Creating share permissions template
I was looking for a way to restore lost shares (see: article link) on our domain on iSCSI drives and I wasn’t satisfied with the default permissions that are applied by the system (everyone can read). I wanted to change default share permissions and after some investigation I came up with this script. What you have to do is:
1. Create folder (any name) and share it with simple share name like “template”.
2. Apply any share permissions you like to it (for example, I like it blank so I removed all permissions/users)
3. Start this script and it will ask you for share name, type “template” or whatever share name you’ve given it
4. Wait for script to finish with alert message and confirm service restart.
At the end – any new folder that you create will carry same permissions as you defined for “template” folder. You can now delete “template” folder. If you want to know why I like empty template permissions read my article here.
' Variables const HKEY_LOCAL_MACHINE = &H80000002 strKeyPath = "SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity" strComputer = "." binaryValueName = "SrvsvcDefaultShareInfo" strServiceName = "Alerter" ' Get template share name sharename = InputBox( "Name of the template share" ) ' Registry object instance Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") ' Delete key if exists oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,binaryValueName ' Read binary registry value oReg.GetBinaryValue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\services\LanmanServer\Shares\Security",sharename,obin If IsArray( obin ) = False Then WScript.Echo "No such share!" WScript.Quit End If ' Convert to hex value so we can write to registry xA = obin xB = obin xF = obin For I = LBound(obin) To UBound(obin) xA(I) = CInt(obin(I)) xB(I) = Hex (CInt(obin(I))) If xB(I) = "0" Then xB(I) = "00" End If xF(I) = "&H" & xB(I) Next ' Write template registry value oReg.SetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath, binaryValueName,xF ' Notify user, restarting services WScript.Echo "Click OK to continue restarting services!" ' Service object instance Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") ' Stop service Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'") For Each objService in colListOfServices objService.StopService() Next ' Pause WScript.sleep 10000 ' Start service For Each objService in colListOfServices objService.StartService() Next ' Notify user WScript.Echo "Share parmission template created!" WScript.Quit
Category: Administration, Updated October 14, 2011 from admin | Log in