windows使用powershell管理文件共享（权限未设置成功，待完善）

阅读数:139 评论数:0

分类

应用软件

正文

一、枚举当前系统中已存在共享

win32_share对象便是windows系统上共享的磁盘、打印机、系统默认共享以及其他共享设备。

PS C:\Windows\system32> Get-WmiObject -Class win32_share | ft -AutoSize -Wrap

Name   Path                         Description  
----   ----                         -----------  
ADMIN$ C:\Windows                   Remote Admin 
C$     C:\                          Default share
IPC$                                Remote IPC   
test   C:\Users\huzx\documents\test

二、创建新的共享

1、创建共享的语法

(Get-WmiObject -List -Class win32_share).create(PATH,NAME,SHARETYPE)

（1）path：共享的路径

（2）NAME: 自定义共享名称

（3）SHARETYPE：共享资源的类型

0 = Disk Drive
1 = Print Queue
2 = Device * 3 = IPC
2147483648 = Disk Drive Admin
2147483649 = Print Queue Admin
2147483650 = Device Admin
2147483651 = IPC Admin

PS C:\Windows\system32> new-item -Path c:\ -Name test2 -ItemType directory 

    Directory: C:\

Mode                LastWriteTime         Length Name                                                                                                                                                             
----                -------------         ------ ----                                                                                                                                                             
d-----        2/26/2021   4:54 PM                test2


PS C:\Windows\system32> (Get-WmiObject -List -Class win32_share).create("c:\test3","test3",0)


__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
ReturnValue      : 0
PSComputerName   :

三、删除共享

PS C:\Windows\system32> $share=Get-WmiObject -Class win32_share | ? {$_.name -eq 'test3'} 

PS C:\Windows\system32> $share

Name  Path     Description
----  ----     -----------
test3 c:\test3            

PS C:\Windows\system32> $share.Delete() 


__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
ReturnValue      : 0
PSComputerName   : 

PS C:\Windows\system32> Get-WmiObject win32_share 

Name   Path                         Description  
----   ----                         -----------  
ADMIN$ C:\Windows                   Remote Admin 
C$     C:\                          Default share
IPC$                                Remote IPC   
test   C:\Users\huzx\documents\test

四、配置共享的访问权限

1、通过get-acl命令列出ACL

PS C:\Windows\system32> $share=Get-WmiObject -ComputerName dc -Class win32_share | ? {$_.name -eq 'test3'} 

PS C:\Windows\system32> $share 

Name  Path     Description
----  ----     -----------
test3 c:\test3            

PS C:\Windows\system32> $share | get-acl | fl *


PSPath                  : Microsoft.PowerShell.Core\FileSystem::C:\test3
PSParentPath            : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName             : test3
PSDrive                 : C
PSProvider              : Microsoft.PowerShell.Core\FileSystem
CentralAccessPolicyId   : 
CentralAccessPolicyName : 
Path                    : Microsoft.PowerShell.Core\FileSystem::C:\test3
Owner                   : BUILTIN\Administrators
Group                   : buffallos\Domain Users
Access                  : {System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, 
                          System.Security.AccessControl.FileSystemAccessRule...}
Sddl                    : O:BAG:DUD:AI(A;OICIID;FA;;;BA)(A;OICIID;FA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
AccessToString          : BUILTIN\Administrators Allow  FullControl
                          NT AUTHORITY\SYSTEM Allow  FullControl
                          BUILTIN\Users Allow  ReadAndExecute, Synchronize
                          NT AUTHORITY\Authenticated Users Allow  Modify, Synchronize
                          NT AUTHORITY\Authenticated Users Allow  -536805376
AuditToString           : 
AccessRightType         : System.Security.AccessControl.FileSystemRights
AccessRuleType          : System.Security.AccessControl.FileSystemAccessRule
AuditRuleType           : System.Security.AccessControl.FileSystemAuditRule
AreAccessRulesProtected : False
AreAuditRulesProtected  : False
AreAccessRulesCanonical : True
AreAuditRulesCanonical  : True

2、通过set-acl设置权限

PS C:\Windows\system32> $acl = get-acl -Path //dc/c$/test3 

PS C:\Windows\system32> $permission = "buffallos\adminhuzx","FullControl","Allow"

PS C:\Windows\system32> $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission

PS C:\Windows\system32> $acl.SetAccessRule($accessRule)

PS C:\Windows\system32> $acl | Set-Acl '\\dc\c$\test3'