As stated in my last post, you can use a CSV file with powershell to import windows share info and automatically set shares with the correct info. The CSV file can be produced by the export share info script found in my last post. Once you have the CSV with share info, you can use the Import-CSV cmdlet to import the share info and store it for use.
Just like with the export script, MoW has an import script as well (here). If you don’t know a lot about windows security objects and are perplexed by some of the items in his script (sd, ace, trustee) I highly recommend reading my previous post on wmi security classes (here). You can read what he says in explanation to the script, I will talk just a little bit about what is going on.
- When the Import-CSV cmdlet is used at the beginning of the script, a ‘list’ is created (MoW calls it $sharelist), this is basically an array of objects – each object contains the share info from the CSV as properties (accessible via $share.name, $share.path, $share.accessmask, etc.)
- The $sharelist is piped into ‘select,’ where we look for unique name, path, & description. We only want unique ones because we only want to make 1 security descriptor for each share – there will be “repeat” entries in the CSV for shares with multiple permissions (same name, path, description, but different users, access masks, etc.)
- For each unique share, we create the security objects needed ($sd, $ace, $trustee). The security objects then get their properties added to them from the CSV info by looking for all the entries in the CSV for the current share (MoW says:
? {$_.name -eq $name}). - Each entry (essentially each user for that respective share) gets added to the $sd.DACL for that share.
- Finally, the share is created with the ‘Create’ method using the name, security descriptor, etc. This is done for all the shares contained in the CSV. A value will be returned indicating the result of each creation, look at the bottom of MoW’s post for what the return values mean.
After looking over MoW’s script, I decided that there were numerous customizations that would be needed to suit my purposes. The big issue is that I needed several ways to verify the data before creating any shares. Here are some of the things I wanted to accomplish:
1.) I chose not to export the SID for the user, so I need to find the SID that already exists in the system for each user.
2.) Check if all the properties on the current share object are valid (Access mask meets restrictions, file path valid in windows, share name valid in windows, user exists, etc.)
3.) Check if the share path in the CSV exists on the server (if not it needs created)
4.) Check if the share already exists (if not, create it)
5.) If the share exists, see if the permissions in the CSV match the permissions on the server (if they don’t, fix them to match the CSV)
6.) Store failed shares in a hash table with error message
View the script in the next post here!
