wmi - Powershell - Invoke-WmiMethod to create a Sharefolder remotely with full controle permission

Question

I've been using this script to create my users folders but I just find that the remote share folder is created with ReadOnly share.

My question is how can I create the share folder with $domainnamedomain users with full control?

Invoke-WmiMethod -Class win32_share -name Create -ArgumentList `
 @($null,"",100,"hideshare$","",e:usershideshare,0) -computername "DestinationSRV"

I've found many threads with answers but not with the method I use.

Any ideas?

Answer 1

Try:

#Username/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "domainname"
$trustee.Name = "username or groupname"

#Accessmask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785

#Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee

#Securitydescriptor containting access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace
$sd.group = $trustee
$sd.owner = $trustee

$share = Get-WmiObject Win32_Share -List -ComputerName "DestinationSRV"
$share.create("e:usershideshare", "hideshare$", 0, 100, "Description", "", $sd)

The security for this share will only allow the specified username. You need to modify this(add multiple ace's) to add different groups, add everyone etc..

Source for access-part