![]() ![]() Invoke-Command -ComputerName $ComputerList -ScriptBlock $ScriptBlockĬan multiple accounts be added to a share using PowerShell? $SecuritySettings.SetSecurityDescriptor($Descriptor) $Ace.AceFlags = 3 # ContainerInherit ObjectInherit $Ace = ( "\\$ComputerName\root\cimv2:Win32_ACE").CreateInstance() $Trustee = ( "\\$ComputerName\root\cimv2:Win32_Trustee").CreateInstance() Get-WmiObject -Class Win32_LogicalShareSecuritySetting | foreach ) # List of drives that should not be checked for share permissions # on the server not included in the exclude list. # This script will remove the "Everyone" group from any shares # It would be great if someone can please help me acheive this. This script does list the folder which has Everyone added in share permission, But doesnt remediate the permissions. I got the script below from one of the forums but it doesnt work for me on Win10 Desktop. ![]() Now the point here is that i dont have the list of the folders on which we need to carry out following change, so i would need help in powershell script which can be set as startup script to help me achive this. Our Enviorment is mix of Windows 8 /10 on clients and Windows 2k8/2k12/2k16 on server side. Cheers.I have a requirement where my IS Security Team wants us to remove Everyone Group from the shared folders and add Äuthenticated Users group instead. I then added the other users that might use the Linux or Win11 systems and poured myself a cold one. Sudo dscl /Local/Default append Groups/.23 GroupMembers īAM!! The Linux system mounted right up! Then the Win11 system too! I also found that I didn't need to add users to every share, both raids mounted fine. sudo dscl /Local/Default append Groups/.23 GroupMembership On a whim I chose one of these 'raid' groups and substituted its RecordName in the dscl commands from the solution above. ![]() The Solution: I used the Mac Directory Utility to look into the Local Groups directory and saw that there indeed was NOT a SMB entry with RecordName = _smb, but rather a bunch of (8-9) entries for each shared resource, which had in the RecordName .NN (NN=2-digit number). I circled back to it today and decided to look harder at why they didn't work. I had run across this SE topic, but the dscl commands failed, so I moved on. I tried for 2 days to fix, but couldn't find a solution. Most machines were able to mount the shares, except for the one Win11 and Linux machines. The Problem: We upgraded the Mac Mini to Monterey (12.5) and that's when the trouble started. Two exceptions were one win11 machine and the Linux machine, both of which could only mount using the ip addr. Prior to the problem, most network machines mounted the drive using the qualified machine name (e.g. The Linux machine is listed in the AD system and uses the Azure DNS server, but is not joined to the domain for auth purposes - it uses local auth only. We use the AzureAD that comes with O365 for authentication of the Win machines and also have an Active Directory server in Azure that is synced with the O365 AD and also serves as our DNS master, which is used by the Macs and some other devices. We have Mac clients on several different OS versions, Win clients on several OS versions and a Linux client running Ubuntu 20.04 on the network. My config: I have a 2014 Mac Mini server with 2 raid shares that we use on various machines within our company network. My problem manifested a little differently, but I think it had the same underlying cause (whatever that may be). I want to chime in here, in case this can help someone else! I tried the solution above from but it didn't work for me HOWEVER, it did lead me to a similar solution that did work for me.
0 Comments
Leave a Reply. |