Comments

  • How to stop sharing drive with users
    Here is a Powershell script you can use at system start up, and run every few hours. I have a start delay of 1 minute to give time for Cloudberry Drive to load, and mapped the Amazon S3 with driver letter.

    Use Windows Task Scheduler, configured do Run whether user is logged on or not

    This Powershell script will remove the EVERYONE permissions from the network shares, and add other users permissions such as DOMAIN ADMINS, user1, user2, etc.

    This works on just one or multiple shares. NOTE, this will not run a Windows Server 2008, R2, you will need a later OS, on where Powershell supports

    USe this in Powershell to see current permissions on the Cloudberry Shared folder(s)
    Get-SmbShareAccess "Share-Name-1","Share-Name-2","Share-Name-3"
    ////////////////////////////////////////////
    # 2023-12-22 Scheduled Task, changes folder share permissions
    # on Amazon S3 Cloud shared folders

    # note from William, need to run
    # Set-ExecutionPolicy RemoteSigned
    # Task Scheduler put in program/script: powershell.exe And in arguments -Command "<path to .ps1 script>"
    # Run under account "Administrators" and Must select "Run with highest privileges"


    Get-SmbShareAccess "Cloud Admins", "Cloud Users Desktops", "Cloud Admins 2023 and Before"

    # Adds domain admin full access to all shares
    Grant-SmbShareAccess -Name "Share-1" -AccountName "va\Domain Admins" -AccessRight Full -Force
    Grant-SmbShareAccess -Name "Share-2" -AccountName "va\Domain Admins" -AccessRight Full -Force
    Grant-SmbShareAccess -Name "Share-3" -AccountName "va\Domain Admins" -AccessRight Full -Force

    # Set permissions for each users
    $list_remove="Everyone","user-1”,"user-2","users-3"
    $list_add="user-1”,"user-2","users-3"

    # Remove EVERYONE, and userslist variable
    Revoke-SmbShareAccess -Name "Share-1" -AccountName $list_remove -Force
    Revoke-SmbShareAccess -Name "Share-2" -AccountName $list_remove -Force
    Revoke-SmbShareAccess -Name "Share-3" -AccountName "Everyone" -Force

    # Adds users-list permissions
    Grant-SmbShareAccess -Name "Share-1" -AccountName $list_add -AccessRight Read -Force
    Grant-SmbShareAccess -Name "Share-2" -AccountName $list_add -AccessRight Read -Force
Home » William Baumbach

William Baumbach

Start FollowingSend a Message