Skip to content

Tag: <task> - Verify And Create Windows Share Task

Definition

This is a task that is pre-defined within Osirium PAM release Windows templates.

It`s purpose is to setup a fileshare that Osirium PAM can connect into to fetch files from a Windows device.

It works in conjunction with the following two configuration lines, also predefined in Osirium PAM release Windows templates:

1
2
3
4
   <configurations>
      <configuration fieldname='share_directory' fieldtype='device' value='%SYSTEMDRIVE%\osirium'/>
      <configuration fieldname='share_root' fieldtype='device' value='osirium_'/>
   </configurations>

The share_directory configuration tag`s value attribute contains the Windows System Drive environment variable. This will resolve to C:\ or whatever the system drive is on the Windows device.

More info on :program:<configuration> tag lines here: :ref:configuration-settings.

The create and verify task looks like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
   <?xml version='1.0' encoding='UTF-8'?>
   <devicetemplate>

      <tasks>
         <task name=`verify_and_create_share` type=`status`>
            <commands>
               <command>mkdir %(share_directory)s\%(device_name)s
                  <success type=`ci_match` value=``/>
                  <success type=`ci_in` value=`already exists`/>
                  <failed type=`default`/>
               </command>
               <command>NET SHARE %(share_root)s%(device_name)s=%(share_directory)s\%(device_name)s /GRANT:%(logonname)s,FULL
                  <success type=`ci_in` value=`The name has already been shared`/>
                  <success type=`ci_in` value=`was shared successfully`/>
                  <failed type=`default`/>
               </command>
               <command>echo y|cacls %(share_directory)s\%(device_name)s /G %(logonname)s:F administrators:F
                  <success type=`ci_in` value=`processed dir`/>
                  <failed type=`default`/>
               </command>
            </commands>
         </task>
      </tasks>

   </devicetemplate>

Basically it does the following:

Line Description
5 Name the task verify_and_create_share. Note there is no display_name as this is only ever called as a subtask and not run as a user task.
7 Create the actual directory on the Windows device. The substitution %(share_directory)s comes from the two config lines shown above and is combined with the device name, i.e. C:\osirium\server_1
8 If the directory does not exist then, the device simple returns its standard prompt to showcreation has been successful.
9 If the directory already exists, then accept this as we want the directory is exists so allis good to carry on.
10 Anything else fails.
12 Set up a share based on the config item share_root and the device_name value.i.e. osirium_server1 and map this to the directory that was just created. Set the current user (the Osirium PAM control account for this device) as the owner.
13 If the share already exists, then accept this and carry on.
14 If the share does not exist, then accept it has now been created.
15 Anything else fails.
17 Now we need to set the access permissions on the share so that the current user (the Osirium PAM) control account for this device and the built in Administrators group access. When the cacls command is run on Windows it asks Are you sure? to which you have to enter y. So by starting the command echo y|cacls ... this pipes the y to the command and then lets it run.
18 Once cacls has done its stuff, it returns a statement saying the directory has been processed. So we look for this line as our success ci_in match.
19 Anything else fails.

Parent Tags

Child Tags

  • None