techdecline · August 31, 2020 07:00
diff --git a/New-SmbShare.ps1 b/New-SmbShare.ps1
 [CmdletBinding()]
 param (
    # Path to share
    [Parameter(Mandatory=$True)]
    [string]
    $FilePath,

    # Log File Path
    [Parameter(Mandatory=$false)]
    [ValidateScript({Test-Path $_  })]
    [string]
    $LogFilePath = $env:TEMP
 )

 function Add-NewACE
 {
 	# Add ACL to File System Object
 	param (
 		[System.IO.DirectoryInfo]$DirectoryItem,
 		[String]$User,
 		[System.Security.AccessControl.FileSystemRights]$AccessRule
 	)

 	$aclObj = Get-Acl $DirectoryItem
 	$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($User,$AccessRule,'ContainerInherit,ObjectInherit','None', "Allow")
 	$aclObj.AddAccessRule($userpermissions) | Out-Null
 	Set-Acl $DirectoryItem $aclObj
 }

 Import-Module LogStream
 Import-Module ActiveDirectory

 $logFile = Join-Path -Path $LogFilePath -ChildPath "New-Share_$(get-date -f yyyyMMdd).log"

 Start-Log -LogFilePath $logFile |Out-Null

 try {
    Write-VerboseLog -LogFilePath $logFile -Message "Creating Directory: $FilePath"
    $folder = New-Item -Path $FilePath -ItemType Directory
 }
 catch {
    Write-ErrorLog "Could not create directory: $($error[0].Exception.Message)"
    Stop-Log -LogFilePath $logFile
    return $null
 }

 try {
    Write-VerboseLog -LogFilePath $logFile -Message "Creating SMB share on $FilePath"
    $smbShare = New-SmbShare -Path $FilePath -Name $folder.Name -FullAccess "Everyone"
 }
 catch {
    Write-ErrorLog "Could not create SMB File Share: $($error[0].Exception.Message)"
    Stop-Log -LogFilePath $logFile
    return $null
 }

 try {
    $readGroup = New-ADGroup -name "ACL_Read_$($folder.Name)" -PassThru -GroupCategory Security -GroupScope DomainLocal
    $writeGroup = New-ADGroup -name "ACL_Write_$($folder.Name)" -PassThru -GroupCategory Security -GroupScope DomainLocal
 }
 catch {
    Write-ErrorLog "Could not create user groups: $($error[0].Exception.Message)"
    Stop-Log -LogFilePath $logFile
    return $null
 }

 try {
    Write-VerboseLog -LogFilePath $logFile -Message "Adding Read Group on File Share: $($ReadGroup.SamAccountName)"
    Add-NewACE -DirectoryItem $folder -User $readGroup.SamAccountName -AccessRule "Read"
 }
 catch {
    Write-ErrorLog "Could not add Read ACE for group: $($error[0].Exception.Message)"
    Stop-Log -LogFilePath $logFile
    return $null
 }

 try {
    Write-VerboseLog -LogFilePath $logFile -Message "Adding Write Group on File Share: $($WriteGroup.SamAccountName)"
    Add-NewACE -DirectoryItem $folder -User $WriteGroup.SamAccountName -AccessRule "Modify"
 }
 catch {
    Write-ErrorLog "Could not add Write ACE for group: $($error[0].Exception.Message)"
    Stop-Log -LogFilePath $logFile
    return $null
 }

 Stop-Log -LogFilePath $logFile | Out-Null
	[CmdletBinding()]
	param (
	# Path to share
	[Parameter(Mandatory=$True)]
	[string]
	$FilePath,

	# Log File Path
	[Parameter(Mandatory=$false)]
	[ValidateScript({Test-Path $_ })]
	[string]
	$LogFilePath = $env:TEMP
	)

	function Add-NewACE
	{
	# Add ACL to File System Object
	param (
	[System.IO.DirectoryInfo]$DirectoryItem,
	[String]$User,
	[System.Security.AccessControl.FileSystemRights]$AccessRule
	)

	$aclObj = Get-Acl $DirectoryItem
	$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($User,$AccessRule,'ContainerInherit,ObjectInherit','None', "Allow")
	$aclObj.AddAccessRule($userpermissions) \| Out-Null
	Set-Acl $DirectoryItem $aclObj
	}

	Import-Module LogStream
	Import-Module ActiveDirectory

	$logFile = Join-Path -Path $LogFilePath -ChildPath "New-Share_$(get-date -f yyyyMMdd).log"

	Start-Log -LogFilePath $logFile \|Out-Null

	try {
	Write-VerboseLog -LogFilePath $logFile -Message "Creating Directory: $FilePath"
	$folder = New-Item -Path $FilePath -ItemType Directory
	}
	catch {
	Write-ErrorLog "Could not create directory: $($error[0].Exception.Message)"
	Stop-Log -LogFilePath $logFile
	return $null
	}

	try {
	Write-VerboseLog -LogFilePath $logFile -Message "Creating SMB share on $FilePath"
	$smbShare = New-SmbShare -Path $FilePath -Name $folder.Name -FullAccess "Everyone"
	}
	catch {
	Write-ErrorLog "Could not create SMB File Share: $($error[0].Exception.Message)"
	Stop-Log -LogFilePath $logFile
	return $null
	}

	try {
	$readGroup = New-ADGroup -name "ACL_Read_$($folder.Name)" -PassThru -GroupCategory Security -GroupScope DomainLocal
	$writeGroup = New-ADGroup -name "ACL_Write_$($folder.Name)" -PassThru -GroupCategory Security -GroupScope DomainLocal
	}
	catch {
	Write-ErrorLog "Could not create user groups: $($error[0].Exception.Message)"
	Stop-Log -LogFilePath $logFile
	return $null
	}

	try {
	Write-VerboseLog -LogFilePath $logFile -Message "Adding Read Group on File Share: $($ReadGroup.SamAccountName)"
	Add-NewACE -DirectoryItem $folder -User $readGroup.SamAccountName -AccessRule "Read"
	}
	catch {
	Write-ErrorLog "Could not add Read ACE for group: $($error[0].Exception.Message)"
	Stop-Log -LogFilePath $logFile
	return $null
	}

	try {
	Write-VerboseLog -LogFilePath $logFile -Message "Adding Write Group on File Share: $($WriteGroup.SamAccountName)"
	Add-NewACE -DirectoryItem $folder -User $WriteGroup.SamAccountName -AccessRule "Modify"
	}
	catch {
	Write-ErrorLog "Could not add Write ACE for group: $($error[0].Exception.Message)"
	Stop-Log -LogFilePath $logFile
	return $null
	}

	Stop-Log -LogFilePath $logFile \| Out-Null
No results found