编写Windows共享脚本- VBS

Question

所以我对VBS完全陌生，从未使用过。我正在尝试创建多个共享，我发现了一个Microsoft脚本可以执行此操作(http://gallery.technet.microsoft.com/scriptcenter/6309d93b-fcc3-4586-b102-a71415244712)--我的问题是，这个脚本只允许为权限添加一个域组或用户，当我需要添加具有不同权限的两个权限时，下面是我为我的需要修改的脚本，但只需要添加第二个具有其他权限的组。如果有更简单的方法，请告诉我。

'ShareSetup.vbs 
'========================================================================== 
Option Explicit  
Const FILE_SHARE = 0 
Const MAXIMUM_CONNECTIONS = 25 
Dim strComputer 
Dim objWMIService 
Dim objNewShare 

strComputer = "." 
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" &              strComputer & "\root\cimv2") 
Set objNewShare = objWMIService.Get("Win32_Share") 

Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")  


Sub sharesec(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or       group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  

Set ACE = Services.Get("Win32_Ace").SpawnInstance_ 
ACE.Properties_.Item("AccessMask") = 1179817 
ACE.Properties_.Item("AceFlags") = 3 
ACE.Properties_.Item("AceType") = 0 
ACE.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE)

Set Share = Services.Get("Win32_Share") 
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_() 
InParam.Properties_.Item("Access") = SecDesc 
InParam.Properties_.Item("Description") = "Public Share" 
InParam.Properties_.Item("Name") = ShareName 
InParam.Properties_.Item("Path") = FolderName 
InParam.Properties_.Item("Type") = 0 
Share.ExecMethod_ "Create", InParam 


End Sub  

Sub sharesec2(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or     group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE2 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
ACE2.Properties_.Item("AccessMask") = 1179817 
ACE2.Properties_.Item("AceFlags") = 3 
ACE2.Properties_.Item("AceType") = 0 
ACE2.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE2) 

End Sub


Function SetAccountTrustee(strDomain, strName)  
     set objTrustee = getObject("Winmgmts:     {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
     set account = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='"    & strDomain &"'")  
     set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
     objTrustee.Domain = strDomain  
     objTrustee.Name = strName  
     objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
     set accountSID = nothing  
     set account = nothing  
     set SetAccountTrustee = objTrustee  
End Function  


Function SetGroupTrustee(strDomain, strName)  
Dim objTrustee 
Dim account 
Dim accountSID 
set objTrustee = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" &    strDomain &"'")  
set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
objTrustee.Domain = strDomain  
objTrustee.Name = strName  
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
set accountSID = nothing  
set account = nothing  
set SetGroupTrustee = objTrustee  
End Function  

Answer 1

我认为您会发现在NTFS级别使用icacls而不是在共享级别使用VBS编写权限脚本更容易，只需在VBScript中分配所有用户的完全访问权限。

您还可能希望了解如何使用powershell创建共享，在这里有一些指南：http://blogs.technet.com/b/heyscriptingguy/archive/2010/09/16/how-to-use-powershell-to-create-shared-folders-in-windows-7.aspx

在未来，我们将能够使用cmdlet :-) http://technet.microsoft.com/en-us/library/jj635726.aspx在powershell中完成这一任务。

Answer 2

Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")  

由于某些原因，我假设您创建额外的函数sharesec2是出于一些奇怪的原因，但这是错误的做法。你基本上是在尝试两次创建这个份额。这没道理。重复这一职能没有任何有效的目的。

你真正需要做的就是重新设计这个功能。例如，您可以更改sharesec的第四个参数，以便它接受一个数组。然后，您需要遍历数组并为共享构建自主访问控制列表(DACL)。每个用户/组有一个访问控制条目(ACE)。

我不打算为您编写代码，因为我讨厌VBS，但是这一节需要遍历这个部分并构建DACL。

' loop over the list of users
    ` create ACE for single user/group
    Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
    'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee  
    Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
    ACE2.Properties_.Item("AccessMask") = 1179817 
    ACE2.Properties_.Item("AceFlags") = 3 
    ACE2.Properties_.Item("AceType") = 0 
    ACE2.Properties_.Item("Trustee") = Trustee
    ` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array

无论如何，我强烈建议您改用Powershell。