolor yellow;break} 22 {Write-Host "Share:$name Path:$path Result:Duplicate Share" -foregroundcolor red -backgroundcolor yellow;break} 23 {Write-Host "Share:$name Path:$path Result:Reedirected Path" -foregroundcolor red -backgroundcolor yellow;break} 24 {Write-Host "Share:$name Path:$path Result:Unknown Device or Directory" -foregroundcolor red -backgroundcolor yellow;break} 25 {Write-Host "Share:$name Path:$path Result:Network Name Not Found" -foregroundcolor red -backgroundcolor yellow;break} default {Write-Host "Share:$name Path:$path Result:*** Unknown Error ***" -foregroundcolor red -backgroundcolor yellow;break} } }
该脚本必须以托pipe共享的计算机上的pipe理员身份运行。
这个线程 ,从第二个答案开始,有一些脚本示例来完成这个任务。