I’m working on writing a PowerShell script that will setup a folder structure on the c drive and then turn those folders into shares.
When using the New-SmbShare cmdlet I’m getting a 1332 or a 50 error.
With the Domain I get a 1332 Error
New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFiles" -ContinuouslyAvailable $true -ReadAccess "domainAuthenticated Users"
New-SmbShare : No mapping between account names and security IDs was done.
At line:1 char:1
+ New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFile ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
+ FullyQualifiedErrorId : Windows System Error 1332,New-SmbShare
If I remove the domain I get the 50 Error.
New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFiles" -ContinuouslyAvailable $true -ReadAccess "Authenticated Users"
New-SmbShare : The request is not supported.
At line:1 char:1
+ New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFile ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
+ FullyQualifiedErrorId : Windows System Error 50,New-SmbShare
I’m able to create the Share if I remove -ContinuouslyAvailable and -ReadAccess, but I want to be able to assign the users or security groups permissions from the script.
What do I need to change in order to setup an smb share and assign users or security groups using PowerShell?
Я работаю над написанием сценария PowerShell, который настроит структуру папок на диске c, а затем превратит эти папки в общие.
При использовании командлета New-SmbShare я получаю ошибку 1332 или 50.
С доменом я получаю ошибку 1332
New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFiles" -ContinuouslyAvailable $true -ReadAccess "domainAuthenticated Users"
New-SmbShare : No mapping between account names and security IDs was done.
At line:1 char:1
+ New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFile ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
+ FullyQualifiedErrorId : Windows System Error 1332,New-SmbShare
Если я удалю домен, я получаю ошибку 50.
New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFiles" -ContinuouslyAvailable $true -ReadAccess "Authenticated Users"
New-SmbShare : The request is not supported.
At line:1 char:1
+ New-SmbShare -Name "InstallerFiles" -Path "C:SoftwareDistributionInstallerFile ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
+ FullyQualifiedErrorId : Windows System Error 50,New-SmbShare
Я могу создать общий ресурс, если удалю -ContinuouslyAvailable и -ReadAccess, но я хочу иметь возможность назначать пользователям или группам безопасности разрешения из сценария.
Что мне нужно изменить, чтобы настроить общий ресурс smb и назначить пользователей или группы безопасности с помощью PowerShell?
1 ответ
Лучший ответ
- Remove From My Forums
-
Вопрос
-
Hello,
I am using NET SHARE to create file shares on a W1K12R2 server and getting the subject message with a component of the command. Command goes like this:
NET SHARE Engineering=E:DataEngineering /GRANT:»DOMAINGroupName with one space,CHANGE» /GRANT:»DOMAINGroupName with two spaces,READ» /GRANT:HOSTNAMEAdministrators,FULL
My issue is that the command works fine if I do not put in the /GRANT:»DOMAINGroupName with two spaces,READ» parameter. With it I get:
System error 1332 has occurred.
No mapping between account names and security IDs was done.My head is highly scratched. Using Power Shell and New-SMBShare gives the same result.
-
Изменено
29 декабря 2016 г. 21:17
-
Изменено
Ответы
-
Happy New Year!
Anyway, event logs are clean and I have solved my problem. While adding via GUI to determine if anything was different, I noticed that the GUI showed me the following for the group in question:
Group Name Read (DomainGroup Name Read Only), i.e., the SAM Account Name. For groups, I did not expect to find a difference between the common name and the SAM Account Name. Why the Powers That Be did that, is beyond me.
I expect it for human names, but not for groups.I have answered my own question. Darn!
-
Помечено в качестве ответа
Ward Galanis
3 января 2017 г. 18:49
-
Помечено в качестве ответа
I am using xSMBSHARE via dsc resource in chef recipe and able to enable share for local users but not able to share folder for any AD user/computer.
Below code i am trying :
Chef Recipe :
dsc_resource ‘enable_file_share’ do
resource :xSmbShare
property :name, ‘QUORUM’
property :Path, ‘D:QUORUM’
property :FullAccess, [‘domain_namedomain_Computer’]
property :Description, «description goes here for this share»
property :PsDscRunAsCredential, ps_credential(‘domain_namedomain_user’, ‘XXXX’)
end
After i ran chef recipe on Target Server, got the below error:
Running handlers:
[2017-11-07T10:05:08+00:00] ERROR: Running exception handlers
Running handlers complete
[2017-11-07T10:05:08+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 12 seconds
[2017-11-07T10:05:08+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
[2017-11-07T10:05:08+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-11-07T10:05:08+00:00] FATAL: Chef::Exceptions::PowershellCmdletException: dsc_resource[enable_file_share] (dsc_coo
kbook::enable_file_share line 12) had an error: Chef::Exceptions::PowershellCmdletException: Powershell Cmdlet failed: N
o mapping between account names and security IDs was done.
+ CategoryInfo : NotSpecified: (MSFT_SMBShare:) [], CimException
+ FullyQualifiedErrorId : Windows System Error 1332,New-SmbShare
+ PSComputerName : localhost
The PowerShell DSC resource ‘[xSmbShare]DirectResourceAccess’ with SourceInfo » threw one or more non-terminating
errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
+ CategoryInfo : InvalidOperation: (root/Microsoft/…gurationManager:String) [], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider
+ PSComputerName : localhost
Please Help!
You could manage file shares through PowerShell, but before PowerShell 3, it was not the most intuitive process. PowerShell 3 on Windows 8/Windows Server 2012 and higher introduced the SmbShare module. This module contains several commands that make managing file shares in Windows less of a headache.
Contents
- Listing current file shares
- Creating a new file share
- Modifying share properties
- Granting file share permissions
- Removing file share permissions
- Denying permissions to a file share
- Removing a file share
- Author
- Recent Posts
Matt McElreath is a DevOps Engineer concentrating on automating cloud infrastructure, Infrastructure as Code (IaC), Terraform and Terraform Cloud, Azure and more. You can follow Matt on Twitter at @mmcelreath.
Creating and managing file shares through the GUI in Windows is something most administrators should be familiar with. It’s a pretty straightforward process. However, things can get out of hand pretty fast when you need to manage multiple shares across multiple computers. With PowerShell, you can easily automate the task.
SmbShare commands available in PowerShell
Listing current file shares
Let’s get started by listing the currently configured shares with Get-SmbShare.
List of shares on the current machine
I haven’t created any file shares on this computer yet, so the command returns a list of the default shares Windows created by default. This will also return any configured hidden shares.
To target a specific share, we can use the -Name parameter to specify the name of the share we want to return and then pipe it to Select to view all the properties for that share.
Get-SmbShare -Name C$ | select *
Get all the properties for the C$ share
Creating a new file share
Now let’s go ahead and create a new file share. Here are the details I’m going to use for my new share:
Name: Logs
Path: C:SharesLogs
Description: Log Files
You’ll need to make sure the folder path exists prior to running this command.
New-SmbShare -Name Logs -Description "Log Files" -Path C:SharesLogs
Create a new share for log files
Modifying share properties
Using the Set-SmbShare command, we can modify the properties of an existing share. Let’s go ahead and modify the description property to specify the type of log files in this folder.
Set-SmbShare -Name Logs -Description "Application Log Files" -Force
Modifying share properties with Set SmbShare
If you tab complete through the parameters of Set-SmbShare, you can see the other share properties you can modify with this command.
Granting file share permissions
After creating the share, we can view the permissions associated with it by running Get-SmbShareAccess.
Getting the share permissions of the Logs share
As you can see, creating the share gave the Everyone group Read access to the share. We should probably go ahead and change that to lock down the permissions so that only the users who need access to this share will have permissions.
To do this, we can use Grant-SmbShareAccess to specify the users or groups we wish to have access to the share as well as what level of access they will have. Let’s start with adding an Active Directory group I have created for users who will have Read access to the Logs share called corpLogViewers. Note that you can use tab completion on the -AccessRight parameter. The possible values for this parameter are Change, Custom, Full, and Read. For this, I’m going to select Read.
Grant-SmbShareAccess -Name Logs -AccountName corpLogViewers -AccessRight Read
Granting Read permissions to the Logs share
If you omit the -Force parameter, it will prompt you to confirm this action. If you would like to suppress this prompt, simply include the -Force parameter.
Now that the corpLogViewers group has Read access, I want to add another group called corpLogAdmins, which is going to have Change rights to the share.
Grant-SmbShareAccess -Name Logs -AccountName corpLogAdmins -AccessRight Change -Force
Granting Read permissions to the Logs share
Removing file share permissions
Now that the correct groups have permissions to the file share, let’s remove the Everyone group. For removing a permission for a file share, we are going to use the Revoke-SmbShareAccess command. This will remove the permissions for the group we specify with the -AccountName parameter.
Revoke-SmbShareAccess -Name Logs -AccountName Everyone -Force
Removing the Everyone group from the file share permissions
Denying permissions to a file share
You may need to deny specific users or groups from having access to a file share for security reasons. Any Deny permissions will supersede any Allow permissions. So even if users possess Read or Change permissions to the share, if you specifically deny them permission to that share, or if they are in a denied group, they will not be able to access that share.
To deny access for a user or group to the file share, we are going to use the Block-SmbShareAccess command. In this case, I am going to deny the group corpAppUsers.
Block-SmbShareAccess -Name Logs -AccountName corpAppUsers -Force
Denying access to the Logs file share
The output shows the addition of the corpAppUsers group with an AccessControlType of Deny.
Running UnBlock-SMBShareAccess will remove the Deny permission for the user or group specified.
UnBlock-SmbShareAccess -Name Logs -AccountName corpAppUsers -Force
Unblock a user or group’s access on a file share
Removing a file share
If you no longer have a need for a particular file share, we can use the Remove-SmbShare command. This will turn off sharing for that particular folder but will not delete the folder or any of its contents.
Subscribe to 4sysops newsletter!
Remove-SmbShare -Name Logs -Force
Removing the Logs file share with Remove SmbShare
Непосильная для меня задача с, казалось бы, очевидными решениями в интернете. Нашел несколько способов, но все они нерабочие.
1. net share foldername =folderPath Папка появляется в сети и отображается на втором пк, но зайти в неё нельзя. В свойствах папки общий доступ не отображается включенным.
2. net share foldername=folderPath /GRANT: username,Full. Должна как раз таки выдать доступ пользователю. Где мне взять username, если пользователь на другом компьютере и может меняться? Втупую вписать имя со второго пк приводит к ошибке 1332.
3. icacls folderPath /grant *S-1-1-0: (F). Нагуглил, что *S-1-1-0 — это пользователь из группы ВСЕ, команда успешно выполняется, но доступ к папке не появляется.
4. В Powershell пробовал: New-SMBShare -Name folder -Path folderName -FullAccess «User». И опять таки user, что туда писать непонятно.
Локальная сеть налажена путём vpn-тоннеля в hamachi. Работает исправно.
Видел похожие темы, но всё немного не то.
__________________
Помощь в написании контрольных, курсовых и дипломных работ, диссертаций здесь