PowerShell: Create and Edit SMB Shares

# Create SMB Share
$sharePath='C:\testshare'
$accessList="$env:USERDOMAIN\Domain Admins","NT AUTHORITY\Authenticated Users"
$shareName=split-path $sharePath -leaf
mkdir $sharePath
New-SmbShare -Name $shareName -Path $sharePath -FullAccess $accessList

# Check SMB Acccesses
[SMBSERVER]: PS C:\Users\kimconnect\Documents> Get-SmbShareAccess $shareName
Name          ScopeName AccountName                      AccessControlType AccessRight
----          --------- -----------                      ----------------- -----------
testshare *         KIMCONNECT\Domain Admins         Allow             Full
testshare *         NT AUTHORITY\Authenticated Users Allow             Full

# Add Share Permissions
$grantPrinciple="$env:USERDOMAIN\Domain Admins"
Grant-SmbShareAccess -Name $shareName -AccountName $grantPrinciple -AccessRight Full -Force

# Remove Share Permissions
$removePrinciple="NT AUTHORITY\Authenticated Users"
Revoke-SmbShareAccess -Name $shareName -AccountName $removePrinciple -Force

# Clone NTFS Access Control List (ACL)
# Warning: only do this to a new clone-to directory as misuse can cause permission problems
$cloneAclFrom='C:\originalshare'
$cloneAclTo=$sharePath
get-acl $cloneAclFrom|set-acl $cloneAclTo

# Check NTFS Permissions:
[SMBSERVER]: PS C:\Users\kimconnect\Documents> (get-acl c:\testshare).AccessToString
Everyone Allow  ReadAndExecute, Synchronize
CREATOR OWNER Allow  FullControl
NT AUTHORITY\SYSTEM Allow  FullControl
BUILTIN\Administrators Allow  FullControl
KIMCONNECt\TestAdmin Allow  FullControl

Leave a Reply

Your email address will not be published. Required fields are marked *