• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Advanced shared folder creation
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • +Group management
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • +User management
        • Validate moving operations
        • +VBScript: Approval

You are currently reviewing an older revision of this page.

  • History View current version

Advanced shared folder creation

Back to VBScript samples

DESCRIPTION

This script demostrates a network share provision process. During new "Shared folder" publishing in AD, these additional steps are proceed:

  • a local folder on designated server will be created
  • the folder will be shared in network
  • three domain local security groups in designated OU will be created
  • the groups get designated owner
  • the NFTS & share permission are set on folder for the groups

SCRIPT

' *****************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT QUEST PROFESSIONAL SERVICES OR CUSTOM DEVELOPMENT.

'

' As for preparation create following Virtual Atributes:

'

' - edsvaAdvancedSharedFolderCreation-ShareName, syntax:string, single-valued

' Name of network share

'

' - edsvaAdvancedSharedFolderCreation-ServerName, syntax:string, single-valued

' Name of server on which the folder will be created

'

' - edsvaAdvancedSharedFolderCreation-LocalPath, syntax:string, single-valued

' Local path on the server, where the new folder will be created. Name of new folder has to be added!

'

' - edsvaAdvancedSharedFolderCreation-ContainerDN, syntax:DN, single-valued

' Distinguished name of OU, where the new groups will be created, which will have designated permissions on the new share/folder

'

' - edsvaAdvancedSharedFolderCreation-OwnerDN, syntax:DN, single-valued

' Distinguished name of owner of the designated groups, which have Read/Read-Write/FullControl permission on the new share and folder

'

Option Explicit

'***********************************************************************************

'** EVENT HANDLERS

'***********************************************************************************

Sub onPreCreate(Request)

If (LCase(Request.Class) <> "volume") Then Exit Sub

Dim strName, strServerName, strShareName, strLocalPath, strNetworkPath

'

On Error Resume Next

strName = CStr(Request.Get("cn"))

On Error GoTo 0

On Error Resume Next

strServerName = CStr(Request.Get("edsvaAdvancedSharedFolderCreation-ServerName"))

On Error GoTo 0

If (strServerName = "") Then

Err.Raise 1, "Enter valid value for server name"

Exit Sub

End If

On Error Resume Next

strShareName = CStr(Request.Get("edsvaAdvancedSharedFolderCreation-ShareName"))

On Error GoTo 0

If (strShareName = "") Then

Err.Raise 1, "Enter valid value for share name"

Exit Sub

End If

On Error Resume Next

strLocalPath = CStr(Request.Get("edsvaAdvancedSharedFolderCreation-LocalPath"))

On Error GoTo 0

If (strLocalPath = "") Then

Err.Raise 1, "Enter valid value for local path"

Exit Sub

End If

'-- constuct UNC name for shared folder and put it in request

strNetworkPath = "\\" & strServerName & "\" & strShareName

Request.Put "uNCName", strNetworkPath

Dim strContainerDN, strOwnerDN

On Error Resume Next

strContainerDN = CStr(Request.Get("edsvaAdvancedSharedFolderCreation-ContainerDN"))

On Error GoTo 0

If (strContainerDN = "") Then

Err.Raise 1, "Enter valid value for container where new group will be created"

Exit Sub

End If

On Error Resume Next

strOwnerDN = CStr(Request.Get("edsvaAdvancedSharedFolderCreation-OwnerDN"))

On Error GoTo 0

If (strOwnerDN = "") Then

Err.Raise 1, "Enter valid value for owner for newly created groups"

Exit Sub

End If

Dim objWMIService, nResult

Dim objGroupRead, objGroupReadWrite, objGroupFullControl

Dim objTrusteeRead, objTrusteeReadWrite, objTrusteeFullControl

Dim objSecurityDescriptor

'-- get WMI service

Set objWMIService= GetObject("winmgmts:" & _

"{impersonationLevel=impersonate}!" & _

"\\" & strServerName & "\root\cimv2")"

'-- create a local folder

nResult = CreateLocalFolder(objWMIService, strLocalPath)

If (nResult <> 0) Then

Err.Raise 1, "Local folder creation error = " & nResult

Exit Sub

End If

'-- create a share on server

nResult = CreateNetworkShare(objWMIService, strLocalPath, strShareName, "This share is automatically created by ActiveRoles Server")

If (nResult <> 0) Then

Err.Raise 1, "Share creation error = " & nResult

Exit Sub

End If

'--- create 3 groups for the share

Set objGroupRead = CreateDomainLocalGroup(strContainerDN, strName & "-" & "R", strOwnerDN)

Set objGroupReadWrite = CreateDomainLocalGroup(strContainerDN, strName & "-" & "RW", strOwnerDN)

Set objGroupFullControl = CreateDomainLocalGroup(strContainerDN, strName & "-" & "FC", strOwnerDN)

'--- create 3 trustees for these groups

Set objTrusteeRead = CreateTrusteeForObject(objWMIService, objGroupRead)

Set objTrusteeReadWrite = CreateTrusteeForObject(objWMIService, objGroupReadWrite)

Set objTrusteeFullControl = CreateTrusteeForObject(objWMIService, objGroupFullControl)

'--- create and apply security to share

Set objSecurityDescriptor = CreateSecurityDescriptorForNetworkShare(objWMIService, objTrusteeRead, objTrusteeReadWrite, objTrusteeFullControl)

nResult = SetPermissionsToNetworkShare(objWMIService, strShareName, objSecurityDescriptor)

'--- create and apply security to local folder

Set objSecurityDescriptor = CreateSecurityDescriptorForLocalFolder(objWMIService, objTrusteeRead, objTrusteeReadWrite, objTrusteeFullControl)

nResult = SetPermissionsToLocalFolder(objWMIService, strLocalPath, objSecurityDescriptor)

End Sub

'******************************************************************

' CreateLocalFolder - creates a new local folder

' ----------

' objWMIService - WMI serice instance

' strLocalPath - path to local folder, for ex.: "C:\MyFolder"

' ----------

' return value - Error code. O for OK

Function CreateLocalFolder(ByRef objWMIService, ByVal strLocalPath)

Dim objProcess, nProcessId, nResult

Set objProcess = objWMIService.Get("Win32_Process")

' --- try to start a process for a folder creation

nResult = objProcess.Create("cmd.exe /c md " & strLocalPath, Null, Null, nProcessId)

If (nResult <> 0) Then

CreateLocalFolder = nResult

Exit Function

End If

Dim arrItems, objItem, boolFound

' --- wait for folder creation completion

Do While (True)

Set arrItems = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE ProcessId=" & nProcessId)

boolFound = False

For Each objItem In arrItems

boolFound = True

Exit For

Next

If (boolFound = False) Then Exit Do

Loop

CreateLocalFolder = 0

End Function

'******************************************************************

' CreateNetworkShare - creates a new network share

' ----------

' objWMIService - WMI serice instance

' strLocalPath - path to local folder, for ex.: "C:\MyFolder"

' strShareName - name of network share

' strShareDescription - description of network share

' ----------

' return value - Error code. O for OK

Function CreateNetworkShare(ByRef objWMIService, _

ByVal strLocalPath, ByVal strShareName, ByVal strShareDescription)

Dim objNewShare

Set objNewShare = objWMIService.Get("Win32_Share")

CreateNetworkShare = objNewShare.Create(strLocalPath, _

strShareName, 0, , strShareDescription)

End Function

'******************************************************************

' SetPermissionsToLocalFolder - set a permission to local folder

' ----------

' objWMIService - WMI serice instance

' strLocalFolderPath - path to local folder, for ex.: "C:\MyFolder"

' objPermissions - Win32_SecurityDescriptor WMI object with permissions

' ----------

' return value - Error code. O for OK

Function SetPermissionsToLocalFolder(ByRef objWMIService, _

ByVal strLocalPath, ByRef objSecurityDescriptor)

Dim objLocalFolder

Set objLocalFolder = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strLocalPath & "'")

SetPermissionsToLocalFolder = objLocalFolder.SetSecurityDescriptor(objSecurityDescriptor)

End Function

'******************************************************************

' SetPermissionsToNetworkShare - set a permission to network share

' ----------

' objWMIService - WMI serice instance

' strShareName - name of network share

' objPermissions - Win32_SecurityDescriptor WMI object with permissions

' ----------

' return value - Error code. O for OK

Function SetPermissionsToNetworkShare(ByRef objWMIService, _

ByVal strShareName, ByRef objSecurityDescriptor)

Dim objNetworkShare

Set objNetworkShare = objWMIService.Get("Win32_Share='" & strShareName & "'")

SetPermissionsToNetworkShare = objNetworkShare.SetShareInfo(,,objSecurityDescriptor)

End Function

'******************************************************************

' CreateSecurityDescriptorForNetworkShare - creates a security descriptor

' for network share and 3 trustees

' ----------

' objWMIService - WMI serice instance

' objTrusteeRead, objTrusteeReadWrite, objTrusteeFullControl - 1st, 2nd & 3rd trustees

' ----------

' return value - created security descriptor

Function CreateSecurityDescriptorForNetworkShare (ByRef objWMIService, _

ByRef objTrusteeRead, ByRef objTrusteeReadWrite, ByRef objTrusteeFullControl)

Dim objSecDescriptor, arrDACL

Set objSecDescriptor = objWMIService.Get("Win32_SecurityDescriptor").SpawnInstance_()

objSecDescriptor.Properties_.Item("ControlFlags") = 4 '** SE_DACL_PRESENT

arrDACL = Array()

If (IsObject(objTrusteeRead)) Then

Call AddToArray(arrDACL, CreateACE(objWMIService, objTrusteeRead, 1179817, 3, 0)) '** read

End If

If (IsObject(objTrusteeReadWrite)) Then

Call AddToArray(arrDACL, CreateACE(objWMIService, objTrusteeReadWrite, 1245631, 3, 0)) '** read/write

End If

If (IsObject(objTrusteeFullControl)) Then

Call AddToArray(arrDACL, CreateACE(objWMIService, objTrusteeFullControl, 2032127, 3, 0)) '** full control

End If

objSecDescriptor.Properties_.Item("DACL") = arrDACL

Set CreateSecurityDescriptorForNetworkShare = objSecDescriptor

End Function

'******************************************************************

' CreateSecurityDescriptorForLocalFolder - creates a security descriptor

' for local NTFS folder and 3 trustees

' ----------

' objWMIService - WMI serice instance

' objTrusteeRead, objTrusteeReadWrite, objTrusteeFullControl - 1st, 2nd & 3rd trustees

' ----------

' return value - created security descriptor

Function CreateSecurityDescriptorForLocalFolder (ByRef objWMIService, _

ByRef objTrusteeRead, ByRef objTrusteeReadWrite, ByRef objTrusteeFullControl)

Dim objSecDescriptor, arrDACL

Set objSecDescriptor = objWMIService.Get("Win32_SecurityDescriptor").SpawnInstance_()

objSecDescriptor.Properties_.Item("ControlFlags") = 4 + 1024 '** SE_DACL_PRESENT | SE_DACL_AUTO_INHERITED

arrDACL = Array()

If (IsObject(objTrusteeRead)) Then

Call AddToArray(arrDACL, CreateACE(objWMIService, objTrusteeRead, 131241, 3, 0)) '** read

End If

If (IsObject(objTrusteeReadWrite)) Then

Call AddToArray(arrDACL, CreateACE(objWMIService, objTrusteeReadWrite, 197055, 3, 0)) '** read/write

End If

If (IsObject(objTrusteeFullControl)) Then

Call AddToArray(arrDACL, CreateACE(objWMIService, objTrusteeFullControl, 2032127, 3, 0)) '** full control

End If

objSecDescriptor.Properties_.Item("DACL") = arrDACL

Set CreateSecurityDescriptorForLocalFolder = objSecDescriptor

End Function

'******************************************************************

' CreateACE - creates a Win32_Ace instance with desired access

' ----------

Function CreateACE (ByRef objWMIService, ByRef objTrustee, _

ByVal nAccessMask, ByVal nAceFlags, ByVal nAceType)

If (Not IsObject(objTrustee)) Then Exit Function

Dim objAce

Set objAce = objWMIService.Get("Win32_Ace").SpawnInstance_()

objAce.Properties_.Item("AccessMask") = nAccessMask

objAce.Properties_.Item("AceFlags") = nAceFlags

objAce.Properties_.Item("AceType") = nAceType

objAce.Properties_.Item("Trustee") = objTrustee

Set CreateACE = objAce

End Function

'******************************************************************

' CreateTrusteeForObject - creates a Win32_Trustee instance from AD object

' ----------

Function CreateTrusteeForObject (ByRef objWMIService, ByRef objObject)

If (Not IsObject(objObject)) Then Exit Function

Dim objTrustee

Call objObject.GetInfoEx(Array("edsaDomainNetbiosName", "sAMAccountName", "objectSid"), 0)

Set objTrustee = objWMIService.Get("Win32_Trustee").SpawnInstance_()

objTrustee.Domain = objObject.Get("edsaDomainNetbiosName")

objTrustee.Name = objObject.Get("sAMAccountName")

objTrustee.Properties_.Item("SID") = objObject.Get("objectSid")

Set CreateTrusteeForObject = objTrustee

End Function

'******************************************************************

' CreateDomainLocalGroup - creates a domain local security group

' ----------

Function CreateDomainLocalGroup(strOUDN, strGroupName, strOwnerDN)

Dim objOU, objGroup

Set objOU = GetObject("EDMS://" & strOUDN)

Set objGroup = objOU.Create("group", "CN=" & strGroupName)

Call objGroup.Put("sAMAccountName", strGroupName)

Call objGroup.Put("managedBy", strOwnerDN)

Call objGroup.Put("groupType", -2147483644) 'domain local security group

Call objGroup.SetInfo()

Set CreateDomainLocalGroup = objGroup

End Function

'===========================================================================

' AddToArray

'===========================================================================

Sub AddToArray(ByRef Arr, ByVal Val)

ReDim Preserve Arr (UBound(Arr)+1)

If (IsObject(Val)) Then

Set Arr(UBound(Arr)) = Val

Else

Arr(UBound(Arr)) = Val

End If

End Sub ' AddToArray

'****** end of code ***********************************************

Back to VBScript samples

  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center