Create network shares via command line with specific permissions

This is sort of a two-pronged question.

I am developing an application that will need to be able to create network shares in Windows Server 2003 via the command line. So, firstly, how do I create shares in Windows via the command line? I tried researching it, and all I was able to find is that I should be using net, but other than that, there isn't much documentation.

Also, in this share there will be a few directories with the names of users on the domain, and I would like for the directories to not be readable or writable by anyone else. For example, say I have two directories: jsmith and jdoe. I would like the user jsmith to write and read from the directory jsmith, but not the directory called jdoe, and vice versa.

Solution 1:

This should be the information that you are looking for:

::Create a drive letter map to an existing network share
net use z: \\servername\share password /USER:domain\username /PERSISTENT:YES

:: grant user 'jsmith' full control access to the jsmith directory
cacls z:\jsmith /T /E /G jsmith:f

You can also remove permissions, or edit permissions on the directory using cacls.exe. My recommendation would be to read up on cacls.exe

Cacls

http://technet.microsoft.com/en-us/library/bb490872.aspx

or just "cacls /?" from the command line should work as well.

Solution 2:

The command you're looking for is net share. The /? help on the command is pretty straightforward, but here is an example:

net share MyShareName="C:\My Local Path\SomeFolder" /GRANT:Everyone,FULL

As far as security goes, from what I've read, the best-practice is to do as above, grant the Everyone group full control on the share, and then manage the permissions on the files and folders themselves. This is because the share permissions are a restriction filter over top of the actual file and folder permissions.