Subscribe
Accepted Solution

Modify CIFS share permissions

I would like to modify permissions on a number of NetApp CIFS shares (over 100). These are user shares (share names do not match the user names) and each share has a different user account with "Change" share permission, this permission now needs to be "Full Control".

I also need to be able to add a new group to these shares and give that group "Full Control" and finally I need to remove a group "Domain Admins" that has already been given permissions to the shares.

So far I've only worked out how to view the share permissions:

Get-NaCifsShareAcl -Share usertest01 | select ShareName -ExpandProperty UserAclInfo

What I have at the moment is this...

share name:           abc1

permission 1:          mydomain\user 1                    change

permission 2:          mydomain\domain admin        full control

share name:          abc2

permission 1:         mydomain\user 2                  change

permission 2:         mydomain\domain admins     full control

What I want to end up with is this....

share name:            abc1

permission 1:          mydomain\user 1                full control

permission 2:          mydomain\new group          full control

share name:            abc2

permission 1:          mydomain\user 2                full control

permission 2:          mydomain\new group          full control

I think the easiest way to get what I want would be to enumerate the share permissions and for any user account that is not Domain Admins, change its share permission to "full control" then remove Domain Admins and add my new group giving it "full control" as well.

Re: Modify CIFS share permissions

Here's how i would skin this cat...

So you have a few requirements but I will get you started

get-nacifsshareacl | select sharename -expandproperty useraclinfo  | % {

if ($_.accessrights -eq "change") {

set-nacifsshareacl $_.sharename $_.username -accessrights "Full Control"}

}

}

You want to make your modifications there.. I can help you out more if you give us a little more detail

Re: Modify CIFS share permissions

Hi you've cracked it thanks very much!

The thing I couldn't get my head around was that each of the user shares had different user account and I was focusing on that, where as the permissions were all the same and I just needed to change the permission on the account which had "Change".

I have added to your code a connection string to connected to the right filer and also a test for the share path, as well as commands to add and remove domain groups, so that my script only changes permissions on my user shares.  So my code looks like this:

Connect-NaController -Name toaster

Get-NaCifsShare | Where-Object {$_.MountPoint -like "/vol/user/folders"} | Set-NaCifsShareAcl -User "mydomain\new group" -AccessRights "Full Control" | Remove-NaCifsShareAcl -User "Domain Admins" | get-nacifsshareacl | select sharename -expandproperty useraclinfo  | % {

if ($_.accessrights -eq "change") {

set-nacifsshareacl $_.sharename $_.username -accessrights "Full Control"}

}

Thanks again!

Re: Modify CIFS share permissions

Wow.. The above code looks messy but if it works great.

You are querying and then setting and then looping it through foreach.. confusing

Re: Modify CIFS share permissions

I am very new to Powershell, so I may not be doing things in the most efficient way.

Any ideas for tidying up the script gratefully received.

Re: Modify CIFS share permissions

Ok, let's start with this.. are you trying to do lots of shares or just one?

Re: Modify CIFS share permissions

I've got around 500 shares to do.

Re: Modify CIFS share permissions

Ok, let me help you out...

Are they all on the same controller?  If not, do they experience all the same characterstics that we can query against..

The beauty of powershell is that its flexible and powerful, so we can script just about anything..   You want powershell to do the logic for you to make your life easy..

Let's start there and then I can ehp build your script

Re: Modify CIFS share permissions

All the shares are on the same controller

Re: Modify CIFS share permissions

That makes life easy...

If all the shares are changing it makes it even easier...