bjosoren's IT-Tech blog

IT-Tech blog about different tried and tested solutions based on vmware, microsoft, linux and more tips and tricks

VMware DEM – Prepare File Shares and Permissions using PowerShell

Release date: January 2nd 2023

Welcome to my VMware Dynamic Environment Manager series. I have previously described how to create and configure the file-shares for Dynamic Environment Manager, here: VMware DEM – Prepare File Shares and Permissions. In this session I will describe how I did this by using a PowerShell Script from a management station instead.

Prerequisites:

  • PowerShell Administrative access to the Connection-server

First, I created the following credential to be used in the script:

$credential = Get-Credential
$credential | Export-CliXml -Path '<path>hz_admin.xml'

Now that I had the credentials, I was good to go. The script below uses the user groups I created earlier in this session: Microsoft Powershell – Create AD Admin groups based on csv-file (PS: I know I’m no programmer and a lot of this script have the potential for improvement, but, it gets the job done, and that’s good enough for me).

demcfg.ps1

# --- Configure and start PSSession ---

$credential = Import-CliXml -Path "<path to horizon admin>\hz_admin_${env:USERNAME}_${env:COMPUTERNAME}.xml"
$DEMSrv = "<fqdn DEM server>"
$session = New-PSSession -ComputerName $DEMSrv -Credential $credential

# --- Create and configure folders and shares ---

Invoke-Command -Session $session -ScriptBlock {
    
    # Define DEM folder
    $demDir = "D:\Dem\"

    # Define DEM Config Folder/Share
    $configDir = "D:\Dem\DemCfg\"   
    $configShare = "demcfg$"
   
    # Define DEM Profile Folder/Share
    $profileDir = "D:\Dem\DemPrf"    
    $profileShare = "demprf$"

    # Define User Groups
    $DEMAdmins = "AD\DEM-Admins"
    $DEMUsers = "AD\Horizon-Users"
    $System = "SYSTEM"

    # Define DEM Permissions
    $PermConf = ":(OI)(CI)RX"
    $PermFull = ":(OI)(CI)F"
    $PermProf = ":(NP)(AD)"
    $PermOwn = "CREATOR OWNER:(OI)(CI)F"

    #Define ICACLS vars
    $ReplIn = "/inheritance:r"
    $Grant = "/grant"
    $RemAdm = "Administrators"
    $Remove = "/remove"

    # Create folders
    New-Item -Path $demDir -type directory -Force
    New-Item -Path $configDir -type directory -Force
    New-Item -Path $profileDir -type directory -Force

    # Create Shares
    New-SmbShare -Name $configShare -Description "DEM Config Folder" -Path $configDir
    New-SmbShare -Name $profileShare -Description "DEM Profiles Folder" -Path $profileDir

    # Grant Share Permissions
    Grant-SmbShareAccess -Name $configShare -AccountName $DEMAdmins -AccessRight Full -Force
    Grant-SmbShareAccess -Name $configShare -AccountName $DEMUsers -AccessRight Change -Force
    Grant-SmbShareAccess -Name $configShare -AccountName $System -AccessRight Full -Force
    Grant-SmbShareAccess -Name $profileShare -AccountName $DEMAdmins -AccessRight Full -Force
    Grant-SmbShareAccess -Name $profileShare -AccountName $DEMUsers -AccessRight Change -Force
    Grant-SmbShareAccess -Name $profileShare -AccountName $System -AccessRight Full -Force

    # Grant Config folder Ntfs pemissions
    Invoke-Expression -Command ('icacls $configDir $ReplIn')
    Invoke-Expression -Command ('icacls $configDir $Grant "${DEMUsers}${PermConf}"')
    Invoke-Expression -Command ('icacls $configDir $Grant "${DEMAdmins}${PermFull}"')
    Invoke-Expression -Command ('icacls $configDir $Grant "${System}${PermFull}"')
    Invoke-Expression -Command ('icacls $configDir $Remove $RemAdm')

    # Grant Profile folder Ntfs pemissions
    Invoke-Expression -Command ('icacls $profileDir $ReplIn')
    Invoke-Expression -Command ('icacls $profileDir $Grant "${DEMUsers}${PermProf}"')
    Invoke-Expression -Command ('icacls $profileDir $Grant "${DEMAdmins}${PermFull}"')
    Invoke-Expression -Command ('icacls $profileDir $Grant "${System}${PermFull}"')
    Invoke-Expression -Command ('icacls $profileDir $Grant $PermOwn')
    Invoke-Expression -Command ('icacls $profileDir $Remove $RemAdm')

}

Remove-PSSession $session

Big thanks to:

Rafael Moura: How to automate VMware DEM shares configuration using PowerShell

Matt McElreath: Managing Windows file shares with PowerShell

My VMware DEM LAB Set Up

Official VMware Dynamic Environment Manager Documentation

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: