Home

[WAC 1904] Share permissions added directly via PowerShell works, but do not appear in WAC

%3CLINGO-SUB%20id%3D%22lingo-sub-789541%22%20slang%3D%22en-US%22%3E%5BWAC%201904%5D%20Share%20permissions%20added%20directly%20via%20PowerShell%20works%2C%20but%20do%20not%20appear%20in%20WAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-789541%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYesterday%20I%20discover%20an%20issue%20with%20share%20permissions%20in%20WAC.%20When%20I%20create%20a%20new%20network%20share%20via%20PowerShell%20directly%20on%20the%20server%20and%20attach%20some%20permissions%20to%20users%20or%20groups%2C%20those%20permissions%20are%20not%20visible%20in%20WAC%20file%20browser%20-%20instead%20of%20them%2C%20there%20are%20only%20the%20default%20one.%20Of%20course%20WAC%20sees%20that%20folder%20is%20being%20shared%2C%20and%20share%20permissions%20works%20properly.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20to%20add%20SMB%20Share%20access%20via%20PowerShell%20to%20make%20it%20visible%20in%20WAC%3F%20Or%20maybe%20everything%20is%20correct%20but%20it's%20a%20bug%20in%20WAC%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F125700i1329D4DDF51B3C82%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22tmp1.png%22%20title%3D%22tmp1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F125701i31192E3FE26C6DA4%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22tmp2.png%22%20title%3D%22tmp2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-791447%22%20slang%3D%22en-US%22%3ERe%3A%20%5BWAC%201904%5D%20Share%20permissions%20added%20directly%20via%20PowerShell%20works%2C%20but%20do%20not%20appear%20in%20WAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-791447%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387824%22%20target%3D%22_blank%22%3E%40Ult1me%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20what%20I%20can%20tell%20after%20some%20quick%20testing%2C%20it%20looks%20like%20the%20ACL%20showing%20in%20WAC%20is%26nbsp%3B%3CEM%3Enot%3C%2FEM%3Ethe%20SMBShare%20permissions%20of%20the%20folder%20but%20rather%20the%20NTFS%20permissions.%20However%2C%20the%20options%20in%20WAC%20is%20simplified%20(deny%2C%20read%2C%20read%2Fwrite)%20and%20it%20doesn't%20appear%20that%20an%20entry%20will%20show%20unless%20the%20NTFS%20permissions%20match%20exactly%20up%20with%20the%20deny%2C%20read%2C%20read%2Fwrite%20entry).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%2C%20I%20added%20a%20group%20with%20List%20Folder%20Contents%2C%20Read%2C%20and%20Write%20NTFS%20permissions%20and%20could%20see%20the%20group%20in%20WAC%20as%20having%20Read%20permissions.%20If%20I%20add%20'list%20folder%20contents'%20to%20the%20NTFS%20permissions%20on%20the%20server%20then%20the%20entry%20doesn't%20show%20in%20WAC.%20Add%20on%20'full%20control'%20in%20NTFS%20again%2C%20then%20the%20entry%20makes%20an%20appears%20in%20WAC%20with%20Read%2FWrite%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20makes%20some%20sense!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EMark%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-793192%22%20slang%3D%22en-US%22%3ERe%3A%20%5BWAC%201904%5D%20Share%20permissions%20added%20directly%20via%20PowerShell%20works%2C%20but%20do%20not%20appear%20in%20WAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-793192%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383653%22%20target%3D%22_blank%22%3E%40HidMov%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20thinking%20about%20the%20same%2C%20especially%20after%20looking%20at%20sample%20scripts%20provided%20by%20WAC%20team%2C%20which%20are%20using%20mostly%20NTFS%20permissions.%20It%20was%20a%20little%20bit%20harder%20to%20test%20it%20on%20Server%20Core%20on%20my%20own%2C%20but%20your%20tests%20confirm%20my%20thoughts.%20Thank%20you!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EMateusz%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ult1me
New Contributor

Dear all,

 

Yesterday I discover an issue with share permissions in WAC. When I create a new network share via PowerShell directly on the server and attach some permissions to users or groups, those permissions are not visible in WAC file browser - instead of them, there are only the default one. Of course WAC sees that folder is being shared, and share permissions works properly. 

 

How to add SMB Share access via PowerShell to make it visible in WAC? Or maybe everything is correct but it's a bug in WAC?

 

tmp1.png

 

tmp2.png

 

 

2 Replies

Hey @Ult1me 

 

From what I can tell after some quick testing, it looks like the ACL showing in WAC is not the SMBShare permissions of the folder but rather the NTFS permissions. However, the options in WAC is simplified (deny, read, read/write) and it doesn't appear that an entry will show unless the NTFS permissions match exactly up with the deny, read, read/write entry). 

 

For example, I added a group with List Folder Contents, Read, and Write NTFS permissions and could see the group in WAC as having Read permissions. If I add 'list folder contents' to the NTFS permissions on the server then the entry doesn't show in WAC. Add on 'full control' in NTFS again, then the entry makes an appears in WAC with Read/Write

 

Hope this makes some sense!

 

Cheers,

Mark

Hi @HidMov  

 

I was thinking about the same, especially after looking at sample scripts provided by WAC team, which are using mostly NTFS permissions. It was a little bit harder to test it on Server Core on my own, but your tests confirm my thoughts. Thank you!

 

Cheers,

Mateusz

 

Related Conversations