Created
January 16, 2019 16:33
-
-
Save Santaro255/ee05f185f8a34b194297b91abdfb3ca2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define scan account | |
$domain = "DOMAIN" | |
$name = "NAME" | |
$scandef = "DOMAIN\NAME" | |
#get username | |
$getusername = (Get-WmiObject -Class Win32_ComputerSystem).Username | |
function scanacl() { | |
#set full access for scan | |
$access=New-Object System.Security.AccessControl.FileSystemAccessRule ("$scandef","FullControl","ContainerInherit,ObjectInherit","None","Allow") | |
$ACL = Get-Acl -Path C:\Scan | |
$ACL.SetAccessRule($access) | |
Set-Acl -Path C:\Scan -AclObject $ACL | |
Write-Host "Scan account full access granted." -BackgroundColor DarkGreen } | |
function useracl() { | |
#set full access for user | |
$access=New-Object System.Security.AccessControl.FileSystemAccessRule ("$getusername","FullControl","ContainerInherit,ObjectInherit","None","Allow") | |
$ACL = Get-Acl -Path C:\Scan | |
$ACL.SetAccessRule($access) | |
Set-Acl -Path C:\Scan -AclObject $ACL | |
Write-Host "User account($getusername) full access granted." -BackgroundColor DarkGreen } | |
function smbscan() { | |
Grant-SmbShareAccess -Name Scan -AccountName $scandef -AccessRight Full -Force | Out-Null } | |
function smbuser() { | |
Grant-SmbShareAccess -Name Scan -AccountName "$getusername" -AccessRight Full -Force | Out-Null } | |
#main code | |
Write-Host "`nFolder part:`n" | |
#Folder part | |
switch (Test-Path -Path C:\Scan) { | |
#scan folder exist | |
True { Write-Host "Scan folder already exist." -BackgroundColor DarkGreen | |
#False - exist, True - not | |
#for scan | |
switch (!((Get-Acl -Path C:\Scan).Access | Where-Object {$_.IdentityReference -eq $scandef})) { | |
#if scan account not exist | |
#set full access for scan | |
True { Write-Host "Scan account doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
scanacl } | |
#if scan account exist | |
#test access | |
False { if (!((Get-Acl -Path C:\Scan).Access | Where-Object {$_.IdentityReference -eq $scandef -and $_.FileSystemRights -eq "FullControl"})) { | |
#set full access for scan | |
Write-Host "Scan account already exist but doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
scanacl } | |
#scan account exist & have proper rights | |
else {Write-Host "Scan account has full access to folder." -BackgroundColor DarkGreen } } } | |
#False - exist, True - not | |
#for user | |
switch (!((Get-Acl -Path C:\Scan).Access | Where-Object {$_.IdentityReference -eq "$getusername"})) { | |
#if user account not exist | |
True { #set full access for user | |
Write-Host "User account($getusername) doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
useracl } | |
#if scan account exist | |
#test access | |
False { if (!((Get-Acl -Path C:\Scan).Access | Where-Object {$_.IdentityReference -eq "$getusername" -and $_.FileSystemRights -eq "FullControl"})) { | |
#set full access for user | |
Write-Host "User account($getusername) already exist but doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
useracl } | |
#user account exist & have proper rights | |
else {Write-Host "User account($getusername) has full access to folder." -BackgroundColor DarkGreen } } } | |
} | |
#scan folder no exist | |
#create folder | |
False { New-Item -Type Directory -Path C:\Scan | Out-Null | |
Write-Host "Scan folder created." -BackgroundColor DarkGreen | |
#set full access for scan | |
scanacl | |
#set full access for user | |
useracl | |
} | |
} | |
#SMBShare Part | |
Write-Host "`nSMBShare part:`n" | |
function Win10() { | |
#False - exist, True - not | |
switch (!(Get-SmbShare -Name Scan -ErrorAction SilentlyContinue)) { | |
#if share not exist create with proper rights | |
True { Write-Host "Shared scan folder doesn't exist. Working..." -BackgroundColor DarkRed | |
New-SmbShare -Name Scan -Path C:\Scan -Description "Scan folder" -FullAccess $scandef, $getusername | Out-Null | |
Write-Host "Shared scan folder created and full access granted." -BackgroundColor DarkGreen } | |
#if share exist | |
False { Write-Host "Shared folder Scan already exist." -BackgroundColor DarkGreen | |
#False - exist, True - not | |
#for scan | |
switch (!(Get-SmbShareAccess -Name Scan | where {$_.AccountName -eq $scandef})) { | |
#if scan not exist create and grant access | |
True { Write-Host "Scan account doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
smbscan | |
Write-Host "Scan account created and access granted." -BackgroundColor DarkGreen } | |
#if scan exist check rights | |
False { if (!(Get-SmbShareAccess -Name Scan | where {$_.AccessRight -ne "Full"})) {Write-Host "Scan account has full access." -BackgroundColor DarkGreen} | |
#if scan exist and not fullcontroll grant fullcontrol | |
else { Write-Host "Scan account doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
smbscan | |
Write-Host "Scan account exist & full access for Scan account granted." -BackgroundColor DarkGreen } } } | |
#False - exist, True - not | |
#for user | |
switch (!(Get-SmbShareAccess -Name Scan | where {$_.AccountName -eq "$getusername"})) { | |
#if user not exist create and grant access | |
True { Write-Host "Scan account doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
smbuser | |
Write-Host "User account($getusername) created and access granted." -BackgroundColor DarkGreen } | |
#if user exist check rights | |
False { if (!(Get-SmbShareAccess -Name Scan | where {$_.AccessRight -ne "Full"})) {Write-Host "User account($getusername) has full access." -BackgroundColor DarkGreen} | |
#if user exist and not fullcontroll grant fullcontrol | |
else { Write-Host "User account($getusername) doesn't have proper rights. Working..." -BackgroundColor DarkRed | |
smbuser | |
Write-Host "User account($getusername) exist & full access for user account granted." -BackgroundColor DarkGreen } } } | |
} | |
} | |
} | |
function Win7() { | |
#Win7 | |
#$shares=[WMICLASS]”WIN32_Share” | |
function smbwin7() { | |
#Username/Group to give permissions to | |
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance() | |
$trustee.Domain = "$domain" | |
$trustee.Name = "$name" | |
#Accessmask values | |
$fullcontrol = 2032127 | |
$change = 1245631 | |
$read = 1179785 | |
#Create access-list | |
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance() | |
$ace.AccessMask = $fullcontrol | |
$ace.AceFlags = 3 | |
$ace.AceType = 0 | |
$ace.Trustee = $trustee | |
#Securitydescriptor containting access | |
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance() | |
$sd.ControlFlags = 4 | |
$sd.DACL = $ace | |
$sd.group = $trustee | |
$sd.owner = $trustee | |
$share = Get-WmiObject Win32_Share -List -ComputerName "localhost" | |
$share.create("C:\Scan", "Scan", 0, $null, "Scan folder", $null, $sd) | Out-Null } | |
#False - exist, True - not | |
switch (!(Get-WmiObject Win32_Share -Filter "Name='Scan'")) { | |
#if scan not exis | |
True { smbwin7 | |
Write-Host "Scan share created.(7)" -BackgroundColor DarkYellow } | |
#if scan exist | |
False { (Get-WmiObject Win32_Share -Filter "Name='Scan'").Delete() | Out-Null | |
smbwin7 | |
Write-Host "Scan share created.(d7)" -BackgroundColor DarkYellow } } | |
} | |
switch (Get-WmiObject -Class Win32_OperatingSystem) { | |
{$_.Name -like "*Windows 10*"} { Win10 } | |
{$_.Name -like "*Windows 7*"} { Win7 } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment