martin77s · February 15, 2018 08:37
diff --git a/Add-ShareAccess.ps1 b/Add-ShareAccess.ps1
 function Add-ShareAccess {
    param(
        [string] $ComputerName = $env:COMPUTERNAME,
        [string] $ShareName = 'Temp',
        [string] $AccountName = 'Domain Users',
        [ValidateSet('FullControl', 'Change','Read')] $AccessPermissions = 'Read'
    )

    # Convert the AccessPermissions
    $accessFlags = @{
        FullControl = 2032127
        Change = 1245631
        Read = 1179817
    }; $access = $accessFlags[$AccessPermissions]

    # Extract Domain and User account
    $Domain, $Identity = if($AccountName -match '\\') {
        $AccountName -split '\\'
    } else {
        $env:USERDOMAIN, $AccountName
    }

    # Build the Security Descriptor and Trustee objects
    $sd = ([wmiclass] "\\$ComputerName\root\cimv2:Win32_SecurityDescriptor").CreateInstance()
    $trustee = ([wmiclass] "\\$ComputerName\root\cimv2:Win32_Trustee").CreateInstance()
    $trustee.Name = $Identity
    $trustee.Domain = $Domain

    # Build the Access Control Entry object
    $ace = ([wmiclass] "\\$ComputerName\root\cimv2:Win32_ACE").CreateInstance()
    $ace.AccessMask = $access
    $ace.AceFlags = 3 
    $ace.AceType = 0 # 0 Allow, 1 = Deny
    $ace.Trustee = $trustee 

    # Get the current permissions on the share
    $current = Get-WmiObject -ComputerName $computerName -Class Win32_LogicalShareSecuritySetting -Filter "Name='$ShareName'"
    [System.Management.ManagementBaseObject[]]$newACE = $current.GetSecurityDescriptor().Descriptor.DACL

    # Add the access control entry to the list
    [array]::Resize([ref]$newACE, $newACE.Count + 1)
    $newACE[$newACE.Count-1] = $ace
    $sd.DACL = $newACE

    # Set the permissions on the share
    $mc = Get-WmiObject -ComputerName $computerName -Class Win32_Share -Filter "Name='$ShareName'"
    $ret = $mc.SetShareInfo($null, $mc.Description, $sd)

    # Determine the return value from the WMI method
    Switch ($ret.ReturnValue){
        0  { Write-Verbose 'Share updated successfully'; break }
        2  { Write-Error 'Access denied (2)'; break }
        8  { Write-Error 'Unknown failure (8)'; break }
        9  { Write-Error 'Invalid name (9)'; break }
        10 { Write-Error 'Invalid level (10)'; break }
        21 { Write-Error 'Invalid parameter (21)'; break }
        22 { Write-Error 'Duplicate share (22)'; break }
        23 { Write-Error 'Redirected path (23)'; break }
        24 { Write-Error 'Unknown device or directory (24)'; break }
        25 { Write-Error 'Net name not found (25)'; break }
        default { Write-Error 'Other Error (26–4294967295)' }
    }
 }
	function Add-ShareAccess {
	param(
	[string] $ComputerName = $env:COMPUTERNAME,
	[string] $ShareName = 'Temp',
	[string] $AccountName = 'Domain Users',
	[ValidateSet('FullControl', 'Change','Read')] $AccessPermissions = 'Read'
	)

	# Convert the AccessPermissions
	$accessFlags = @{
	FullControl = 2032127
	Change = 1245631
	Read = 1179817
	}; $access = $accessFlags[$AccessPermissions]

	# Extract Domain and User account
	$Domain, $Identity = if($AccountName -match '\\') {
	$AccountName -split '\\'
	} else {
	$env:USERDOMAIN, $AccountName
	}

	# Build the Security Descriptor and Trustee objects
	$sd = ([wmiclass] "\\$ComputerName\root\cimv2:Win32_SecurityDescriptor").CreateInstance()
	$trustee = ([wmiclass] "\\$ComputerName\root\cimv2:Win32_Trustee").CreateInstance()
	$trustee.Name = $Identity
	$trustee.Domain = $Domain

	# Build the Access Control Entry object
	$ace = ([wmiclass] "\\$ComputerName\root\cimv2:Win32_ACE").CreateInstance()
	$ace.AccessMask = $access
	$ace.AceFlags = 3
	$ace.AceType = 0 # 0 Allow, 1 = Deny
	$ace.Trustee = $trustee

	# Get the current permissions on the share
	$current = Get-WmiObject -ComputerName $computerName -Class Win32_LogicalShareSecuritySetting -Filter "Name='$ShareName'"
	[System.Management.ManagementBaseObject[]]$newACE = $current.GetSecurityDescriptor().Descriptor.DACL

	# Add the access control entry to the list
	[array]::Resize([ref]$newACE, $newACE.Count + 1)
	$newACE[$newACE.Count-1] = $ace
	$sd.DACL = $newACE

	# Set the permissions on the share
	$mc = Get-WmiObject -ComputerName $computerName -Class Win32_Share -Filter "Name='$ShareName'"
	$ret = $mc.SetShareInfo($null, $mc.Description, $sd)

	# Determine the return value from the WMI method
	Switch ($ret.ReturnValue){
	0 { Write-Verbose 'Share updated successfully'; break }
	2 { Write-Error 'Access denied (2)'; break }
	8 { Write-Error 'Unknown failure (8)'; break }
	9 { Write-Error 'Invalid name (9)'; break }
	10 { Write-Error 'Invalid level (10)'; break }
	21 { Write-Error 'Invalid parameter (21)'; break }
	22 { Write-Error 'Duplicate share (22)'; break }
	23 { Write-Error 'Redirected path (23)'; break }
	24 { Write-Error 'Unknown device or directory (24)'; break }
	25 { Write-Error 'Net name not found (25)'; break }
	default { Write-Error 'Other Error (26–4294967295)' }
	}
	}