On NetApp Release 9.2P1 i am trying to set update the permissions to add a deny and it fails unless i run it twice. Notice that ShareSDDL sees the group i added but it does not exist ShareACLText. This is the same with computer management. If i look at the shareSDDL no rights have been assigned unless i run it twice. This did work on NetApp Release 8.3.2P10 and ONTAP 8.1 without running twice?
That was probably a NetApp bug too, like in my other, bus similar issue #5 I opened myself.
My tests with NetApp Release 9.7P5 worked every time without any problems.
On NetApp Release 9.2P1 i am trying to set update the permissions to add a deny and it fails unless i run it twice. Notice that ShareSDDL sees the group i added but it does not exist ShareACLText. This is the same with computer management. If i look at the shareSDDL no rights have been assigned unless i run it twice. This did work on NetApp Release 8.3.2P10 and ONTAP 8.1 without running twice?
ShareSDDL : D:(D;;;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD) ShareSDDL : D:(D;;FA;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD)
The same code was used across Windows 2008R2, 2012R2,2016 and 2019 and all worked without issue.. Logic as below
$preSI = Get-netshare -Server $myfiler -name $mysharename $strPermission= $preSI.ShareACLText,"MyDomain\$($strADGroup)|Deny-FullControl" -join "," set-netshare -Server $myfiler -name $mysharename -Permissions $strPermission $X = Get-netshare -Server $myFiler -name $mysharename set-netshare -Server $myfiler -name $mysharename -Permissions $strPermission $Y = Get-netshare -Server $myFiler -name $mysharename
$x
Server : MYFILER Name : share Path : C:\shares Description :
ABE : Disabled CachingMode : None ShareACLText : Everyone|FullControl CurrentUses : 2 ConcurrentUserLimit : -1 BranchCache : Disabled Flags : 48 Type : Disk Drive ShareSDDL : D:(D;;;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD) ShareACL : System.Security.AccessControl.DirectorySecurity
$y
Server : MYFILER Name : shares Path : C:\Shares Description :
ABE : Disabled CachingMode : None ShareACLText : MYDOMAIN\TEST_DENY|Deny-FullControl,Everyone|FullControl CurrentUses : 4 ConcurrentUserLimit : -1 BranchCache : Disabled Flags : 48 Type : Disk Drive ShareSDDL : D:(D;;FA;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD) ShareACL : System.Security.AccessControl.DirectorySecurity