Create UEM Profile and Configuration Shares

I recently have done several Proof of Concepts with my customers and had to walk several folks through the not-difficult-but-annoyingly-long task of creating the shares required for User Environment Manager’s config and profiles.

The customer said to me “you ought to have a script for that” and I thought that was a great idea, so here’s the result.

Write-Output "`n==============================`nCreate User Environment Shares`n=============================="
Write-Output "`nWARNING: For proof of concepts only and should`nnot be considered secure for production!"
Write-Output "`nEnter new folder name (ex. UEMshare would result in C:\UEMshare)"
$folder = Read-Host "New Folder Name"
$path = "C:\$folder"
Write-Host "`nChecking if $path exists..."
If (-Not(Test-Path -Path $path -PathType Container )) {
Write-Output "Creating Folders ($path, $path\UEMProfiles, $path\UEMConfig)..."
New-Item $path -ItemType Directory | Out-Null
New-Item "$path\UEMProfiles" -ItemType Directory | Out-Null
New-Item "$path\UEMConfig" -ItemType Directory | Out-Null
} Else { Write-Output "$path Found, Skipping Creation..." }
Write-Output "Remove Permissions Inheritance..."
icacls $path /inheritance:r /q | Out-Null
Write-Output "Taking Ownership for Administrators..."
takeown /F $path /A | Out-Null
Write-Output "Adding New Permissions..." 
icacls $path  /grant:r "Administrators:(OI)(CI)F" "SYSTEM:(OI)(CI)F" | Out-Null
icacls "$path\UEMConfig" /grant:r "Domain Users:(OI)(CI)RX" /T  | Out-Null
icacls "$path\UEMProfiles" /grant:r "Domain Users:(NP)(RX,AD)" "CREATOR OWNER:(OI)(CI)(IO)F" /T | Out-Null
Write-Output "Creating Shares..."
New-SmbShare -Name "UEMConfig" -Path "$path\UEMConfig" -FullAccess "Domain Admins" -ReadAccess "Domain Users"
New-SmbShare -Name "UEMProfiles" -Path "$path\UEMProfiles" -FullAccess "Domain Admins" -ChangeAccess "Domain Users"
Write-Output "`nDone!"

A couple of notes about the script:

  • Assumes you’re creating the shares on C:
  • Uses the most basic example of permissions – you may need to add or remove things to suite your needs.
  • This script is written in PowerShell.

If copy and paste isn’t you’re thing, you can download the script here. There are also some great walkthrough’s by a few people including my always highly recommended Carl Stalhood.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close