> The script below is an example of how to set share and ntfs permissions

> '================
> 'ShareSetup.vbs
> 'Author: Jonathan Warnken - jon.warn...@gmail.com
> 'Credits: parts of various other posted scripts used
> 'Requirements: Admin Rights

> 'Some Addition Lev Shumskii aka WildCat
> 'Now You may set SecurityDescriptor for NTFS
> 'and this script work properly under Win2k & Win2k3
> '================
> Option Explicit

> Const FILE_SHARE = 0
> Const MAXIMUM_CONNECTIONS = 15
> Const strDomain = "Your Domain"
> Const PERM_READ = 1179817
> Const PERM_MODIFY = 1245631
> Const PERM_FULL = 2032127

> Dim strComputer
> Dim objWMIService
> Dim objNewShare

> strComputer = "."

> Set objWMIService = GetObject("winmgmts:" &
> "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
> Set objNewShare = objWMIService.Get("Win32_Share")

> 'Worked Example
> Call sharesec ("C:\Robot", "Robot", "Only Security Department", "Security
> Department", Perm_Read, Perm_Modify)

> Sub sharesec(Fname, shr, info, account, Share_Perm, NTFS_Perm)
> Dim FSO
> Dim Services
> Dim SecDescClass
> Dim SecDesc
> Dim Trustee
> Dim ACE
> Dim Share
> Dim InParam
> Dim Network
> Dim FolderName
> Dim AdminServer
> Dim ShareName
> Dim FolderSecurity
> Dim RetVal
> Dim SecurityDescriptor
> Dim User

> FolderName = Fname
> AdminServer = "\\" & strComputer
> ShareName = shr
> **********************START NTFS SECTION ****************
> 'Write New security descriptor for the FolderName

> Set Services =
> GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
> AdminServer & "\ROOT\CIMV2")
> Set SecurityDescriptor = Services.Get("Win32_SecurityDescriptor")

> Set FolderSecurity =
> GetObject("winmgmts:Win32_LogicalFileSecuritySetting.Path='" & FolderName
> &
> "'")
> RetVal = FolderSecurity.GetSecurityDescriptor(SecurityDescriptor)

> Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
> groups and SetAccountTrustee for users
> Set ACE = Services.Get("Win32_Ace").SpawnInstance_
> ACE.Properties_.Item("AccessMask") = NTFS_Perm
> ACE.Properties_.Item("AceFlags") = 3
> ACE.Properties_.Item("AceType") = 0
> ACE.Properties_.Item("Trustee") = Trustee
> SecurityDescriptor.Properties_.Item("DACL") = Array(ACE)

> RetVal = FolderSecurity.SetSecurityDescriptor(SecurityDescriptor)
> ***************** END NTFS SECTION **********************
> 'Create new Share

> Set Services =
> GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &
> AdminServer & "\ROOT\CIMV2")
> Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
> Set SecDesc = SecDescClass.SpawnInstance_()

> Set Trustee = SetGroupTrustee(strDomain, account) 'Use SetGroupTrustee for
> groups and SetAccountTrustee for users
> Set ACE = Services.Get("Win32_Ace").SpawnInstance_
> ACE.Properties_.Item("AccessMask") = Share_Perm
> ACE.Properties_.Item("AceFlags") = 3
> ACE.Properties_.Item("AceType") = 0
> ACE.Properties_.Item("Trustee") = Trustee
> SecDesc.Properties_.Item("DACL") = Array(ACE)
> Set Share = Services.Get("Win32_Share")
> Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
> InParam.Properties_.Item("Access") = SecDesc
> InParam.Properties_.Item("Description") = Info
> InParam.Properties_.Item("Name") = ShareName
> InParam.Properties_.Item("Path") = FolderName
> InParam.Properties_.Item("MaximumAllowed") = MAXIMUM_CONNECTIONS
> InParam.Properties_.Item("Type") = 0
> Share.ExecMethod_ "Create", InParam
> End Sub

> Function SetAccountTrustee(strDomain, strName)
> Dim objTrustee
> Dim account
> Dim accountSID
> set objTrustee =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trust ee").Spawninstance_
> set account =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Accou nt.Name='"
> & strName & "',Domain='" & strDomain &"'")
> set accountSID =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.S ID='"
> & account.SID &"'")
> objTrustee.Domain = strDomain
> objTrustee.Name = strName
> objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
> set accountSID = nothing
> set account = nothing
> set SetAccountTrustee = objTrustee
> End Function

> Function SetGroupTrustee(strDomain, strName)
> Dim objTrustee
> Dim account
> Dim accountSID
> set objTrustee =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trust ee").Spawninstance_
> set account =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group .Name='"
> & strName & "',Domain='" & strDomain &"'")
> set accountSID =
> getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.S ID='"
> & account.SID &"'")
> objTrustee.Domain = strDomain
> objTrustee.Name = strName
> objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation
> set accountSID = nothing
> set account = nothing
> set SetGroupTrustee = objTrustee
> End Function

> Ahh well, maybe the next thing will force me to use/ learn VB!!

>> Ahh well, maybe the next thing will force me to use/ learn VB!!

>  Are you sure you mean VB? VBScript is not
> the same as VB, and what Jon posted was not
> "pure" of either. It was VBScript using WMI.

> VB would use the Windows API, like this:
> http://support.microsoft.com/kb/295004/

>  Then there's also VB.Net, which Microsoft is now
> calling just "VB". VBScript, VB and VB.Net are all
> entirely different things that would usually use
> entirely different methods.

>   WMI is a scriptable set of methods that runs as a
> service on NT systems and provides a number of
> functions (mainly related to network administration
> chores) that VBScript would otherwise not have
> access to.