win7 easy sharing - batch file

Discussion in 'other software & services' started by Sully, Jan 11, 2013.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    One thing that I don't like about Windows 7 is sharing directories. In Windows XP, the "simple file sharing" made it easy. Mind you I'm talking about a home network. With Windows 7, it is overly complicated unless you use the "home group".

    So after putting up with it for a good while now, I have finally had enough. I commonly need to share a directory, but only for a little while. I wanted an easy way to create a share, but also get rid of the shares quickly and conveniently.

    So lets start with sharing in Windows 7. There are two ways to do it: simple and advanced. Depending on what you are sharing, that translates to easy or complicated. Well, not complicated really, but the process is unduly lengthy.

    To share a non-protected resource, just right click, share with, and add everyone. This usually gives read and execute rights. It works well enough.

    To share a protected resource (ie. program files or a directory on your desktop) you have to use advanced sharing. Again you are adding (typically) the "everyone" user to whom it is shared with. With advanced sharing, rights are changed on protected resources.

    Now even though you have shared a resource, there is a catch 22. Windows 7 has a local security policy to include an encrypted handshake even though you might turn needing a password off in the network control center. This drove me crazy until I found it. Whether someone accessing my shares needed a username/password or not was very hit or miss. BTW, usually inputting "guest" as the user worked. I just don't know why they don't make it easy for those who actually know what they are doing.

    Anyway, to get rid of the security policy, you can use secpol.msc if you have one of the upper versions of win7. If you don't, I will include what I found that might work.

    So in secpol, navigate to
    local policies > security options and find these two values
    Network security:Minimum session security for NTLM SSP (including RPC based)
    Network security:Minimum session security for NTLM SSP (including RPC based)

    double click each, and clear the radio buttons, then apply/save
    Next find this value
    Network Security LAN Manager authentication level
    double click and set to Send LM & NTLM – use NTLMv2 session security if negotiated

    If you are one a lower version without secpol.msc..
    and also
    At this point sharing should be working simply by doing this:
    Right click on folder > share with specific people > choose from list "everyone" with READ permissions, apply.

    However, for protected resources you still have to add Everyone to the permissions list. But at least that pesky password prompt is gone for non-protected resources.

    Next I will share my little batch file with you;)

    Sul.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This batch file will do four things:
    1. create a share
    2. remove all shares (with a criteria)
    3. add everyone read/list permissions
    4. remove everyone read/list permissions

    There are two values that can be user modified. The first is a tag to prepend to the share (although I labeled it append lol). It is just a bit of text that the batch file prepends to the directory name. So if you are sharing "c:\some dir\this dir", and the _append variable in the script you have set to TEMP_, then the share will be called "TEMP_this dir". This allows the script to later remove all the shares it made without effecting your normal shares.

    The second variable is called _alen. It is just the length of the _append variable. So if you used TEMP_ as the _append variable, then _alen would be 5.

    Example syntax:

    ezshare.bat share "c:\some dir\this dir"

    this creates the share (with the _append value)

    ezshare.bat unshare

    this unshares whatever has been shared by the batch file, all at once

    ezshare.bat add_rights "c:\some dir\this dir"

    this will give "everyone" read and list permissions for the target

    ezshare.bat rem_rights "c:\some dir\this dir"

    this will remove the rights for everyone from the target

    For those who don't know and might try this, you must surround the target in quotes if there is a space in the path. For example, c:\windows\system32\testdir needs no quotes as there are no spaces. But c:\program files\testdir needs quotes (ie. "c:\program files\testdir") otherwise a batch file will stop at the first "space" it sees.

    So here is the batch file
    Code:
    @ECHO OFF
    REM ~ ************************************************************
    				REM ~ ezshare.bat
    				REM ~ Sully - 2013
    
    REM ~ This batch file is designed to be used in Windows 7.
    
    REM ~ It most likely doesn't work with UAC. I don't use UAC.
    
    REM ~ It's purpose is to create temporary shares that are both
    REM ~ easy to create and easy to delete.
    
    REM ~ Pass the program one or two parameters, depending.
    
    REM ~ First paramater is the action to perform:
    REM ~ unshare - remove ALL shares that start with the _append value
    REM ~ share - create share, appending the _append value to the share name
    REM ~ add_rights - add Everyone with Read/List permissions to the target
    REM ~ rem_rights - remove Everyone permissions from the target
    
    REM ~ Second parameter is the target (directory)
    REM ~ * note: unshare does not need a second parameter! *
    
    REM ~ examples -
    
    REM ~ to create a share:
    REM ~ ezshare.bat share "c:\program files\some dir"
    
    REM ~ if the share is in a system protected directory:
    REM ~ ezshare.bat add_rights "c:\program files\some dir"
    
    REM ~ to remove all shares with the current _append value:
    REM ~ ezshare.bat unshare
    
    REM ~ to remove Everyone rights, if set:
    REM ~ ezshare.bat rem_rights "c:\program files\some dir"
    REM ~ ************************************************************
    
    SETLOCAL EnableDelayedExpansion
    
    REM ~ The following two values can be modified for your needs
    
    :: _append is the text that uniquely identifies temp shares
    :: these shares can be un-shared all at once later if desired
    :: it is advisable to use an underscore (or other unique valid character)
    :: at the end of the _append value!
    SET _append=temp_
    :: _alen is the number of characters used for the _append value
    SET _alen=5
    
    REM ~ Test %1 for correct value
    IF /I [%1]==[unshare] GOTO :xunshare
    IF /I [%1]==[share] GOTO :xshare
    IF /I [%1]==[add_rights] GOTO :xadd_rights
    IF /I [%1]==[rem_rights] GOTO :xrem_rights
    
    REM ~ Exit if no correct action found
    GOTO :bye
    
    :xunshare
    REM ~ Unshare ALL shares that start with _append
    FOR /F "skip=4" %%I IN ('NET SHARE') DO (
    	SET Share=%%I
    	SET var=!Share:~0,%_alen%!
    	IF !var!==!_append! NET SHARE !Share! /del
    )
    GOTO :bye
    
    :xshare
    REM ~ Test %2 for correct value
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    FOR /D %%I IN (%2) DO (
    	SET Share=%%~nxI
    	SET Share=!Share: =_!
    	NET SHARE !_append!!Share!=%2 /GRANT:Everyone,Read
    )
    GOTO :bye
    
    :xadd_rights
    REM ~ Test %2 for correct value
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    ICACLS %2 /GRANT Everyone:(RD)
    GOTO :bye
    
    REM ~ Note: RD allows read data and list directory
    REM ~ You might want to use any combination of the following
    REM ~ for general sharing purposes
    REM ~ F = full control (use wisely)
    REM ~ RX = read and execute
    REM ~ R = read only
    REM ~ GR = generic read
    REM ~ GX = generic execute
    REM ~ GW = generic write
    REM ~ GA = generic all
    REM ~ ie. /GRANT Everyone:(GR,GX) for generic read and execute
    
    :xrem_rights
    REM ~ Test %2 for correct value
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    echo %2 per2
    ICACLS %2 /REMOVE:g Everyone
    GOTO :bye
    
    :bye
    REM ~ remove the REM from the pause line below for testing purposes
    REM PAUSE
    EXIT
    
    I did comment a bit for those who might want to know. The most important parts are the two variables _append and _alen if you want to customize those. The only other thing of importance is the REM PAUSE line at the end. If you remove the REM and leave only PAUSE, the script will wait for you to press a key before closing the window. This is a verbose mode basically, allowing you to see if the commands completed. It is not a debug mode. You would need to use a bunch of ECHO commands in the script to debug it.

    I made this with a context menu in mind. So here registry syntax for a right click on a directory (folder). I included some icons as well. The icons might be different in different updated versions of windows 7. You can mess with the dll resource # (ie. 28 ) if you want to change them. I also included a context menu entry for fsmgmt.msc, which is handy to have. This is a flyout menu, for those who know what that means :thumb:

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare]
    "Subcommands"=""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell]
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\1Share]
    "MUIVerb"="Share"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\1Share\Command]
    @="ezshare.bat share \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\2Unshare]
    "MUIVerb"="Unshare"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,34,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\2Unshare\Command]
    @="ezshare.bat unshare"
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\3Add_Rights]
    "MUIVerb"="Add_Rights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,39,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\3Add_Rights\Command]
    @="ezshare.bat add_rights \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\4Rem_Rights]
    "MUIVerb"="Rem_Rights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,38,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\4Rem_Rights\Command]
    @="ezshare.bat rem_rights \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\5Shares]
    "MUIVerb"="Show Shares"
    "Icon"="shrpubw.exe"
    "Position"="Bottom"
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\5Shares\Command]
    @="mmc.exe c:\\\\windows\\\\system32\\\\fsmgmt.msc"
    
    
    I also compiled this batch script into two exe files. One is verbose with the PAUSE in use, the other is non-verbose with PAUSE commented out. PM me if you need that, although you can easily compile it yourself I guess. Nice part about compiling it is you can include a manifest for requiring admin, although I haven't tried that out yet :)

    Here is the registry syntax for the exe version if you go that route.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare]
    "Subcommands"=""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell]
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\1Share]
    "MUIVerb"="Share"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\1Share\Command]
    @="ezshare.exe share \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\2Unshare]
    "MUIVerb"="Unshare"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,34,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\2Unshare\Command]
    @="ezshare.exe unshare"
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\3Add_Rights]
    "MUIVerb"="Add_Rights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,39,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\3Add_Rights\Command]
    @="ezshare.exe add_rights \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\4Rem_Rights]
    "MUIVerb"="Rem_Rights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,38,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\4Rem_Rights\Command]
    @="ezshare.exe rem_rights \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\5Shares]
    "MUIVerb"="Show Shares"
    "Icon"="shrpubw.exe"
    "Position"="Bottom"
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\5Shares\Command]
    @="mmc.exe c:\\\\windows\\\\system32\\\\fsmgmt.msc"
    
    
    As always, I post this sort of stuff for anyone looking, whether that is Wilders members or someone using google. Took me awhile to figure it all out and build this batch script, so the next guy can find it easily maybe ;)

    I can take no credit for this other than having the desire to do it. Anyone can find this information, well, except the batch code, that I had to build myself.

    Sul.

    EDIT: I forgot to mention, in the registry syntax, I did not use an FQP - meaning you must have the bat file or exe in the path. In laymans terms, if it isn't in windows or system32, it won't work until you fix the registry settings to the full path.
     
    Last edited: Jan 11, 2013
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Through much more testing, it isn't as easy as I thought it was -- its even easier!

    With a default install of w7 ultimate (vmware), disabled UAC for convenience. Go into network sharing panel, click on change advanced sharing options, then:
    enable file and printer sharing
    disable password protected sharing

    Now using Local Security Policy (secpol.msc) navigate to Local Policies>Security Options and set the "Limit local account use of blank passwords to console login only" value to "disabled". (I think it can be done for versions without secpol too, have the reg files, but haven't finished testing it all yet)

    Reboot.

    Now, with Simple File Sharing Wizard still on, right click something and "share with". Add EVERYONE to the list. Apply. Viola! Your share should be available to everyone, without a password prompt at all.

    As a note:

    Now, you can leave simple file sharing wizard enabled.
    When you share a file with "specific people", and add "everyone"
    the OS will:
    share with everyone READ
    advanced share with everyone FULL CONTROL, CHANGE and READ
    security Read & Execute, List folder contents and Read (icacls returns OICI and RX)

    achieve the same by using
    net share <share_name>=c:\path\to\directory /grant:everyone,full
    icacls c:\path\to\directory /grant everyone: (OI)(CI)(RX)
    remove this with icacls c:\path\to\directory /remove:g everyone

    I got completely fed up with win7 and its idiotic file sharing hoops it wanted me to jump through. I am revamping it myself to make it "user friendly". If you hate sharing in windows 7, I just may cook something up that you might like. Time will tell.

    Sul.
     
  4. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    181
    Sorry, I have a newbish question about your script.

    I am sure you have seen my other topic and the problem I described.

    [Quick summary: After sharing a "protected" folder (apparently, this includes "My Pictures" in Windows 7) with "everyone"...I must also manually add "everyone" in the "security" permissions tab as well. Otherwise, XP returns an "access denied" error when attempting to connect to such a shared folder.]

    In your script, is it the "ICACLS" section which accomplishes modifying the "security" permission?
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The scripts original purpose was to right click on a directory, and share it quickly, but with a prepended tag on the share name. For example if I was going to share c:\myshare, it would be called temp_myshare. This was so that later I could use the unshare command and ALL shares with the tag of temp_ in the name would be unshared. This was to facilitate quickly sharing things that were not long term, but which I find windows 7 methods too long to do for my likings.

    While the batch script works, I have since learned more about what is going on. So to answer your question, yes, the icacls part is sort of what makes it happen. I will explain it as I understand it.

    If simple file sharing wizard is on, then you have one set of "share permissions". These are, as the name implies, "simple", like read or read/write. If the wizard is not on, then this set of share permissions is not relevant.

    In win7 now they call the standard share permissions "advanced sharing". This is the standard stuff we have been used to. Read, write, modify, delete, execute - all the granular sorts of permissions for sharing that have been around for a long time. These must still exist when the wizard is on, its just that the wizard sets them for you.

    And finally we have the DACL of the directory to share itself. Just because you share it doesn't mean others can actually use it. In win7 they wanted to make it more secure, so they took away a lot of the anonymous or non-authenticated rights by default. They would rather, IMO, have you use the public shared directories or use a homegroup. Pretty much anything that requires authentication. Perhaps this is for the business environment or maybe the wifi world. But either way, they really want to have authenticated users only having access to your shares. Not a bad thing, just not convenient for how many of us use it at home.

    Anyway, what happens is this. If the wizard is on, and you share with everyone, then the simple permissions are set to READ. The wizard also sets the advanced permissions to FULL. This is what allows you to 'see' the share and open it, presuming you have authenticated.

    At this point, if you turn off password protection from network sharing panel, and disable the blank password policy, you will be able to see everything you share without any login info or authentication of any kind. At least thats how it has been working for me.

    With the wizard on, it not only sets the advanced sharing permissions to FULL, but it also sets the DACL to let "everyone" have RX rights. Thats read and execute. This is all automated of course for you, if you want to click about 5 times to do so.

    With the simple file sharing wizard turned off, the first set of share permissions are not needed (and are actually disabled or greyed out). You only use advanced sharing, where you add everyone to the list, and choose what they may do.. read, write, execute, etc. This sets the share permissions, but doesn't seem to set the DACL of the directory at all, so you must also look at the security settings and add everyone there too. That is what my batch script is doing with icacls, adding everyone to the DACL of the directory.

    I am most irritated with win7 when it comes to sharing. For serious security, I don't mind it. But for my home and other secure situations, it is so counter-intuitive and counter-productive, compared to earlier versions anyway. If you can hang on for a little while longer, I will have a new script, with more features, which will replace the "share with" context menu you now see. I just want it simple and fast. You may well find you can make use of it as well. It shouldn't be long. I am stuck on one little parsing issue. After I solve that it should be less than a day and it will be done.

    Sul.
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    So here is a new batch file. This one is a bit different. The design here is to make sharing very simple.

    First, you must turn off password protected sharing and set the "Limit local account use of blank passwords to console login only" value to "disabled" in the group policy. The registry setting for that should be, if you don't have secpol,
    Code:
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "LimitBlankPasswordUse"=dword:00000000
    You don't have to do these two things for the batch file to work, but they make your shares easily visible and accessible on your network.

    Anyway, the batch file is below. I called it ezshare.bat and placed it in the windows directory. Beneath that is the reg file you can merge for the context menu. You will have to change things if you name the batch file different or don't place it in the path.

    The batch file only requires you to choose your _prepend value and then set the _alen value to however many characters you used for the _prepend value.

    The first share menu item will share the directory exactly as it is, spaces and all. It gives everyone FULL control of the share and sets the DACL on the directory so that Everyone has RX rights. This is the same thing the OS does for you.

    The second menu item will unshare the specific directory, looking for the exact spelling match, including spaces. It removes the share and the DACL rights.

    The third menu item is to Share_temporary. This share will use the _prepend value and put unerscores instead of spaces for the share name. It also sets the share rights to FULL and the DACL to RX.

    The fourth menu item is the Unshare_all_temporary. It removes ALL shares that used the _prepend value. Just trying to make it convenient to share "certain" directories for a short time and not have to manually remove them. Unfortunately I did not finish the portion that removes the DACL rights on these yet. I have to mess with that a little more, not as easy as I thought it would be.

    The fifth and sixth menu items will add or remove the Everyone RX rights from the DACL of a given directory. The seventh menu item spawns the sharing snap-in, so you can manually unshare if needed.

    Code:
    @ECHO OFF
    SETLOCAL EnableDelayedExpansion
    
    SET _prepend=_temp_
    SET _len=6
    
    IF /I [%1]==[share] GOTO :share
    IF /I [%1]==[unshare] GOTO :unshare
    IF /I [%1]==[tshare] GOTO :tshare
    IF /I [%1]==[tunshare] GOTO :tunshare
    IF /I [%1]==[add_rights] GOTO :xadd_rights
    IF /I [%1]==[rem_rights] GOTO :xrem_rights
    GOTO :bye
    
    :share
    :: share the given directory, using its real name (including spaces)
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    FOR /D %%I IN (%2) DO (
    	SET Share=%%~nxI
    	NET SHARE "!Share!"=%2 /GRANT:Everyone,Full
    	GOTO :xadd_rights
    )
    GOTO :bye
    
    :unshare
    :: stop sharing specific shared directories
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    FOR /D %%I IN (%2) DO SET sname=%%~nxI
    
    FOR /F "skip=4 tokens=1,2 delims=:" %%I IN ('net share') DO (
    	SET xshare=%%I
    	SET xpath=%%J
    	IF DEFINED xpath (
    		SET xshare=!xshare:~0,-1!
    		FOR /L %%Q IN (1,1,100) DO IF "!xshare:~-1!"==" " SET xshare=!xshare:~0,-1!
    		IF "!xshare!" EQU "" (
    			REM ~ do nothing
    		) ELSE (
    			IF "!xshare!" EQU "The command completed successfully." (
    				REM ~ do nothing
    			) ELSE (
    				IF /I "!xshare!" EQU "!sname!" (
    					NET SHARE "!xshare!" /del
    					GOTO :xrem_rights
    					GOTO :bye
    				) ELSE (
    					REM ~ do nothing
    				)
    			)
    		)
    	) ELSE (
    		FOR /L %%Q IN (1,1,100) DO IF "!xshare:~-1!"==" " SET xshare=!xshare:~0,-1!
    		IF "!xshare!" EQU "" (
    			REM ~ do nothing
    		) ELSE (
    			IF "!xshare!" EQU "The command completed successfully." (
    				REM ~ do nothing
    			) ELSE (
    				IF /I "!xshare!" EQU "!sname!" (
    					NET SHARE "!xshare!" /del
    					GOTO :xrem_rights
    					GOTO :bye
    				) ELSE (
    					REM ~ do nothing
    				)
    			)
    		)
    	)
    )
    GOTO :bye
    
    :tshare
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    FOR /D %%I IN (%2) DO (
    	SET Share=%%~nxI
    	SET Share=!Share: =_!
    	NET SHARE !_prepend!!Share!=%2 /GRANT:Everyone,Full
    	GOTO :xadd_rights
    )
    GOTO :bye
    
    :tunshare
    :: stop sharing ALL temp directories
    FOR /F "skip=4" %%I IN ('NET SHARE') DO (
    	SET Share=%%I
    	SET var=!Share:~0,%_len%!
    	IF "!var!"=="!_prepend!" (
    		NET SHARE !Share! /del
    		REM ~ CALL :rem_loop
    	)
    )
    GOTO :bye
    
    :xadd_rights
    :: add everyone to DACL of directory
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    ICACLS %2 /GRANT Everyone:(OI)(CI)(RX)
    GOTO :bye
    
    :xrem_rights
    :: remove everyone from DACL of directory
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    ICACLS %2 /REMOVE:g Everyone
    GOTO :bye
    
    :rem_loop
    :: this function still needs to be completed
    REM ~ ICACLS %2 /REMOVE:g Everyone
    REM ~ GOTO:eof
    
    :bye
    REM PAUSE
    EXIT

    This is the context menu, which operates on directories only. Modify the bat file name and path if needed.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare]
    "Subcommands"=""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell]
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\1Share]
    "MUIVerb"="Share"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\1Share\Command]
    @="ezshare.bat share \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\2Unshare]
    "MUIVerb"="Unshare"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,34,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\2Unshare\Command]
    @="ezshare.bat unshare \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\3tShare]
    "MUIVerb"="Share_temporary"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\3tShare\Command]
    @="ezshare.bat tshare \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\4tUnshare]
    "MUIVerb"="Unshare_all_temporary"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,34,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\4tUnshare\Command]
    @="ezshare.bat tunshare"
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\5Add_Rights]
    "MUIVerb"="Add_Rights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,39,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\5Add_Rights\Command]
    @="ezshare.bat add_rights \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\6Rem_Rights]
    "MUIVerb"="Rem_Rights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,38,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\6Rem_Rights\Command]
    @="ezshare.bat rem_rights \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\7Shares]
    "MUIVerb"="Show Shares"
    "Icon"="shrpubw.exe"
    "Position"="Bottom"
    
    [HKEY_CLASSES_ROOT\Directory\shell\EzShare\Shell\7Shares\Command]
    @="mmc.exe c:\\\\windows\\\\system32\\\\fsmgmt.msc"
    
    
    This will remove the windows "share with" context menu.

    Code:
    Windows Registry Editor Version 5.00
    [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing]
    [-HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Sharing]
    [-HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing]
    [-HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
    [-HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing]
    [-HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing]
    [-HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing]
    This should add the default "share with" menu. You might be able to use the file view options and toggle the simple file sharing wizard to do this as well.

    Code:
    Windows Registry Editor Version 5.00
    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing]
    @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    [HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Sharing]
    @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    [HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing]
    @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
    @="{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"
    [HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing]
    @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    [HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing]
    @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    [HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing]
    @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    Some other network settings that might be applied for those that don't have secpol in thier version. Have not tested these extensively, but I pulled them from a vmware machine as I set/unset the values in secpol.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    ; let everyone permissions apply to anonymous logons
    ;"everyoneincludesanonymous"=dword:00000001
    ; do NOT let everyones permissions apply to anonymous logons
    ;"everyoneincludesanonymous"=dword:00000000
    
    ; to store password hash in LanManager
    ;"NoLmHash"=dword:0000000
    ; to NOT store password hash in LanManager
    ;"NoLmHash"=dword:00000001
    
    ; to set LM authentication level for best compatability
    ;"LmCompatibilityLevel"=dword:00000001
    ; to set to default, delete the LmCompatibilityLevel key
    ;"LmCompatibilityLevel"=-
    
    
    ;=== Minimum session securities for NTLM ===
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
    ; for 128bit encryption use these
    ;"NtlmMinClientSec"=dword:20000000
    ;"NtlmMinServerSec"=dword:20000000
    
    ; for no encryption use these
    ;"NtlmMinClientSec"=dword:00000000
    ;"NtlmMinServerSec"=dword:00000000
    
    
    ;=== restrict anonymous access to named pipes and shares ===
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
    ; to restrict anonymous access use
    ;"restrictnullsessaccess"=dword:00000001
    ; to allow anonymous access use
    ;"restrictnullsessaccess"=dword:00000000
    I guess thats enough for one day ;)

    Sul.
     
  7. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    181
    Thank you so much for this explanation!
    I did not know that using the "Share Wizard" would automatically set the security permissions as well.

    And here's why I didn't know: When I previously set shares using the sharing wizard, they would NOT appear in my WorkGroup listing. Hence, I thought the sharing wizard was having problems adjusting the security permissions.

    Now I realize what the problem was: The workgroup did list a folder called "USER". I never bothered to explore this folder, believing it to be a side-effect of the "Public Folder" option.

    I only discovered my share-wizard shares when I entered this "User" item in WorkGroup. What it does is mimic the actual folder structure of the "C: drive", but only displaying the items that are shared. So I must actually navigate down the layers to access my shared folder.

    By contrast, this did not happen when I set the share using "Advanced Sharing". There, my actual shared folder is listed as an individual item in the WorkGroup (without having to navigate within "User").

    Do you know why Windows 7 sharing wizard is grouping the shares under "USER" - when I try to share content from my account? I would like to disable this odd behaviour and merely list the shared folder as an individual item.

    [Edit: Again, big thanks for sharing such valuable information. I have read countless articles, and none explained things as clearly as you did]
     
    Last edited: Jan 18, 2013
  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have to finish the last piece of my script. I found someone who knows a lot more about batch than I do, so a few conversations should help me understand my errors. After this, I will test extensively again in a fresh install of win7 in vmware. I will be able to test both OS methods and manual methods like my batch file, and I will look into what you are talking about.

    I noticed that behaviour too, many times. It only occurs when you share something in your profile. I haven't tested yet all the variables to see if it can be turned off or under exactly what situations it occurs. I don't really care for it either. I will let you know what I find.

    Sul.
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I will have a new and much simpler batch file later today hopefully.

    Is there any interest in understanding how the batch syntax works in these? I usually make a lot of comments while I am coding it, but remove them when I post them. Just wondering if anyone is interested in understanding it before I remove it all.

    Sul.
     
  10. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    181
    Speaking for all current and future newbs who will discover this topic, I say the more detail the better.

    Thanks for the hard work.
     
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Concerning the Users directory being share.. what a PITA.

    On a default win7 install, creating a directory on c: and sharing it:
    simple properties -everyone read
    advanced properties -everyone full
    security properties - everyone RX (read,execute,list contents)

    When attempting to view this share, you will always get a credential prompt. To remove the credential prompt, turn off password protected sharing and disable that blank password option. Now the share that lives on c: is visible and you can browse it, although you can't write/modify anything, as expected.

    Create a directory on the desktop and share it:
    simple properties - everyone read
    advanced properties - not present, greyed out
    security properties - everyone RX

    When viewing this share, you will see the Users directory, and literally all other directories within it. Thats all users, all directories. This is intended behaviour. I read why at technet, but don't really agree with the reason. The primary reason is that it makes it easier to manage your share in user space. Well, maybe for some people...

    Anyway, it boils down to this. If you don't want to see those user directories, you must turn the simple file sharing wizard off. No other way I found to do it. You turn this off by opening a windows explorer instance, pressing ALT to get the drop down menus, then Tools>Folder Options>View>Uncheck "Use Sharing Wizard (Recommended)" from the list.

    Incidentily, if you use a reg file to change the blank password value, you don't have to reboot to see its effect. So it could be a sort of toggle option for when you want to allow easy access to your shares. I looked over and over for what happens when you turn password protection on and off, but found no traces of anything usable in the registry when you change that option from the network sharing center advanced sharing options. That too could be used to toggle access to a degree.

    If you decide to forgo the simple sharing wizard, then you have a two step process to make a share. First you share it, with read rights for everyone. Then you set the security to RX at minimum.

    My batch file is about complete. I works as I intended, but I am adding a few more features I thought of. When it is done you will be able to turn off that simple file sharing wizard, remove the default windows share and via a context menu:

    1. share the folder as it is named, with everyone
    2. unshare the same folder (or any folder)
    3. share a folder with a unique name, to mark it temporary
    4. unshare ALL of the marked temporary folders at one time
    5. add RX rights for everyone to any folder
    6. add read and write permissions for everyone to any folder
    7. remove everyones rights from any folder

    That should about cover most everything. Actually I have all of this working already except I got to thinking about the cases where I want to allow a remote user the ability to create/modify, so I am working something up for that.

    Anyway, as is typical from M$ it seems, they can't leave well enough alone and have to "simplify" things by making it more complex and tedious. I guess it is true - "you can't win, but there are alternatives" lol.

    Sul.
     
  12. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    181
    Thanks for the info Sully.

    I feel really awful for initiating such a fruitless search, but am glad we came to some sort of resolution.

    I am sure many others will stumble upon this topic and appreciate the answers...even if they remain frustrated by M$.
     
  13. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Here is what I think is the finished batch file :D

    Code:
    @ECHO OFF
    
    SET _prepend=_temp_
    SET _len=6
    
    SET _level=RX
    SET _net=0
    
    IF /I [%1]==[tunshare] GOTO :tunshare
    IF /I [%2]==[] GOTO :bye
    IF NOT EXIST %2 GOTO :bye
    NET SHARE | FINDSTR /I /C:"%~2">NUL && SET "_net=1"
    
    :: test each %1 command parameter and goto correct label
    IF /I [%1]==[shareRX] GOTO :share
    IF /I [%1]==[shareRXW] SET "_level=RX,W" && GOTO :share
    IF /I [%1]==[shareRXWM] SET "_level=RX,W,M" && GOTO :share
    IF /I [%1]==[unshare] GOTO :unshare
    IF /I [%1]==[tshareRX] GOTO :tshare
    IF /I [%1]==[tshareRXW] SET "_level=RX,W" && GOTO :tshare
    IF /I [%1]==[tshareRXWM] SET "_level=RX,W,M" && GOTO :tshare
    IF /I [%1]==[addRX] GOTO :add_rights
    IF /I [%1]==[addRXW] SET "_level=RX,W" && GOTO :add_rights
    IF /I [%1]==[addRXWM] SET "_level=RX,W,M" && GOTO :add_rights
    IF /I [%1]==[rem_rights] GOTO :rem_rights
    GOTO :bye
    
    :share
    :: share the given directory, using its real name (including spaces)
    IF %_net%==1 GOTO :add_rights
    NET SHARE "%~nx2"=%2 /GRANT:Everyone,Full && ICACLS %2 /GRANT:r Everyone:(OI)(CI)(%_level%) && GOTO :bye || ECHO Err: Failed to share %2
    GOTO :err
    :unshare
    :: stop sharing specific shared directories
    IF %_net%==0 ECHO Err: %2 not shared, cannot unshare && GOTO :err
    NET SHARE "%~2" /del && ICACLS %2 /REMOVE:g Everyone && GOTO :bye || ECHO Err: Failed to unshare %2
    GOTO :err
    :tshare
    :: share the given directory, replace spaces with underscores and add _prepend variable as a marker
    SET Share=%~nx2
    SET Share=%Share: =_%
    IF %_net%==1 GOTO :add_rights
    NET SHARE "%_prepend%%Share%"=%2 /GRANT:Everyone,Full && ICACLS %2 /GRANT:r Everyone:(OI)(CI)(%_level%) && GOTO :bye || ECHO Err: Failed to Temp Share %2
    GOTO :err
    :tunshare
    :: stop sharing ALL temp directories
    NET SHARE | FINDSTR /I /B /C:"%_prepend%">NUL || ECHO Err: Found no %_prepend% shares to unshare && GOTO :err
    SETLOCAL EnableDelayedExpansion
    SET vRegQuery=reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares /t REG_MULTI_SZ /se #
    FOR /F "skip=2 tokens=*" %%S IN ('%vRegQuery%') DO (
    	ECHO %%S | FINDSTR /I /B /C:"!_prepend!">NUL && (
    	FOR /F "tokens=3,5 delims=#" %%T IN ('ECHO "%%S"') DO (
    		SET vP=%%T
    		SET vP=!vP:~5!
    		NET SHARE "!vP!" /del && ICACLS "!vP!" /REMOVE:g Everyone || ECHO Err: Failed to unshare all temp shares
    		)
    	)
    )
    ENDLOCAL
    GOTO :bye
    :add_rights
    :: add everyone to DACL of directory
    ICACLS %2 /GRANT:r Everyone:(OI)(CI)(%_level%) && GOTO :bye || ECHO Err: Failed to add %_level% rights to %2
    GOTO :err
    :rem_rights
    :: remove everyone from DACL of directory
    ICACLS %2 /REMOVE:g Everyone && GOTO :bye || ECHO Err: Failed to remove rights from %2
    GOTO :err
    :err
    ECHO There was an _ERROR_!
    PAUSE
    :bye
    ECHO This is BYE__
    PAUSE
    EXIT
    Again, there are two values the user can change.
    _prepend - this is a variable that holds a chunk of unique text that marks shares you might want to quickly remove later.
    _alen - this is the count of the characters you used in _prepend

    The script now has 3 areas of functionality:
    1. create a normal share, with everyone. It names the share the same as the directory name, spaces included.
    2. create a temporary share, with everyone. It replaces any spaces in the directory name with underscores, and it prepends the users chosen value to the directory name. This is so that the script may remove ALL temporary shares with one click.
    3. modify the DACL of a given directory

    Each of these 3 areas perform the following:
    1. share and/or apply Read and Execute for Everyone
    2. share and/or apply Read, Execute and Write for Everyone
    3. share and/or apply Read, Execute, Write and Modify for Everyone
    4. unshare and/or remove all rights for Everyone

    The context menu is here
    Code:
    Windows Registry Editor Version 5.00
    
    ;====================================
    ;**** the shell menu item for directories ****
    ;====================================
    [HKEY_CLASSES_ROOT\Directory\shell\ezShare]
    "ExtendedSubCommandsKey"="\\\\Directory\\\\ezShare"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,38,00,00,00
    
    ;====================================
    ;**** First sub-menu - create 3 other menus here ****
    ;====================================
    [HKEY_CLASSES_ROOT\Directory\ezShare\shell\1Sharing]
    "MUIVerb"="Sharing"
    "ExtendedSubCommandsKey"="\\\\Directory\\\\ezSharing"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\ezShare\shell\2tSharing]
    "MUIVerb"="Temporary Sharing"
    "ExtendedSubCommandsKey"="\\\\Directory\\\\eztSharing"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\ezShare\shell\3Rights]
    "MUIVerb"="Rights"
    "ExtendedSubCommandsKey"="\\\\Directory\\\\ezRights"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,39,00,00,00
    
    ;====================================
    ;**** the sharing menu ****
    ;====================================
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\1Read]
    @="Read"
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\1Read\command]
    @="ezshare.bat shareRX \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\2Write]
    @="Write"
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\2Write\command]
    @="ezshare.bat shareRXW \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\3Modify]
    @="Modify"
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\3Modify\command]
    @="ezshare.bat shareRXWM \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\4Unshare]
    @="Unshare"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,34,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\ezSharing\shell\4Unshare\command]
    @="ezshare.bat unshare \"%1\""
    
    ;====================================
    ;**** the temporary sharing menu ****
    ;====================================
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\1Read]
    @="Read"
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\1Read\command]
    @="ezshare.bat tshareRX \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\2Write]
    @="Write"
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\2Write\command]
    @="ezshare.bat tshareRXW \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\3Modify]
    @="Modify"
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\3Modify\command]
    @="ezshare.bat tshareRXWM \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\4Unshare]
    @="Unshare All Temporary"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,68,00,65,00,\
      6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,37,00,34,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\Directory\eztSharing\shell\4Unshare\command]
    @="ezshare.bat tunshare"
    
    ;====================================
    ;**** the add/remove rights menu ****
    ;====================================
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\1Read]
    @="Read"
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\1Read\command]
    @="ezshare.bat addRX \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\2Write]
    @="Write"
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\2Write\command]
    @="ezshare.bat addRXW \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\3Modify]
    @="Modify"
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\3Modify\command]
    @="ezshare.bat addRXWM \"%1\""
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\4Remove]
    @="Remove"
    "Icon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
      00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,65,00,66,00,\
      72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,32,00,38,00,00,00
    
    [HKEY_CLASSES_ROOT\Directory\ezRights\shell\4Remove\command]
    @="ezshare.bat rem_rights \"%1\""
    
    
    This uses what is called a Cascading Context Menu. It is a tricky beast to master. I spent more time on the context menu than I did on the script. These types of context menus are limited to 12 entries, although there are some bugs which allow more. However, even after finding these bugs, I could not reliably repeat them, so I left it at 12 entries.

    There is a rudimentary error system in the script. Notice the label :err has an ECHO and a PAUSE. I would leave these alone, that is, don't comment them out. If there is an error, most of the script will ECHO a message that will only be seen if that PAUSE is active and not commented.

    The label :bye is the end of the script. I left the ECHO and PAUSE active, because it allows you to see what is happening when you use the script. Once you are satisfied it works, add an REM before both the ECHO and PAUSE in this area.

    In conclusion:

    If you leave simple file sharing on, anything you share in your %userprofile% area will be visible, as well as most of the upper level of directories. People will see Users and <your name> and desktop and documents, etc etc. They may not be able to browse all of these directories though, depending on the rights.

    Simple file sharing creates the share permissions and the DACL rights (the security rights) for you.

    A directory in a predetermined "sensitive" area, such as "program files", will not use the simple file sharing wizard, but instead force you to use the advanced sharing menu. You must add the user/group and give them share rights. But, you must also add rights the the DACL (security) as well. This is not automated, you have two manual steps to complete to share something.

    If you don't want others to be forced to input credentials to access your shares, you must turn the blank password option off (see in the above posts). You must also turn off password protected sharing from the advanced sharing option (in network sharing panel) if you want no credentials. Turning the password protection off but not disabling the blank password option will still give a credential prompt, but I have found that you can use guest as a username with no password and it often works.

    The purpose of this script is to get rid of so many steps to create shares. It is designed to be used in a trusted environment. The restrictions are in place for a reason I guess, but I don't need them myself. Anyway, the script is a one click tool. You want to share it, you choose what rights you want to share it with. Here is a breakdown of the rights. You can see that I chose RX, W and M as they are progressively less restrictive. You can apply any of these with one click. You can also use the rights menu option to add/change any already existing rights that you have (although it only applies to any rights granted to "everyone").

    Sul.
     
  14. Elmer

    Elmer Registered Member

    Joined:
    Nov 12, 2009
    Posts:
    1
    This might be raising an old post but deservedly so!

    You Sully, are a genius!

    Being just this side of paranoia I tend to 'remove' the share tab and share with in the context menu. I've recently had cause to set up a home network and wanted to share a folder from within my personal stuff.

    No matter what I tried, this time I couldn't get either of the above options to share back on my PC. I've been up and running for over 20 months now so if I did anything 'extra' to remove the share options apart from the obvious reg tweaks, then the memory of it has long gone.

    So I went down the command prompt route to share a folder from within my personal stuff. As you mention, this shares everything in the 'users' folder unless you jump through hoops.

    After much searching I luckily fell onto this thread.

    At first I couldn't get it to work even though the bat file was in system32. Took me a while of searching through your scripts to realise I'd done my usual trick of naming the file cmd. After cussing and renaming it, it works a treat, although I will be trimming the options to suit my needs.

    If I was a cheeky sort of chappie and if I was one to complain then it would be to say that when I share Software All from the main computer it appears as software all (no capitals) on the recipients computer.

    As I say, that would only be if I was one to complain!!

    You even went to the effort of adding some nice little icons into the context menu!!

    A man after me own heart!

    As to commenting out "This is _BYE_" I changed it to "Folder share was successful" and replaced PAUSE with ping localhost -n 3 >nul . Just so you know it ran OK.
     
    Last edited: Jul 18, 2013
  15. biased

    biased Registered Member

    Joined:
    Jul 22, 2013
    Posts:
    34
    To open a control panel in win7 via command prompt, use this format
    Code:
    control.exe /name Microsoft.NetworkAndSharingCenter
    /name relates to a Canonical name

    Problems ensue when you want to open a child tab or page of the parent cpl applet. However, with some sleuthing you can find a way. The control.exe also gives another parameter, /page. So if you know the page of the applet, you can call it.

    So, using the so-called "god mode" of control panel, you can see the panel "manage advanced sharing settings". You can then create a shortcut on the desktop to this. There is no GUID for this, and the shortcut properties give you no clue as to what is going on. But, if you open the .lnk with notepad, you will see it gives this
    M i c r o s o f t . N e t w o r k A n d S h a r i n g C e n t e r \ A d v a n c e d

    The key here is the \Advanced. That is a page as it turns out. So all you have to do is structure the control.exe command like this
    Code:
    control.exe /name Microsoft.NetworkAndSharingCenter /page Advanced
    Now you can crate a batch file like this to open it for you.

    Code:
    @ECHO OFF
    :: LimitBlankPasswordUse
    :: 1 = require passwords for shares
    :: 0 = do not require passwords for shares
    :: must also turn off password protected sharing
    :: Network and Sharing Center > Change advances sharing settings
    
    SET vRegQuery=reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v LimitBlankPasswordUse
    FOR /F "skip=2 tokens=*" %%S IN ('%vRegQuery%') DO (
    	FOR /F "tokens=3" %%H IN ('ECHO %%S') DO SET iVal=%%H
    )
    IF [%ival%]==[0x1] (GOTO :zero) ELSE (GOTO :one)
    GOTO :bye
    :one
    REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v LimitBlankPasswordUse /t REG_DWORD /d 0x1 /f
    CLS
    ECHO LimitBlankPasswordUse should now be ENABLED
    GOTO :bye
    
    :zero
    REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v LimitBlankPasswordUse /t REG_DWORD /d 0x0 /f
    CLS
    ECHO LimitBlankPasswordUse should now be DISABLED
    GOTO :bye
    
    :bye
    CLS
    ECHO.
    ECHO	Enter 1 to Open Advanced Network and Sharing Center now
    ECHO.
    ECHO	or press ENTER to skip..
    ECHO.
    SET /P var=
    IF '%var%' == '1' GOTO ANSC
    EXIT
    
    :ANSC
    control.exe /name Microsoft.NetworkAndSharingCenter /page Advanced
    EXIT
    This batch file will toggle the blank password registry value and now give a quick way to access the advanced sharing options so you can change the password protected sharing option.

    I have found no way to change that option programatically, so you must use the control panel applet. But this helps.
     
  16. biased

    biased Registered Member

    Joined:
    Jul 22, 2013
    Posts:
    34
    If you want a timer you can control, you can dig up a copy of choice.com and structure the command like this
    Code:
    type nul|choice /c:y /t:y,07>nul
    where the '07' is seconds of pause before the nul happens.

    Don't know if it works in vista/7/8 but it did work in XP. Gives you more granular control than pause or ping to nul does. If I could wish for one thing in batch it would be a native timer or sleep function.

    FYI.
     
Loading...
Thread Status:
Not open for further replies.