0

所以我对 VBS 完全陌生,从未使用过它。我正在尝试创建多个共享,我发现了一个可以执行此操作的 Microsoft VBS 脚本(http://gallery.technet.microsoft.com/scriptcenter/6309d93b-fcc3-4586-b102-a71415244712 ​​)我的问题是,只有这个脚本允许添加一个域组或用户以获得权限,我需要添加一对具有不同权限的用户(弄清楚了) 下面是我根据需要修改的脚本,但只需要在第二组中添加其他权限。如果有更简单的方法可以做到这一点,请告诉我。

'ShareSetup.vbs 
'========================================================================== 
Option Explicit  
Const FILE_SHARE = 0 
Const MAXIMUM_CONNECTIONS = 25 
Dim strComputer 
Dim objWMIService 
Dim objNewShare 

strComputer = "." 
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" &              strComputer & "\root\cimv2") 
Set objNewShare = objWMIService.Get("Win32_Share") 

Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")  


Sub sharesec(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or       group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  

Set ACE = Services.Get("Win32_Ace").SpawnInstance_ 
ACE.Properties_.Item("AccessMask") = 1179817 
ACE.Properties_.Item("AceFlags") = 3 
ACE.Properties_.Item("AceType") = 0 
ACE.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE)

Set Share = Services.Get("Win32_Share") 
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_() 
InParam.Properties_.Item("Access") = SecDesc 
InParam.Properties_.Item("Description") = "Public Share" 
InParam.Properties_.Item("Name") = ShareName 
InParam.Properties_.Item("Path") = FolderName 
InParam.Properties_.Item("Type") = 0 
Share.ExecMethod_ "Create", InParam 


End Sub  

Sub sharesec2(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or     group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE2 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
ACE2.Properties_.Item("AccessMask") = 1179817 
ACE2.Properties_.Item("AceFlags") = 3 
ACE2.Properties_.Item("AceType") = 0 
ACE2.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE2) 

End Sub


Function SetAccountTrustee(strDomain, strName)  
     set objTrustee = getObject("Winmgmts:     {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
     set account = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='"    & strDomain &"'")  
     set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
     objTrustee.Domain = strDomain  
     objTrustee.Name = strName  
     objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
     set accountSID = nothing  
     set account = nothing  
     set SetAccountTrustee = objTrustee  
End Function  


Function SetGroupTrustee(strDomain, strName)  
Dim objTrustee 
Dim account 
Dim accountSID 
set objTrustee = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" &    strDomain &"'")  
set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
objTrustee.Domain = strDomain  
objTrustee.Name = strName  
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
set accountSID = nothing  
set account = nothing  
set SetGroupTrustee = objTrustee  
End Function
4

2 回答 2

1

我认为您会发现使用 icacls 在 NTFS 级别编写权限脚本比使用 VBS 在共享级别编写权限更容易,并且只需在您的 VBScript 中为所有用户分配完全访问权限。

您可能还希望研究使用 powershell 创建共享,这里有一些指导:http: //blogs.technet.com/b/heyscriptingguy/archive/2010/09/16/how-to-use- powershell-to-create-shared-folders-in-windows-7.aspx

将来,我们将能够使用 cmdlet new-smbshare 在 powershell 中执行此操作 :-) http://technet.microsoft.com/en-us/library/jj635726.aspx

于 2013-10-30T19:22:01.723 回答
1 
Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")

由于某些原因,我假设您sharesec2出于某种奇怪的原因创建了额外的功能,但这是错误的做法。您基本上是在尝试创建共享两次。这没有任何意义。复制该功能没有有效的目的。

您真正需要做的是重新设计该功能。例如,您可能会更改的第四个参数,sharesec以便它接受一个数组。然后,您需要遍历阵列并为共享建立您的自由访问控制列表 (DACL)。每个用户/组有一个访问控制条目 (ACE)。

因为我讨厌 VBS,所以我不会为您编写代码,但这是该部分想要循环此部分并构建 DACL 的部分。

' loop over the list of users
    ` create ACE for single user/group
    Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
    'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee  
    Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
    ACE2.Properties_.Item("AccessMask") = 1179817 
    ACE2.Properties_.Item("AceFlags") = 3 
    ACE2.Properties_.Item("AceType") = 0 
    ACE2.Properties_.Item("Trustee") = Trustee
    ` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array

无论如何,我强烈建议您改用 Powershell。

于 2013-10-30T19:30:11.757 回答