Category filter
Script to create file share access on Windows devices
File share access is a feature that allows specific users or user groups to access shared files or folders within the device or over a device network. Here, shared files or folders refer to the file or directory existing on a computer set up to be accessed by multiple users. In an organization, users with admin access can share files or folders with other users. They can also grant or revoke access to files for employees. You can share files or folders for users on a Windows device by deploying a custom script via the Execute Custom Script action.
Scripting language – PowerShell
File extension – .ps1
The sample scripts provided below are adapted from third-party open-source sites.
Create file share access
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#Define shared folder path and name $sharedFolderPath = "<C:\Path\To\SharedFolder/File>" $shareName = "<MySharedFolder/Filer>" #Define user or group to grant access (replace 'UserName' with the actual username or group name) $grantTo = "<UserName>" #Define access permissions ("Read", "Change", "FullControl") $permissions = "<FullControl>" New-SmbShare -Name $shareName -Path $sharedFolderPath -ReadAccess $grantTo $acl = Get-Acl -Path $sharedFolderPath $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $grantTo, $permissions, "ContainerInherit,ObjectInherit", "None", "Allow" ) $acl.AddAccessRule($accessRule) Set-Acl -Path $sharedFolderPath -AclObject $acl Write-Host "File share '$shareName' created with '$permissions' permission for '$grantTo'." |
Here, the script starts by defining parameters such as the shared folder path, shared folder name, username to grant access, and the desired permission (Read, Change, or FullControl). The permission denotes the different levels of access the users can have across the shared folders or files on the device.
- Users with ‘Read’ permission can view and open files within the shared folder. In the case of shared files, the read permission provides only the ‘view’ option for the users.
- Users with ‘Read’ permission cannot modify or delete files.
- In addition to the permissions granted by ‘Read’, users with ‘Change’ permission can also modify and delete files or folders.
- Users with ‘ Change ‘ permission can add new files and create new folders.
- Users with ‘FullControl’ permission have complete control over the shared files, folder and their contents. This includes all the permissions granted by ‘Read’ and ‘Change’.
- Users with ‘FullControl’ permission can change the permission type of other users and take ownership of files.
To check the permission level of a folder on your device, right-click it, select Properties, navigate to the Sharing tab, and click Share. This will display the current permission levels for the users, and you can manage them as needed.
The script creates a new SMB share using the New-SmbShare cmdlet. It then fetches the Access Control List (ACL) of the specified folder and adds a new access rule to grant specific permission to a specified user. Finally, the updated ACL is applied to the specified folder using the Set-Acl cmdlet.
What happens at the device end
After executing the script, the specified user can access the shared folder or file specified in the script.
Before giving access
After giving access
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
