Windows server 2008 编写Windows共享脚本-VBS
所以我对VBS完全陌生,从未使用过。我正在尝试创建多个共享,发现一个Microsoft VBS脚本可以执行此操作()我的问题是,此脚本只允许添加一个域组或用户以获得权限,而我需要添加两个具有不同权限的域组或用户(已解决此问题)下面是我根据需要修改的脚本,但只需要添加到具有其他权限的第二个组中。如果有更简单的方法,请让我知道Windows server 2008 编写Windows共享脚本-VBS,windows-server-2008,scripting,network-share,vbscript,Windows Server 2008,Scripting,Network Share,Vbscript,所以我对VBS完全陌生,从未使用过。我正在尝试创建多个共享,发现一个Microsoft VBS脚本可以执行此操作()我的问题是,此脚本只允许添加一个域组或用户以获得权限,而我需要添加两个具有不同权限的域组或用户(已解决此问题)下面是我根据需要修改的脚本,但只需要添加到具有其他权限的第二个组中。如果有更简单的方法,请让我知道 'ShareSetup.vbs '=====================================================================
'ShareSetup.vbs
'==========================================================================
Option Explicit
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 25
Dim strComputer
Dim objWMIService
Dim objNewShare
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")
Sub sharesec(Fname,shr,info,account)
'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to
Dim FSO
Dim Services
Dim SecDescClass
Dim SecDesc
Dim Trustee
Dim ACE
Dim Share
Dim InParam
Dim Network
Dim FolderName
Dim AdminServer
Dim ShareName
FolderName = Fname
AdminServer = "\\" & strComputer
ShareName = shr
Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_()
'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_
'Trustee.Domain = Null
'Trustee.Name = "EVERYONE"
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
ACE.Properties_.Item("AccessMask") = 1179817
ACE.Properties_.Item("AceFlags") = 3
ACE.Properties_.Item("AceType") = 0
ACE.Properties_.Item("Trustee") = Trustee
SecDesc.Properties_.Item("DACL") = Array(ACE)
Set Share = Services.Get("Win32_Share")
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
InParam.Properties_.Item("Access") = SecDesc
InParam.Properties_.Item("Description") = "Public Share"
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("Type") = 0
Share.ExecMethod_ "Create", InParam
End Sub
Sub sharesec2(Fname,shr,info,account)
'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to
Dim FSO
Dim Services
Dim SecDescClass
Dim SecDesc
Dim Trustee
Dim ACE2
Dim Share
Dim InParam
Dim Network
Dim FolderName
Dim AdminServer
Dim ShareName
FolderName = Fname
AdminServer = "\\" & strComputer
ShareName = shr
Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_()
'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_
'Trustee.Domain = Null
'Trustee.Name = "EVERYONE"
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_
ACE2.Properties_.Item("AccessMask") = 1179817
ACE2.Properties_.Item("AceFlags") = 3
ACE2.Properties_.Item("AceType") = 0
ACE2.Properties_.Item("Trustee") = Trustee
SecDesc.Properties_.Item("DACL") = Array(ACE2)
End Sub
Function SetAccountTrustee(strDomain, strName)
set objTrustee = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
set account = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetAccountTrustee = objTrustee
End Function
Function SetGroupTrustee(strDomain, strName)
Dim objTrustee
Dim account
Dim accountSID
set objTrustee = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_
set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" & strDomain &"'")
set accountSID = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")
objTrustee.Domain = strDomain
objTrustee.Name = strName
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
set accountSID = nothing
set account = nothing
set SetGroupTrustee = objTrustee
End Function
我认为您会发现使用icacls在NTFS级别编写权限脚本比使用VBS在共享级别编写权限脚本更容易,并且只需在VBScript中为所有用户分配完全访问权限即可 您可能还希望了解如何使用powershell创建共享,这里有一些指导: 将来,我们将能够使用cmdlet new-smbshare在powershell中执行此操作:-) 我假设出于某些原因,您创建了额外的函数
sharesec2
,原因很奇怪,但这样做是错误的。您基本上是在尝试创建两次共享。这没有道理。复制该函数没有有效的目的
你真正需要做的是重新处理这个函数。例如,您可以更改sharesec
的第四个参数,使其接受数组。然后,您需要在阵列上循环,并为共享建立您的自主访问控制列表(DACL)。每个用户/组有一个访问控制条目(ACE)
我不打算为您编写代码,因为我讨厌VBS,但这是我希望在这一部分上循环并构建DACL的部分
' loop over the list of users
` create ACE for single user/group
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_
ACE2.Properties_.Item("AccessMask") = 1179817
ACE2.Properties_.Item("AceFlags") = 3
ACE2.Properties_.Item("AceType") = 0
ACE2.Properties_.Item("Trustee") = Trustee
` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array
无论如何,我强烈建议您改为查看Powershell
所以我对VBS完全陌生,从未使用过它。
-那就现在停止。学习VBS是一个坏主意,因为微软正在将几乎所有的东西都转移到Powershell。在互联网站上有很多与powershell创建共享的好例子。谢谢!在Powershell上发现了一些很棒的东西,我能处理。我比VB更精通Powershell。我想我将能够利用PS4.0,这将使它变得更加容易。
' loop over the list of users
` create ACE for single user/group
Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.
'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_
ACE2.Properties_.Item("AccessMask") = 1179817
ACE2.Properties_.Item("AceFlags") = 3
ACE2.Properties_.Item("AceType") = 0
ACE2.Properties_.Item("Trustee") = Trustee
` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array