I am creating some test code to prepare for a task where I will need to reset the Share Path and Share Permissions to over 100+ Shares since the folder structure is changing.
I will initially make a copy of the data using robocopy and ensure NTFS permissions are in tact, so all I would have to do is Remove the share and then re - add with the same share permissions.
Here are the shares on my local machine in my ‘test’ directory.
C:\Users\bclanton\Google Drive\code\Projects\Custom_Objects> (get-smbshare | Where-Object {$_.path -like "c:\utility\test\*"})
Name ScopeName Path Description
---- --------- ---- -----------
NewShareTest$ * C:\utility\test\NewshareTest
Share10$ * C:\utility\test\share10
Share3$ * C:\utility\test\share3
Share4$ * C:\utility\test\share4
Share5$ * C:\utility\test\share5
Share6$ * C:\utility\test\share6
Share7$ * C:\utility\test\share7
Share8$ * C:\utility\test\share8
Share9$ * C:\utility\test\share9
I have already copied the data with the same folders names to the directory c:\utility\test2.
Now I want to remove the share at c:\utlility\test and recreate it at c:\utility\test2.
My Problem is that I want to re-create the share based on the $sharePermissions variable I saved BEFORE I remove the share. I don’t see to have that option with ‘new-smbshare’ cmdlet where it seems I have to explicitly declare that permission.
Is there a way I can save share permissions from a folder and recreate those same share permissions on another folder?
$BCTestShares = (get-smbshare | Where-Object {$_.path -like "c:\utility\test\*"})
$BCTestPath = "c:\utility\test"
$BCTestPath2 = "c:\utility\test2"
$objectCollection = @()
$BCTestShares |
ForEach-Object {
#GetShareName
$shareName = $_.Name
#GetSharePermissions
$sharePermissions = Get-SmbShareAccess $_.Name
#Get Altered Path
$CurrentPath = $_.path
$alteredPath = ($CurrentPath -replace [regex]::Escape($BCTestPath), $BCTestPath2)
#Remove Share Permission
Remove-SmbShare $_.Name
#Add New Share Permission
#I don't seem to have an option to add the same share permission based on the variable $sharePermissions
#New-SmbShare -Name $_.Name $shareName -Path $alteredPath
$Properties =@{
Share = $shareName;
NewPath = $alteredPath
}
$object = New-Object -TypeName psobject -Property $Properties
$objectCollection = $objectCollection + $object
}
$objectCollection
I think my answer lies in access the Class Properties and assigning those to my variables. Am I correct?
C:\Users\bclanton\Google Drive\Code> get-smbshareAccess share10$ | gm
TypeName: Microsoft.Management.Infrastructure.CimInstance#ROOT/Microsoft/Windows/SMB/MSFT_SmbShareAccessControlEntry
Name MemberType Definition
---- ---------- ----------
Clone Method System.Object ICloneable.Clone()
Dispose Method void Dispose(), void IDisposable.Dispose()
Equals Method bool Equals(System.Object obj)
GetCimSessionComputerName Method string GetCimSessionComputerName()
GetCimSessionInstanceId Method guid GetCimSessionInstanceId()
GetHashCode Method int GetHashCode()
GetObjectData Method void GetObjectData(System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.Streaming...
GetType Method type GetType()
ToString Method string ToString()
AccountName Property string AccountName {get;}
Name Property string Name {get;}
PSComputerName Property string PSComputerName {get;}
ScopeName Property string ScopeName {get;}
AccessControlType ScriptProperty System.Object AccessControlType {get=[Microsoft.PowerShell.Cmdletization.GeneratedTypes.SmbShare.ShareAccessCo...
AccessRight ScriptProperty System.Object AccessRight {get=[Microsoft.PowerShell.Cmdletization.GeneratedTypes.SmbShare.ShareAccessRight] (...
Have a look at the Server Migration Toolkit. It will migrate shares with permissions and even the data for you.
If you need more granular control for the migration you’ll want to look at the Win32_Share WMI class to identify shares, identify share permissions then create the shares and apply the permissions on the new server.
What would be ideal is if I can dynamically capture the ‘Full’ ‘Change’ and ‘Read’ access since I don’t know what all of the shares are going to have.
The migration toolkit will transfer everything you want server to server.
New-SMBShare uses multiple parameters for share permission that only accept input:
-NoAccess -ReadAccess -FullAccess -ChangeAccess
So you need to provide which users by string for each parameter
Thinking to use new-smbshare you need to use the AccessName and AccessRight that comes from get-smbshareaccess to create an array of accessright = accessname for each smbshare.
Then use the array to provide which users have -readaccess etc…
You maybe able to use a cimsession -class win32-share to get this done… Not sure
I want have time until this weekend to see if write up something, good luck
You can also use SecurityDescriptor from share object /Get-SmbShare/ to use with New-SmbShare -SecurityDescriptor if you need to transfer access untouched
Perfect! SecrityDescriptor property is exactly what I needed.
I have only been actively working with Powershell and applying it to production tasks for the last 5 weeks. If I need to research methods and properties of classes and/or cmdlets where the help files do not give an example or much detail even in ‘full’ or ‘detailed’ description, where else may I turn?
For instance, I saw that Security Descriptor Property as part of the get-smbshare commandlet when I piped a share to the ‘get-member’, but it was not immediately obvious what that was and there were no examples in the help pages for the new-smbshare cmdlet.
Is there another PS resource I can use in my research arsenal other than man/help pages that will go into detail about cmdlet methods?
I’m always first do $someObject | Get-Member and $someobject | Format-List * -Force to explore objects and it’s values. This help me to find correlation between Properties and Parameters even it’s not documented very well