Windows 8.1 and the Land of Forgotten Modules: Part 3
Summary: Explore and discover the additional Windows PowerShell modules in Windows 8.1.
Honorary Scripting Guy, Sean Kearney, is here this week unwrapping more of these little modules I have found in my shiny new Windows 8.1 operating system. You also might enjoy reading:
- Windows 8.1 and the Land of Forgotten Modules: Part 1
- Windows 8.1 and the Land of Forgotten Modules: Part 2
We’ll take a look at a module that’s available on both the workstation and the server. One that is particularly handy for those of us who deal with smaller peer-to-peer environments.
I speak of no other module than SMBShare. SMBShare contains all of the cmdlets you’ll ever need to set up and manage shares. This includes creating, managing access, and disconnecting users from resources.
Hello SMBShare Module! What cmdlets do you have to share with us?
Get-Command –module SmbShare
Let’s create a new share called Data that points to the C:\Shares\Data folder structure. We’re going to grant full access to local Administrators and change access to Users:
New-Item C:\Shares\Data –itemtype directory –force
New-SMBShare –Name Data –Path C:\Shares\Data –FullAccess Administrators –ChangeAccess Users
Now we can pop-in to the GUI to see if this matched how you used to do it:
Let’s imagine that we’re on a new machine, and we want to audit what shares it has. We could go to Computer Management, take as many screenshots as our hearts allow, then poke in to check the permissions on each folder…*huff…huff huff…*…
Or, we can execute the following line in Windows PowerShell by using the SMBShare Module:
Get-SMBShare | Get-SMBShareAccess | Sort-Object Name
Now that’s a lot easier. We can also save this information easily in a CSV file to present to an auditor or to your boss:
Get-SMBShare | Get-SMBShareAccess | Sort-Object Name | Export-CSV C:\Folder\ShareList.csv
I would loved to have had this in my hands years ago during migrations. It was such a pain to find out not only where the shares where, but what groups or users had access to them. I still remember going so far as to steal this information from the LanManServer key in the registry at one point.
It’s now even easier to simply add a user or a group to a share for basic permissions. If I would like to add a user named Ernie to the Data share, and allow him Read access, I can leverage the Grant-SMBShareAccess cmdlet:
Grant-SMBShareAccess –name “Data” –AccountName Ernie AccessRight Read –force
But you can just as easily revoke access too. Let’s envision a scenario where there is a security group called Accounting, which had access to various shares. There might not be any users in the group, but from an auditing standpoint, you need to assure that the group is no longer there.
You can simply obtain all the shares and yank out the rights on a single workstation or server:
Get-SMBShare | Revoke-SMBShareAccess –AccountName Accounting –force
One line, and you’re all cleaned up. Pretty neat, eh?
Now here is an option I would have loved to have had: The ability to easily disconnect people from a file. Users never seem to listen when you say, “Please log off your workstation and close all your files at the end of the day.”
Now I have some interesting options. I can pull a regular report as to who has a file open on a workstation or server with Get-SMBOpenFile.
You could execute it this way if you knew what the file was called and you weren’t sure what folder it was in:
Get-SMBOpenFile | Where { $_.Path –like ‘*ImportantFile.doc*’ }
Or simply request to show all of the files that were left open by users:
Get-SMBOpenFile
Or perhaps you just want to reboot a file server and need to see the names of people who are accessing it, so you can politely give them a ring?
Get-SMBSession | Select-object ClientUserName
Better yet. Let’s say you have “carte blanche” freedom to ensure the files are all disconnected after 9:00 P.M. You could literally run this command to handle this “issue”:
Get-SMBOpenFile | Close-SMBOpenFile –force
And disconnecting staff from a session in a share is just as easy:
Get-SMBSession | Close-SMBSession –force
I sooooo envy new Admins with this kind of Power in the field. Life is so much easier with Windows PowerShell!
Stop by tomorrow, and we’ll dig around to see more hidden module nuggets.
I invite you to follow The Scripting Guys on Twitter and Facebook. If you have any questions, send an email to The Scripting Guys at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then remember eat your cmdlets each and every day with a taste dash of creativity.
Sean Kearney, Windows PowerShell MVP and Honorary Scripting Guy
Light
Dark
0 comments