can't get access to disk share when connecting from a remote syste

Discussion in 'Scripting' started by jong, Jan 1, 2005.

  1. jong

    jong Guest

    I hope that you can help me out. I have adapted some code to create a script
    that will share three drives on a local computer. The script executes OK,
    and the shares ‘seem’ to be setup correctly, but when they are connected ‘to’
    from a remote system I cannot access any folders below them outside of a few
    below the ‘Documents and Settings’. If I vew the share properties on the
    system via explorer they indicate they correct. The only way that I can get
    full access to folders is if I disable & re-enable the “allow network users
    to change my files†checkbox. After doing that the permissions are reset and
    access is fine from the remote system.

    I have tried running the two scripts noted below, but they did not resolve
    the issue either:

    From: Max L. Vaughn ()
    Subject: RE: Add User to sharefolder
    Newsgroups: microsoft.public.platformsdk.adsi
    Date: 2001-11-16 14:01:51 PST
    http://groups.google.com/groups?selm=ejzoroubBHA.253%
    40cppssbbsa01.microsoft.com

    From: [MS] Tim Chen ()
    Subject: Re: Folder Security
    Newsgroups: microsoft.public.win32.programmer.wmi
    Date: 2002-06-13 13:06:05 PST
    http://groups.google.com/groups?selm=3d08f9d7$



    The computer that has this script run on it is part of a workgroup. The
    share is being mounted on the remote computer using the “shared computer’sâ€
    administrator username and password.



    Anyway I will continue to search, but it sure would be nice to get some help…





    '

    strFileName = "sharedrives.vbs"

    strScriptVersion = "1.0"

    '

    ' COMMENT:

    ' This script will share system drives c, d, and v.

    '

    '

    '

    '

    '==========================================================================



    On Error Resume Next

    'dump script name and version info

    WScript.Echo "FileName: " & strFileName &vbCrLf & "Version: " &
    strScriptVersion &vbCrLf



    'define vars

    Dim strComputer

    Dim intTotalErrors

    Dim strShareFolder

    Dim strShareName

    Dim strShareDescription

    Dim objWMIService

    Dim objNewShare

    Const FILE_SHARE = 0

    Const MAXIMUM_CONNECTIONS = 25



    'set strComputer to local computer

    strComputer = "."

    intTotalErrors = 0



    'use GetObject to connect to the WMI cimv2 namespace on the local computer

    Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")



    'create an instace of the win32_share object

    Set objNewShare = objWMIService.Get("Win32_Share")



    'Use the Create method to create the system root share, and trap any errors.
    The create method is passed the following parameter values:

    strShareFolder = "C:\" ' strShareFolder — Local path
    of the folder being shared.

    strShareName = "c" ' strShareName — Network
    name to be assigned to the new share.

    ' FILE_SHARE — Constant
    indicating that the new share is a standard network file share.

    ' MAXIMUM_CONNECTIONS — Constant
    setting the maximum number of simultaneous connections

    ' to the new share to 25.

    strShareDescription = "system root share" ' strShareDescription —
    Description available to users accessing the share through Network
    Neighborhood.





    errReturn = objNewShare.Create (strShareFolder, strShareName, FILE_SHARE,
    MAXIMUM_CONNECTIONS, strShareDescription)

    intTotalErrors = intTotalErrors + errReturn

    If intTotalErrors <> 0 Then

    Wscript.Echo strProcess & " sharedrives FAILED!" & vbCrLf _

    & "Contact Test Engineering before continuing on."

    End If





    'Use the Create method to create the system data share, and trap any errors.
    The create method is passed the following parameter values:

    strShareFolder = "D:\" ' strShareFolder — Local path
    of the folder being shared.

    strShareName = "d" ' strShareName — Network
    name to be assigned to the new share.

    ' FILE_SHARE — Constant
    indicating that the new share is a standard network file share.

    ' MAXIMUM_CONNECTIONS — Constant
    setting the maximum number of simultaneous connections

    ' to the new share to 25.

    strShareDescription = "system data share" ' strShareDescription —
    Description available to users accessing the share through Network
    Neighborhood.





    errReturn = objNewShare.Create (strShareFolder, strShareName, FILE_SHARE,
    MAXIMUM_CONNECTIONS, strShareDescription)

    intTotalErrors = intTotalErrors + errReturn

    If intTotalErrors <> 0 Then

    Wscript.Echo strProcess & " sharedrives FAILED!" & vbCrLf _

    & "Contact Test Engineering before continuing on."

    End If





    'Use the Create method to create the system video share, and trap any
    errors. The create method is passed the following parameter values:

    strShareFolder = "V:\" ' strShareFolder — Local path
    of the folder being shared.

    strShareName = "v" ' strShareName — Network
    name to be assigned to the new share.

    ' FILE_SHARE — Constant
    indicating that the new share is a standard network file share.

    ' MAXIMUM_CONNECTIONS — Constant
    setting the maximum number of simultaneous connections

    ' to the new share to 25.

    strShareDescription = "system video share" ' strShareDescription —
    Description available to users accessing the share through Network
    Neighborhood.





    errReturn = objNewShare.Create (strShareFolder, strShareName, FILE_SHARE,
    MAXIMUM_CONNECTIONS, strShareDescription)

    intTotalErrors = intTotalErrors + errReturn

    If intTotalErrors <> 0 Then

    Wscript.Echo strProcess & " sharedrives FAILED!" & vbCrLf _

    & "Contact Test Engineering before continuing on."

    End If



    WScript.Quit intTotalErrors



    ' Network Share Return Values

    '

    ' Value Description

    ' 0 The operation completed successfully.

    ' 2 The operation could not be completed because access was denied.

    ' 8 The operation could not be completed because of an unknown problem.

    ' 9 The operation could not be completed because an invalid name was
    specified.

    ' 10 The operation could not be completed because an invalid level was
    specified.

    ' 21 The operation could not be completed because an invalid parameter was
    specified.

    ' 22 The operation could not be completed because a share by this name
    already exists.

    ' 23 The operation could not be completed because this is a redirected path.

    ' 24 The operation could not be completed because the specified folder could
    not be found.

    ' 25 The operation could not be completed because the specified server could
    not be found.

    ' Other The operation could not be completed.
     
    jong, Jan 1, 2005
    #1
    1. Advertisements

  2. You seem to be sharing out local drives C:, D:, and V: with sharenames of c,
    d, and v, respectively. These should already be shared out as c$, d$, and
    v$, so it is not clear why you are adding the additional redundant
    sharenames.

    But, aside from that, I think the problem is that you migth be connecting to
    these shares with an account that lacks sufficient privileges to get past
    the NTFS permissions on the folders in question.

    /Al
     
    Al Dunbar [MS-MVP], Jan 1, 2005
    #2
    1. Advertisements

  3. jong

    jong Guest

    Al,

    As I noted in this post I am connecting as the local administrator, but
    still don't get permission to access anything below the folders. I have
    tried to access c$...as you noted, but when I try to connect to these shares
    I always get an access denied error, so I cannot get the shares to mount on
    the remote system. I never had that problem till we rolled to windows XP.
    At any rate I am always mounting using the administrator user/pass. I have
    even tried using the <remoteSystemName> with the administrator username but
    that has not helped. Example:

    net use x: \\<remoteSystem>\c$ <remoteSystemPassword>
    /user:<remoteSystemName>\administrator

    Anymore ideas? Any ideas why the c$, d$, or v$ administrative shares are
    being blocked?

     
    jong, Jan 4, 2005
    #3
  4. I also just noticed that you mention the computer as belonging to a
    workgroup, a networking environment I have little experience with...
    The administrator account on one system will not automatically have access
    to folders on another just because it is an administrator account elsewhere.
    When logged on at computer AAAA and attempting to map to shares on computer
    BBBB, which administrator account do you provide the credentials for, the
    one on AAAA or the one on BBBB?
    Assuming that "remoteSystemName" is the name of the system whose shares you
    want to map, you might want to place the password *after* the /user
    parameter.
    I believe that, by default, these admin shares are not available to all
    users.

    /Al
     
    Al Dunbar [MS-MVP], Jan 5, 2005
    #4
  5. jong

    jong Guest

    Hi Al,

    I will keep my responses up here in order to keep things readable &
    collected.

    When I am connecting to the shares created by the script I always connect
    with the admin username and password of the system that the shares are on;
    not the admin account of the local system.

    as for your comment about placement of the password in the net use cmd below
    I cannot do that as the syntax would then be incorrect, and the cmd would
    fail to execute.

    for the c$, d$, v$ administrative shares do you have any reason as to why I
    cannot mount these using that system's admin username and password? As I
    said before I never had a problem with this until I moved my systems to winXP.

    a new question that I have is 'should' my original script provide read/write
    access to the shares by default when I connect with the FILE_SHARE constant
    set to zero (0).

    I assume that this would be true since the 'allow network users to change my
    files' checkbox is checked after I run the script. As I said in my original
    message everthing will work as expected if I 'toggle' this checkbox after the
    script has been run (un-check it, and then re-check it) since it forces the
    permissions to be reset. To me this seems to be the key to the whole
    issue...it is like this permission doesn't get propigated to all of the
    folders & files below each of the drives. Can anybody comment on this?

    Is there another 'MVP' that can help with this since you admit to not having
    much experience with this? Nothing personal, and I thank you for the help so
    far, but I really need to get some understanding here.





     
    jong, Jan 5, 2005
    #5
  6. jong

    jong Guest

    OK, since my script below just sets the permissions for mounting the share,
    and not the files within, or below the shared drive, can you, or someone help
    me put together a script that will set the permissions for all files on that
    share? I need to be able to read/write the files below that share when it is
    mapped to a drive letter 'from' another.

    Maybe an easier script is one that will mount the C$ administrative share on
    a remote machine to a local drive letter?

    Anyway help if you can...

     
    jong, Jan 7, 2005
    #6
  7. share,

    Although I do not know offhand what the various values of FILE_SHARE mean or
    what that particular parameter means to the .create method, I suspect that
    the "permissions" being assigned are simply defaulting to some setting,
    likely full access to everyone, which, as I said earlier, makes the most
    sense.
    Do you need a script, or do you just need to set the permissions on the
    underlying NTFS files and folders as required for the use you have in mind?
    If you feel you need to script it, then the simplest way (IMHO) would be to
    use CACLS.EXE. Setting up NTFS permissions at a lower level from within
    script using ADsSecurity.dll is not for the faint of heart.
    Then set the NTFS permissions such that those accounts that need this access
    to the files located there have it.
    That should work assuming your account has the access required to map to
    admin shares. But you still need to have the NTFS permissions setup to allow
    for the access you require.


    /Al

     
    Al Dunbar [MS-MVP], Jan 7, 2005
    #7
  8. jong

    jong Guest

    this is for use in a mfg line environment where systems running XP roll down
    an assembly line. The systems are DUTs (device under test). The XP image is
    restored from a 'golden drive' drive image that I don't control. When the
    systems are powered up for the first time I want to run a script that will
    change the system name to a pre-defined 'bench' name, and create a 'share'
    for each of the drives within the system (c: d: and v:). After rebooting and
    logging in the system is then 'tested' by a test system. Part of this test
    system is a PC that needs to read and write files on the 'DUT'.

    Everything in the scripts work except the file permissions below the shares
    on the DUT, which got me to this usergroup. I can have my technicians setup
    the shares on the DUTs manually, after they run my rename script, but I would
    rather not have to rely on that many more 'manual' steps.

    I hope that sheds more light on my situation. If it were just setting
    permissions on a server I would never have gone down this path.

    at any rate the script that I included in this original post 'seemed' to set
    everything correctly if I was to go off of the GUI that is displayed from
    explorer when you right-click a drive, and view the security & sharing...the
    'let network users change my files' checkbox is checked....but as you know
    this really is not the case. However if I un-check and then re-check this
    the file permissions are then 'reset' (or perhaps set for the first time) and
    everything works fine. I still think that this is the key to this whole
    thing.

    I know that I am not the first person to do this type of thing, so there
    must be something that I am missing.

    anyway, do you have any ideas as to where I can look further, or where I
    might ask someone else?

    Please let me know, and thanks again for your help.


     
    jong, Jan 7, 2005
    #8
  9. Yes, that does help us understand your needs a little better.

    If it is just a matter of applying some set of permissions to some folders
    (which folders - all folders on each drive?) then this could either be done
    by running CACLS.EXE as I mentioned in my last reply, or by adding the
    account being used to the local administrators group on the DUT.
    I still do not see such a checkbox - are you running XP home or XP Pro?
    Type the following two commands for info on how to set file and folder
    permissions and manage shares from the command line:

    CACLS /?
    NET SHARE /?
    You are welcome.

    /Al
     
    Al Dunbar [MS-MVP], Jan 8, 2005
    #9
  10. jong

    jong Guest

    we are running XP pro on these systems; i am surprised that you cannot see
    the checkbox that I mentioned under security & sharing. However on my laptop
    I which is also running XPpro the sharing tab looks like the win2k
    GUI..differnt from these other systems....I don't understand that...any
    comment there.

    funny that you noted net share.... this is what I used to use from a .bat
    file for doing this before. The origianl script attached here was my attepmt
    to replace the .bat file with something that had better 'error trapping'. I
    guess that I will just call net share from my other script and call it good
    enough!

    The whole time I was writing this in vbscript I kept telling myself that MS
    should have inlcuded a simple method that worked just like net share....

    Anyway if you ever learn anythign more on this let me know.


    --Peace out Bro.


     
    jong, Jan 8, 2005
    #10
  11. What I see is a "Permissions" button to the left of which is the following
    text: "To set permissions for users who access this folder over the network,
    click Permissions."
    How things look on any windows system often depends on configuration
    settings made for other reasons.
    In your environment, I would think that something that works consistently in
    a mixed mode (vbscript plus batch) would be superior to a vbscript-only
    version that you were having trouble getting to work fully.
    vbscript itself has no knowledge whatsoever of the file system, let alone
    shares. To modify the environment one must resort to whatever COM objects
    may be available, or shell out to command-prompt based utilities or batch
    files. Yes, it would be nice if all such operations were doable in a
    consistent manner. But hoping for that level of consistency is only going to
    delay getting any real solutions to problems such as yours.


    /Al
     
    Al Dunbar [MS-MVP], Jan 8, 2005
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.