Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

Modify CIFS share permissions

CARBONBASE
‎2014-08-07 05:09 AM
15,385 Views

I would like to modify permissions on a number of NetApp CIFS shares (over 100). These are user shares (share names do not match the user names) and each share has a different user account with "Change" share permission, this permission now needs to be "Full Control".

I also need to be able to add a new group to these shares and give that group "Full Control" and finally I need to remove a group "Domain Admins" that has already been given permissions to the shares.

So far I've only worked out how to view the share permissions:

Get-NaCifsShareAcl -Share usertest01 | select ShareName -ExpandProperty UserAclInfo

What I have at the moment is this...

share name:           abc1

permission 1:          mydomain\user 1                    change

permission 2:          mydomain\domain admin        full control

share name:          abc2

permission 1:         mydomain\user 2                  change

permission 2:         mydomain\domain admins     full control

What I want to end up with is this....

share name:            abc1

permission 1:          mydomain\user 1                full control

permission 2:          mydomain\new group          full control

share name:            abc2

permission 1:          mydomain\user 2                full control

permission 2:          mydomain\new group          full control

I think the easiest way to get what I want would be to enumerate the share permissions and for any user account that is not Domain Admins, change its share permission to "full control" then remove Domain Admins and add my new group giving it "full control" as well.

0 Kudos
View By:
Tags (1)
1 ACCEPTED SOLUTION

JGPSHNTAP
‎2014-08-07 05:50 AM
15,384 Views

Here's how i would skin this cat...

So you have a few requirements but I will get you started

get-nacifsshareacl | select sharename -expandproperty useraclinfo  | % {

if ($_.accessrights -eq "change") {

set-nacifsshareacl $_.sharename $_.username -accessrights "Full Control"}

}

}

You want to make your modifications there.. I can help you out more if you give us a little more detail

View solution in original post

0 Kudos
10 REPLIES 10

JGPSHNTAP
‎2014-08-07 05:50 AM
15,385 Views

Here's how i would skin this cat...

So you have a few requirements but I will get you started

get-nacifsshareacl | select sharename -expandproperty useraclinfo  | % {

if ($_.accessrights -eq "change") {

set-nacifsshareacl $_.sharename $_.username -accessrights "Full Control"}

}

}

You want to make your modifications there.. I can help you out more if you give us a little more detail

0 Kudos

CARBONBASE
‎2014-08-07 08:55 AM
In response to JGPSHNTAP
15,345 Views

Hi you've cracked it thanks very much!

The thing I couldn't get my head around was that each of the user shares had different user account and I was focusing on that, where as the permissions were all the same and I just needed to change the permission on the account which had "Change".

I have added to your code a connection string to connected to the right filer and also a test for the share path, as well as commands to add and remove domain groups, so that my script only changes permissions on my user shares.  So my code looks like this:

Connect-NaController -Name toaster

Get-NaCifsShare | Where-Object {$_.MountPoint -like "/vol/user/folders"} | Set-NaCifsShareAcl -User "mydomain\new group" -AccessRights "Full Control" | Remove-NaCifsShareAcl -User "Domain Admins" | get-nacifsshareacl | select sharename -expandproperty useraclinfo  | % {

if ($_.accessrights -eq "change") {

set-nacifsshareacl $_.sharename $_.username -accessrights "Full Control"}

}

Thanks again!

0 Kudos

JGPSHNTAP
‎2014-08-07 08:58 AM
In response to CARBONBASE
15,345 Views

Wow.. The above code looks messy but if it works great.

You are querying and then setting and then looping it through foreach.. confusing

0 Kudos

CARBONBASE
‎2014-08-08 03:35 AM
In response to JGPSHNTAP
15,345 Views

I am very new to Powershell, so I may not be doing things in the most efficient way.

Any ideas for tidying up the script gratefully received.

0 Kudos

JGPSHNTAP
‎2014-08-08 05:31 AM
In response to CARBONBASE
15,345 Views

Ok, let's start with this.. are you trying to do lots of shares or just one?

0 Kudos

CARBONBASE
‎2014-08-08 06:52 AM
In response to JGPSHNTAP
15,345 Views

I've got around 500 shares to do.

0 Kudos

JGPSHNTAP
‎2014-08-08 07:50 AM
In response to CARBONBASE
15,345 Views

Ok, let me help you out...

Are they all on the same controller?  If not, do they experience all the same characterstics that we can query against..

The beauty of powershell is that its flexible and powerful, so we can script just about anything..   You want powershell to do the logic for you to make your life easy..

Let's start there and then I can ehp build your script

0 Kudos

CARBONBASE
‎2014-08-08 08:14 AM
In response to JGPSHNTAP
15,345 Views

All the shares are on the same controller

0 Kudos

JGPSHNTAP
‎2014-08-08 08:17 AM
In response to CARBONBASE
15,345 Views

That makes life easy...

If all the shares are changing it makes it even easier...

0 Kudos

CARBONBASE
‎2014-08-08 08:26 AM
In response to JGPSHNTAP
9,691 Views

Yes that's right, but I only want to modify the user shares, fortunately they all share the same first bit of the folder path which is why I added Get-NaCifsShare | Where-Object {$_.MountPoint -like "/vol/user/folders"} to my script

0 Kudos
All Community Forums
Public