Score:1

Create SMB Share as non-admin

in flag

Windows Server 2016, Octopus Deploy.

Is it possible to create network shares as a non-admin?

I'm trying to run an automated deployment under a non-admin account. The last step of the deployment is to create a network share so that end-users are able to access some of the deployed files.

But New-SmbShare -Name $shareName -Path $path -ReadAcces $domainusergroup fails with a Permission Denied (5). The script works when the deployment account is added to Administrators group, but that's what I'm trying to avoid.

The deployment account has Full Control on the deployed folder (and specifically the folder I'm attempting to share).

Creating the share as an admin beforehand is not an option.

Predictably, googling the issue produces tons of resources for configuring permissions to access network shares, but none discuss the permissions required to actually create a share.

cn flag
Not that I am aware of. There are probably multiple objects where permissions would need to be modified, some of which may explicitly require administrator permission. One of the objects would be the WMI class,\ROOT\Microsoft\Windows\SMB:MSFT_SmbShare
Score:1
cn flag

Administrative rights are needed to create new shares.

It is not supported to delegate this permission; however it may be possible by heavily modifying the registry, but I would not recommend that.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.