Windows shared folder created by Puppet

windows-shared-folder

Windows shared folder is a folder that has been configured to be accessed by multiple users over a network. When you share a folder on your computer, other users on the same network can access the files and folders inside it. You can set different levels of permissions for different users or groups, allowing them to read, change, or even delete the files in the shared folder.

Sharing a folder can be useful if you want to collaborate with others on a project, share files with coworkers, or simply make it easier to access files from multiple devices. To share a folder in Windows, you can use the File Explorer or the Command Prompt. Puppet can assist in automating shared folder creation.

Example of windows shared folder creation by Puppet

exec { 'Share Backup folder':
  command => 'New-SmbShare -Name "Backup$" -Path "T:\Backup" -ContinuouslyAvailable $False',
  unless => 'if ( ((Get-SmbShare -Name "Backup$" -ErrorAction SilentlyContinue).name -eq "Backup$") ) { Exit 0 } else { Exit 1 }',
  provider => powershell,
}

Revoke permissions from everyone

It can be important to revoke permissions from everyone for a shared folder in certain situations. For example, if you no longer want a group of people to have access to the shared folder, revoking their permissions can help ensure that they are unable to access the folder’s contents. Similarly, if you want to restrict access to the shared folder to only a select group of people, revoking permissions for everyone else can help ensure that only authorized users have access.

However, it’s important to carefully consider the implications of revoking permissions for a shared folder. Depending on the permissions settings, revoking access for certain users or groups could prevent them from performing tasks that they need to do. It’s a good idea to think carefully about who needs access to the shared folder and what permissions are necessary for them to do their work before making any changes to the permissions settings.

exec { 'Revoke access to Backup shared folder':
  command => 'Revoke-SmbShareAccess -name "Backup$" -AccountName Everyone -Force',
  unless => 'if ((Get-SmbShareAccess -name "Backup$" -ErrorAction SilentlyContinue | where {$_.AccountName -eq "Everyone" -and $_.AccessControlType -eq "Allow"} | Measure-Object).count -eq 0) { Exit 0 } else { Exit 1 }',
  provider => powershell,
  require => Exec['Share Backup folder'],
}

Assign desired permissions for windows shared folder

The folder may have different levels of access for different users, such as read-only or read-write permissions. Changes made by one user to the files in the shared folder are typically reflected in real-time for all other users who have access to the folder.

exec { 'Grant access to Backup shared folder':
  command => '$accounts = "domain\AccountA","domain\AccountB";Grant-SmbShareAccess -name "Backup$" -AccountName $accounts -AccessRight Full -Force',
  unless => '$accounts = "domain\AccountA","domain\AccountB";if ( ((Get-SmbShare -Name "Backup$" -ErrorAction SilentlyContinue).name -ne "Backup$") -or ((Get-SmbShareAccess -name "Backup$" -ErrorAction SilentlyContinue | where { $accounts -contains $_.AccountName -and $_.AccessControlType -eq "Allow" -and $_.AccessRight -eq "Full"} | Measure-Object).count -eq $accounts.count) ) { Exit 0 } else { Exit 1 }',
  provider => powershell,
  require => Exec['Share Backup folder'],
}

References:

Leave a Reply

Your email address will not be published. Required fields are marked *