Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
wNT
 |
- 1219 Error with AddDrive
- Account Expires after wntUserAddDat
- Add Domain Group to Local Administrator Remotely
- Add Everyone to Administrators Group
- Add Global Groups in Domain
- Adding Domain to Workstation
- Adding Users and Setting Flags
- Adds User Account to Local Administrator Group
- Allow Inheritable Permissions from Parent
- Builtin Group SID convert to Name
- Bypass NT Ctrl Alt Del to Logon
- Changing Computer Name and Machine Account
- Changing Domain Passwords Sample Code
- Check For Disabled Computer Account
- Check if You Have Local Admin Rights
- Checking an Accounts Password
- Checking for Old Users
- Convert SID to User ID
- Converting SID to Domain - Account Name
- Create Directories and Set NT Access Permissions
- Dealling With Inheritiable Permissions
- Decode Logon Hours
- Determine if Computer is in a Workgroup or Domain
- Determine if PC is Member of Domain
- Determine Inheritance
- Determining if Current User is Authenticated
- Disable Allow Inheritable Permissions
- Domain Trusts Explained
- Error 673 WntPrivAdd
- Error 684 using wntAccess functions
- Find Domain for a Computer
- Foreign Language support of the Win32 Network Extender
- Get a Users Primary Group
- Get Domain User Info
- Get Machine Administrator Userid
- Get SID from Username
- Get the Currently Logged on User in NT
- Get the SID of a Workstation
- Get User Name and wntUserProps
- How to determine if a file is in use on LAN
- How to disable Allow inheritable permissions
- How to Get the Local Adminstrator Account
- How WntServerList Determines a Server
- Inherit NTFS Persmissions
- Interpreting Access Rights
- Is Domain User a Local Admin
- Is User Logged into Domain or Local Account
- Is wntChgPswd Encrypted
- Issue with AccessMod on Remote Machine
- Keeping Track of Last User Login
- List only Windows 2000 Systems
- List Open Connections
- List Terminal Servers
- Listing Directory Shares with Permissions
- Losing Mapped Drive Connections in XP
- Matching SID to ProfileList folder
- NT Auditing
- NT Extender and NT4 No Service Packs
- NT Network Extender and UPN Account Names
- Obtain Share Permissions
- Obtain user sid
- Port Required for WntUserGetDat
- Problems caused by ADMT
- Pull Trusted Domain List
- Reboot user with no shutdown privileges
- Remotely Reboot and wntShutDown
- Remove Everyone Access from D
- Rename User in an AD Domain
- Reset Passwords in Active Directory
- Reset Permissions when Inheritable is Enabled
- Rights to use wntFileUsers
- Runwithlogon and Bad Username
- RunWithLogon Parameter Size
- RunWithLogon versus RunAsUser
- Searching NT Users and Find by Last Name
- Server Description Field
- Setting File Permissions with wntAccessAdd
- Setting NT Policies
- Setting Service Permissions
- Shutdown All NT Servers
- SID values - AD - round tripping and ADMT
- Synchronize password from NT Domain to Novell
- The NT extender functions in Active Directories
- Trouble determining admin rights
- Trusting Domain List
- Unlock Account with wntUserSetDat
- User Login and Log out Information
- User Profile Last Logon
- Win 2000 AutoAdminLogon
- wntAccess... and Specifying Remote Drives
- WntAccessAdd and Change Modify Registry
- wntAccessAdd and Inherited Rights
- WntAccessAdd and Inheritence
- wntAccessAdd and Invalid User - Group
- wntAccessAdd and NTFS
- WntAccessAdd error 546 Invalid file directory name
- wntAccessAdd Inheritable Permissions
- wntAccessAdd Problem on NT 4
- wntAccessAdd Share Problem on Windows 7
- wntAccessAdd versus w95AccessAdd Tips
- wntAccessDel Error 599 Invalid Level
- wntAccessGet and Username Parameter
- WntAccessList DFS share
- wntAccessList Problem
- wntAccessMod Registry Issue
- wntAcctList Returns Incorrect Flag Values
- wntAcctPolSet Error
- wntAddDrive and Unicode
- WntAddDrive launches an Explorer window
- wntAddPrinter after WntRunAsUser
- wntauditadd and inheritance
- wntAuditAdd and MS Patch
- WntCancelCon Error 511 Device in Use
- wntChgPswd 562 Invalid User Name
- wntChgPswd and Error 586
- wntChgPswd and Error 589 Error Changing Password
- wntChgPswd and Error 677
- wntChgPswd behavior different between W2K and NT4
- wntCurrUsers Behavior
- wntDomainSync Error 695
- wntEventLog Problem
- wntGetCon Error 509 Network component is Not Started or Invalid
- wntMemberDel- error 571
- wntMemberGrps returns 0 on DC running AD
- wntMemberGrps wntMemberSet - 562 invalid user name
- wntMemberList Behavior
- wntMemberList Error 522
- wntMemberList Problems
- wntOwnerGet - wntOwnerSet Tips
- wntOwnerSet Error 547
- wntRemoteTime and 530 Access Denied Error
- wntRemoteTime and Daylight Savings Time
- wntRunAsUser -- Security Side Effects
- wntRunAsUser 713 Unable to Set Window Station Access
- wntRunAsUser and Act as Part of OS Clarification
- wntRunAsUser and Called Scripts
- wntRunAsUser and Debugging Problem
- wntRunAsUser and No Permission on Local Machine
- wntRunAsUser Discussion in French
- wntRunAsUser Error 637
- wntRunAsUser Error 638
- wntRunAsUser Function - 1
- wntRunAsUser Function - 2
- wntRunAsUser Function - 3
- wntRunAsUser Function Used Twice in Script
- wntRunAsUser RunWithLogon Security Context
- wntRunAsUser to AutoAdminLogon after Reboot
- wntRunAsUser Windowstation and Desktop Permissions on WinXP
- wntServerList and wntServiceAt
- wntServerType
- wntShutDown Error 694
- wntUser... and Update User Accounts
- wntUserAdd Adding a Domain User
- wntUserAdd Bug
- WntUserAddDat and Max_storage
- wntUserGetDat 524 Unable to Access Specified Server
- wntUserGetDat and Logon_hours Flag
- wntUserSetDat and Logon Hours
- wNTUserXXXDat Function and Flags
- wxxUserGetDat and Last Logon Date
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
wntAccessAdd Share Problem on Windows 7
keywords: wntAccessAdd Windows 7 Win7 Share Advanced Sharing Network File and Folder Sharing Everyone
Question:
I have a WinBatch program that scans the system for shared folders. If it find Everyone in those folders it will replace Everyone with Domain Users (with the same permission.) I used wntaccessadd to add Domain Users first and then wntaccessdel to remove Everyone. It works great without any problem for year on Win XP and Win 2000.But I have problem with Win7:
For all shared folders (that have Everyone) it just:
- did the replacement of Everyone with Domain Users the "Advanced Sharing" section but
- not in the "Network File and Folder Sharing" section, we can still see Everyone there even after rebooting the system. (FYI in the Sharing tab of the Properties of the any folder of Win7 you will find those 2 previously mentioned sections.)
How can I make the change in the "Network File and Folder Sharing" section?
Details:
- Windows Version 7 Enterprise 64 bit
- WinBatch Version 2009C
- Win32 Network Extender wwwnt34i.dll 39021
; replace Everyone or Authenticated user by Domain Users with the same right
ErrorMode(@OFF)
LastError()
perm = wntAccessGet("",share,user,100,0)
ErrorMode(@CANCEL)
err=LastError()
If err == 530
text =StrCat(text,"%@CRLF%%@TAB%%@TAB%Access Denied getting to %share%. We will skip checking this share")
EndIf
If err == 530 Then Goto _nextshare
rights = GetAccess(perm)
rights = StrReplace(rights, "(","")
rights = StrReplace(rights, ")","")
ErrorMode(@OFF)
LastError()
aa = wntAccessAdd("",share,l_domain,100,rights,0)
ErrorMode(@CANCEL)
If aa == @TRUE
; Message (" "," We got 'Domain Users' implemented %aaa%"), let remove Everyone or Authenticated Users
aaa = wntAccessDel("",share,user,100)
If aaa == @FALSE
text =StrCat(text,"%@CRLF%%@TAB%%@TAB%Cannot remove %user% from %share% share")
Else
text =StrCat(text,"%@CRLF%%@TAB%%@TAB%%user% in %share% share was replaced by %l_domain% ")
EndIf
Else
text =StrCat(text,"%@CRLF%%@TAB%%@TAB%Cannot add %l_domain% to %share% share")
EndIf
:_nextshare
Answer:
Here is a simplified script to test in your environment. It will create a debug trace log, that will be helpful in debugging this issue. Make sure to define the variables: user, domainuser. Could you please run the following code and post the resulting trace file output:; Test script for setting share permissions on Win 7 DebugTrace(@ON , 'trace_wntaccessadd.txt') user = '' ; Everyone SID domainuser = '' ; Domain user SID domain = '' rights = 'DirShare:Full' ; Full Permission AddExtender('WWWNT34i.DLL') list = wntShareList(domain, 1 | 16, 0) share = AskItemlist('List of Shares',list, @TAB, @UNSORTED, @SINGLE) If share == '' Pause('notice','must chose a valid share') Exit EndIf ; Get permissions from everyone ( only used for debugging ) perm = wntAccessGet( domain, share, user, 100, 1 ) ; Set DirShare:Full permissions for domain user aa = wntAccessAdd( domain, share, domainuser, 100, perm, 1 ) ; Confirm permissions for domain user CHECK = wntAccessGet( domain, share, domainuser, 100, 1 ) Pause('Notice',StrCat(' Please confirm that the user', domainuser, ' has been sucessfully added to the share ', share)) Exit
User Reply:
************************************************************ *** Debug Initialized *** ============================== Fri 4/8/2011 10:34:16 AM WinBatch 32 2009C WIL DLL 6.09cic D:\UGS_TOOLS\ww304\Shared_Folder_Fix\Deana_test.wbt Windows platform: NT, Version: 6.1, build: 7600 ErrorMode: @CANCEL ============================== user = 'S-1-1-0' (0) VALUE STRING => "S-1-1-0" domainuser = 'S-1-5-21-954228201-601818101-482762101-513' (0) VALUE STRING => "S-1-5-21-954228201-601818101-482762101-513" domain = '' (0) VALUE STRING => "" rights = 'DirShare:Full' (0) VALUE STRING => "DirShare:Full" ----- Extender loaded: C:\Program Files (x86)\WinBatch\SYSTEM\WWWNT34i.DLL (file Version: 39021,0,0,1) AddExtender('WWWNT34i.DLL') (0) VALUE Int => 1 list = wntShareList(domain, 1 | 16, 0) (0) VALUE STRING => "ADMIN$ C$ Change_domain D$ F$ good_tools Password Photo Rename_system SAP-AD system_name Users" share = AskItemlist('List of Shares',list, @TAB, @UNSORTED, @SINGLE) (3417) VALUE UNICODE => Photo If share == '' (3417) End OPERATOR perm = wntAccessGet( domain, share, user, 100, 1 ) (3417) VALUE STRING => "0:3:2032127|" aa = wntAccessAdd( domain, share, domainuser, 100, perm, 1 ) (3417) VALUE Int => 1 CHECK = wntAccessGet( domain, share, domainuser, 100, 1 ) (3417) VALUE STRING => "0:3:2032127|" Pause('Notice',StrCat(' Please confirm that the user', domainuser, ' has been sucessfully added to the share ', share)) (4821) VALUE Int => 1 Exit (4821) VALUE Int => 0 --- NORMAL termination --- ;;;END OF JOB;;;Still seeing [Everyone] in the "Network File and Folder Sharing" section, even after rebooting the system.
Answer:
Okay we may have tracked down the issue. There are apparently two seperate ways to share in Windows Vista & Windows 7. The "Advanced Sharing" and "Share" are two different ways to share file. The "Share" option is a simple sharing. Even though they have similar function, they do not reflect each other. The wntAccessAdd function effects what you see under 'Advanced sharing'. The stuff you see under "Network File and Folder Sharing" is related to NTFS file sharing.The wntaccessAdd function is effecting the Advanced Sharing but not the NTFS permissions. Hrmm, now we need to figure out how to set both, but more research is needed.
http://technet.microsoft.com/en-us/library/cc726004.aspx
Managing Permissions for Shared Folders
http://technet.microsoft.com/en-us/library/cc753731.aspx
I suspect you also need to set file permissions? Note: If both share permissions and file system permissions are set for a shared folder, the more restrictive permissions apply when connecting to the shared folder.
We tested whacking the directory permissions, it does appear to clear "Everyone" share permissions
AddExtender("WWWNT34i.DLL") strShare = "temp" resource = wntShareInfo("", strShare, 0, 1) wntAccessDel("", strShare, "everyone", 100, 0) wntAccessDel("", resource, "everyone", 300, 0) ;; Probably not needed but in case it is, it can easily be added back in. Dir_Read_Win7 = "0:3:1179817|" wntAccessAdd("", resource, "everyone", 300, Dir_Read_Win7)
So, Apparently you have to delete the NTFS (300) permissions to completely remove user share permissions from a share on Windows 7. The traditional share permissions (100) will not get it done by themselves. MSFT is vague about all this but does mention a 'dual' share permission setup on Windows 7.
I suspect that a careful examination of the relevant API documentation will reveal all and suggest some possible modifications to the extenders permission related functions. The extender is scheduled for some unrelated development work in the near future and this issue can be examined in greater detail at that time.
User Reply:
Thanks so much, I always believe that Winbatch has solution for EVERYTHING. You really make my day. The solution that you gave me works perfectly.Article ID: W17999
Filename: wntAccessAdd Share Problem on Windows 7.txt
File Created: 2011:04:13:08:51:02
Last Updated: 2011:04:13:08:51:02