Scripting Windows Shares - VBS

Question

So i am totally new to VBS, never used it. I am trying to create multiple shares and i found a Microsoft VBS script that can do this(http://gallery.technet.microsoft.com/scriptcenter/6309d93b-fcc3-4586-b102-a71415244712) My question is, this script only allows for one domain group or user to be added for permissions where i am needing to add a couple with different permissions(got that figured out) Below is the script that i have modified for my needs but just need to add in the second group with the other permissions. If there is an easier way to do this please let me know.

'ShareSetup.vbs 
'========================================================================== 
Option Explicit  
Const FILE_SHARE = 0 
Const MAXIMUM_CONNECTIONS = 25 
Dim strComputer 
Dim objWMIService 
Dim objNewShare 

strComputer = "." 
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" &              strComputer & "\root\cimv2") 
Set objNewShare = objWMIService.Get("Win32_Share") 

Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")  


Sub sharesec(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or       group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  

Set ACE = Services.Get("Win32_Ace").SpawnInstance_ 
ACE.Properties_.Item("AccessMask") = 1179817 
ACE.Properties_.Item("AceFlags") = 3 
ACE.Properties_.Item("AceType") = 0 
ACE.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE)

Set Share = Services.Get("Win32_Share") 
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_() 
InParam.Properties_.Item("Access") = SecDesc 
InParam.Properties_.Item("Description") = "Public Share" 
InParam.Properties_.Item("Name") = ShareName 
InParam.Properties_.Item("Path") = FolderName 
InParam.Properties_.Item("Type") = 0 
Share.ExecMethod_ "Create", InParam 


End Sub  

Sub sharesec2(Fname,shr,info,account) 
'Fname = Folder path, shr = Share name, info = Share Description, account = account or     group you are assigning share permissions to 
Dim FSO 
Dim Services 
Dim SecDescClass 
Dim SecDesc 
Dim Trustee 
Dim ACE2 
Dim Share 
Dim InParam 
Dim Network 
Dim FolderName 
Dim AdminServer 
Dim ShareName 

FolderName = Fname 
AdminServer = "\\" & strComputer 
ShareName = shr 

Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" &     AdminServer & "\ROOT\CIMV2") 
Set SecDescClass = Services.Get("Win32_SecurityDescriptor") 
Set SecDesc = SecDescClass.SpawnInstance_() 

'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 
'Trustee.Domain = Null 
'Trustee.Name = "EVERYONE" 
'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) 

Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
'To assign permissions to individual accounts use SetAccountTrustee rather than     SetGroupTrustee  
Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
ACE2.Properties_.Item("AccessMask") = 1179817 
ACE2.Properties_.Item("AceFlags") = 3 
ACE2.Properties_.Item("AceType") = 0 
ACE2.Properties_.Item("Trustee") = Trustee 
SecDesc.Properties_.Item("DACL") = Array(ACE2) 

End Sub


Function SetAccountTrustee(strDomain, strName)  
     set objTrustee = getObject("Winmgmts:     {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
     set account = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='"    & strDomain &"'")  
     set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
     objTrustee.Domain = strDomain  
     objTrustee.Name = strName  
     objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
     set accountSID = nothing  
     set account = nothing  
     set SetAccountTrustee = objTrustee  
End Function  


Function SetGroupTrustee(strDomain, strName)  
Dim objTrustee 
Dim account 
Dim accountSID 
set objTrustee = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_  
set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" &    strDomain &"'")  
set accountSID = getObject("Winmgmts:    {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'")  
objTrustee.Domain = strDomain  
objTrustee.Name = strName  
objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation  
set accountSID = nothing  
set account = nothing  
set SetGroupTrustee = objTrustee  
End Function  

Answer 1

I think you will find it easier to script the permissions at NTFS level using icacls rather than at share level using VBS and simply assign all users full access in your VBScript.

You may also wish to look into using powershell to create the shares, there is some guidance on this here: http://blogs.technet.com/b/heyscriptingguy/archive/2010/09/16/how-to-use-powershell-to-create-shared-folders-in-windows-7.aspx

In the future we will be able to do this in powershell with cmdlet new-smbshare :-) http://technet.microsoft.com/en-us/library/jj635726.aspx

Answer 2

Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support")
Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins")  

I am assuming for some reasons you create the extra function sharesec2 for some odd reason, but that is the wrong thing to do. You are basically trying to create the share twice. Which doesn't make sense. Duplicating that function has no valid purpose.

What you would really have to do is re-work that function. For example you might change the fourth parameter of the sharesec so that it accepts an array. Then You need to loop over the array and build up your discretionary access control list (DACL) for the share. With one access control entry (ACE) per user/group.

I am not going to write the code for you since I abhor VBS, but this is the section would want to loop over this section and build up the DACL.

' loop over the list of users
    ` create ACE for single user/group
    Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name.  
    'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee  
    Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ 
    ACE2.Properties_.Item("AccessMask") = 1179817 
    ACE2.Properties_.Item("AceFlags") = 3 
    ACE2.Properties_.Item("AceType") = 0 
    ACE2.Properties_.Item("Trustee") = Trustee
    ` add ace to an array that represents the dacl
` end loop
` add the DACL_array
SecDesc.Properties_.Item("DACL") = DACL_array

In any case, I strongly suggest you look at Powershell instead.