Fatal编程技术网

Windows server 2008 编写Windows共享脚本-VBS

scripting vbscript

Windows server 2008 编写Windows共享脚本-VBS,windows-server-2008,scripting,network-share,vbscript,Windows Server 2008,Scripting,Network Share,Vbscript,所以我对VBS完全陌生,从未使用过。我正在尝试创建多个共享,发现一个Microsoft VBS脚本可以执行此操作()我的问题是,此脚本只允许添加一个域组或用户以获得权限,而我需要添加两个具有不同权限的域组或用户(已解决此问题)下面是我根据需要修改的脚本,但只需要添加到具有其他权限的第二个组中。如果有更简单的方法,请让我知道 'ShareSetup.vbs '=====================================================================

所以我对VBS完全陌生,从未使用过。我正在尝试创建多个共享,发现一个Microsoft VBS脚本可以执行此操作()我的问题是,此脚本只允许添加一个域组或用户以获得权限,而我需要添加两个具有不同权限的域组或用户(已解决此问题)下面是我根据需要修改的脚本,但只需要添加到具有其他权限的第二个组中。如果有更简单的方法,请让我知道

'ShareSetup.vbs 
'========================================================================== 
Option Explicit  
Const FILE_SHARE = 0 
Const MAXIMUM_CONNECTIONS = 25 
Dim strComputer 
Dim objWMIService 
Dim objNewShare 

strComputer = "." 
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" &              strComputer & "\root\cimv2") 
Set objNewShare = objWMIService.Get("Win32_Share") 

Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")  


Sub sharesec(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or       group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  

Set ACE = Services.Get("Win32_Ace").SpawnInstance_ 
ACE.Properties_.Item("AccessMask") = 1179817 
ACE.Properties_.Item("AceFlags") = 3 
ACE.Properties_.Item("AceType") = 0 
ACE.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE)

Set Share = Services.Get("Win32_Share") 
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_() 
InParam.Properties_.Item("Access") = SecDesc 
InParam.Properties_.Item("Description") = "Public Share" 
InParam.Properties_.Item("Name") = ShareName 
InParam.Properties_.Item("Path") = FolderName 
InParam.Properties_.Item("Type") = 0 
Share.ExecMethod_ "Create", InParam 


End Sub  

Sub sharesec2(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or     group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE2 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
ACE2.Properties_.Item("AccessMask") = 1179817 
ACE2.Properties_.Item("AceFlags") = 3 
ACE2.Properties_.Item("AceType") = 0 
ACE2.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE2) 

End Sub


Function SetAccountTrustee(strDomain, strName)  
     set objTrustee = getObject("Winmgmts:     {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
     set account = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='"    & strDomain &"'")  
     set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
     objTrustee.Domain = strDomain  
     objTrustee.Name = strName  
     objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
     set accountSID = nothing  
     set account = nothing  
     set SetAccountTrustee = objTrustee  
End Function  


Function SetGroupTrustee(strDomain, strName)  
Dim objTrustee 
Dim account 
Dim accountSID 
set objTrustee = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" &    strDomain &"'")  
set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
objTrustee.Domain = strDomain  
objTrustee.Name = strName  
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
set accountSID = nothing  
set account = nothing  
set SetGroupTrustee = objTrustee  
End Function
我认为您会发现使用icacls在NTFS级别编写权限脚本比使用VBS在共享级别编写权限脚本更容易,并且只需在VBScript中为所有用户分配完全访问权限即可

您可能还希望了解如何使用powershell创建共享,这里有一些指导:

将来,我们将能够使用cmdlet new-smbshare在powershell中执行此操作:-)

我假设出于某些原因,您创建了额外的函数
sharesec2
,原因很奇怪,但这样做是错误的。您基本上是在尝试创建两次共享。这没有道理。复制该函数没有有效的目的

你真正需要做的是重新处理这个函数。例如,您可以更改
sharesec
的第四个参数,使其接受数组。然后,您需要在阵列上循环,并为共享建立您的自主访问控制列表(DACL)。每个用户/组有一个访问控制条目(ACE)

我不打算为您编写代码,因为我讨厌VBS,但这是我希望在这一部分上循环并构建DACL的部分

' loop over the list of users
    ` create ACE for single user/group
    Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
    'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee  
    Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
    ACE2.Properties_.Item("AccessMask") = 1179817 
    ACE2.Properties_.Item("AceFlags") = 3 
    ACE2.Properties_.Item("AceType") = 0 
    ACE2.Properties_.Item("Trustee") = Trustee
    ` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array
无论如何,我强烈建议您改为查看Powershell

所以我对VBS完全陌生,从未使用过它。
-那就现在停止。学习VBS是一个坏主意,因为微软正在将几乎所有的东西都转移到Powershell。在互联网站上有很多与powershell创建共享的好例子。谢谢!在Powershell上发现了一些很棒的东西,我能处理。我比VB更精通Powershell。我想我将能够利用PS4.0,这将使它变得更加容易。 
' loop over the list of users
    ` create ACE for single user/group
    Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
    'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee  
    Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
    ACE2.Properties_.Item("AccessMask") = 1179817 
    ACE2.Properties_.Item("AceFlags") = 3 
    ACE2.Properties_.Item("AceType") = 0 
    ACE2.Properties_.Item("Trustee") = Trustee
    ` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array