Need help on permission on AdvanceSharing

Hi All,
i have create a remove share using powershell and i want to enable everyone to have a “change” permission on the share i have create. I have used the below script to do so. But it is creating permission on the security no on the sharing permission.

We are using sql 2008, so i can use New-smbshare also. Is there any way to do?

$acl = Get-Acl \servername\test
$permission = “xxxx”,“Change”,“Allow”
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl | Set-Acl \servername\test

Get- and Set-ACL don’t work with share permissions; they work with file permissions. That’s why this isn’t working for you. If you’re not on 2012 or later, you don’t have the SMB commands that would make this easy. I’d consider using the Cacls.exe command for this, instead.


To set permissions you need to enable both NTFS permissions and the share permissions. Your code apply the NTFS permissions.
Use the New-SmbShare cmdlet to both create the share and set the share permissions to suit your needs.

Jones, thanks for you reply. Yes i found that it won’t work with the security. I have found solutions through Win32_trustee,WInt32_ACE and WIn32_securityDescriptor to create share and share permission. Please find the below code. It worked fine for me…

Thanks all for your quick responses. …

Function errMsg($intErr)
0 { “Success - Share created” }
2 { “Access denied - Permission?” }
8 { “Unknown failure” }
9 { “Invalid name” }
10 { “Invalid level” }
21 { “Invalid parameter” }
22 { “Duplicate share - Already created” }
23 { “Redirected path” }
24 { “Unknown device or directory” }
25 { “Net name not found” }
DEFAULT { “$intErr has an Unknown value” }
$host.PrivateData.ErrorForegroundColor = ‘Red’

#Username/Group to give permissions to
$trustee = ([wmiclass]‘Win32_trustee’).psbase.CreateInstance()
$trustee.Domain = “NT Authority”
$trustee.Name = “Everyone”

#Accessmask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785

#Create access-list
$ace = ([wmiclass]‘Win32_ACE’).psbase.CreateInstance()
$ace.AccessMask = $change
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee

#Securitydescriptor containting access
$sd = ([wmiclass]‘Win32_SecurityDescriptor’).psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace
$ = $trustee
$sd.owner = $trustee

$share = Get-WmiObject Win32_Share -List -ComputerName $computername
$success = $share.create($folderpath, $sharename, 0, 100, $sharename, “”, $sd) | select returnValue