Powershell – Modify CIFS share ACL’s

netappnetwork-attached-storagepowershellstorage

I would like to modify permissions on a number of NetApp CIFS shares (over 100). These are user shares and each share has a different user with "Change" share permission, this permission now needs to be "Full Control".

I also need to be able to add a new group to these shares and give that group "Full Control" and finally I need to remove a group that has already been given permissions to the shares.

Best Answer

If you're running powershell 4.0 check our Grant/Revoke-SMBShareAccess http://technet.microsoft.com/en-us/library/jj635705.aspx However, PS4 requires a Win8.1 or Server2012 R2 or later client OS to run. Earlier versions of PS did not have native cmdlets for share ACL modification.

I've had good luck with SUBINACL.EXE you can download here http://www.microsoft.com/en-us/download/details.aspx?id=23510

You can change the share perm from "change" to "full" by just granting full, don't need to revoke change.

C:\> subinacl /share \\netapp\home /revoke=theDom\theUser
\\netapp\home : delete Perm. ACE 1 theDom\theUser
\\netapp\home : 1 change(s)
Elapsed Time: 00 00:00:00
Done:        1, Modified        1, Failed        0, Syntax errors        0
Last Done  : \\netapp\home

C:\> subinacl /share \\netapp\home /grant=theDom\theUser=f
\\netapp\home : new ace for theDom\theUser
\\netapp\home : 1 change(s)
Elapsed Time: 00 00:00:00
Done:        1, Modified        1, Failed        0, Syntax errors        0
Last Done  : \\netapp\home

C:\> subinacl /share \\netapp\home
==========================
+Share \\netapp\home
==========================
/control=0x0
/audit ace count   =0
/perm. ace count   =1
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        Full Control
Elapsed Time: 00 00:00:00
Done:        1, Modified        0, Failed        0, Syntax errors        0
Last Done  : \\netapp\home
Related Topic