Tech Off Post

Single Post Permalink

View Thread: Create Shared Folder Using Batch File or VBS
  • User profile image

    Greg M wrote:
    It's sometimes hard to believe that such a long correspondence can be resolved with just four little lines of code:

    Md G:\MyFolder
    Net Share MyShare=G:\MyFolder
    Cacls G:\MyFolder /e /r Everyone
    Cacls G:\MyFolder /e /g Everyone:C

    Your unlikely to need the revoke step.

    I only did it in my example because initially, I was using an existing Share that was created using the Sharing Wizard. But I left it in because I wanted to show that how it can be done, as, let's face it, CACLS is not exactly user friendly, nor unambiguously documented.

    Hell, I often forget to add the /e to the command-line, and just blow away the entire ACL, for all but the specific account supplied.

    Also, at first glance, it's not obvious what the difference is between the /g and /p switches:
    • grant (/g) is suppose to add permissions to any existing ones.
    • replace permission (/p) is suppose to entirely replace any existing permissions with what your suppling on the command-line now.
    But without the /e , apart from blowing away all the permissions from the other accounts, whats the difference between them ? ... my head hurts...

    Anyway, what I've learnt is that if CACLS ever asks 'Are you sure', say no ! ... Wink

    Oh, and to further clarify, the ACLs are 'stored' in the filesystem, not in the Registry. Kind of like the way a file's size and it's access/modification times are stored.

    That's why if you move a Hard Disk between two systems, an Administrator needs to take ownership of files first, before correcting their ACLs - the new system will likely not have the same user accounts setup (user IDs, etc). All good fun...