2 Replies Latest reply on Dec 8, 2016 1:48 PM by Justan Suss

    Anyone know how to manage Windows Share permissions using BSA?

    Justan Suss

      Target Operating Systems - Windows 2008 R2

      BSA version 8.7


      Objective 1: A deploy job to create shares (ex: net share via windows command line) AND configure the Share permissions (remove the EVERYONE group and add 1 or two other local groups with either READ or CHANGE). I imagine I'd set this up as two deploy packages so I can isolate the tasks if / when they're used for remediation jobs.


      Objective 2: create a compliance job to check that a shared drive or folder has particular user group(s) in the Share permissions, and kick off the above 'permissions job' where compliance rules aren't adhered to.


      The most difficulty I'm having is with the share permissions. W2K8 has pretty straightforward net share and file perms support via command line, (and maybe NSH can support this too... I'll have to check). And via Powershell in W2K8 I can probably do something kinda funky, but since I'm gong to use BSA whenever I can, I'm hoping someone has already figured this out.


      I tried the Network Shares zip kit, but it doesn't show the Share Permissions.


      If my target systems were 2012 I'd have this done with Powershell SMBShare module.... but, here's where I'm at today .


      Any suggestions are appreciated.

        • 1. Re: Anyone know how to manage Windows Share permissions using BSA?
          Steffen Kreis



          when you use this as part of a Compliance and Remediation your package ideally is a BLPackage, since this is the only thing that BSA can run on the target for remediation.

          So since the BLPackage runs locally on the target you can place whatever PowerShell or CMD script works for you inside it and run it.


          Regarding the Share Permissions, we have once created an Extended Object which shows the shares and its permissions so we can process the output via  the compliance rules.


          I will have a look and try if i can share it with you.



          • 2. Re: Anyone know how to manage Windows Share permissions using BSA?
            Justan Suss

            Thank Steffen,


            I'm familiar with the relationship between BL Packages and Compliance / deploy jobs. I listed my objectives more as background info.


            The real question I'm looking to answer is "where / how does BSA enumerate share permissions?" If it can enumerate NTFS perms, etc, I figure there's a way to LIVE BROWSE a server and see share permissions. If you have this via EXTENDED OBJECT, that'd be appreciated.