Can you create an anonymous-access Windows share all from PowerShell?

Question

Windows makes it difficult to create a network share with anonymous access (in other words, users who the share-hosting machine does not know about can access). The net share ShareName=C:\DesiredShareSource /GRANT:EVERYONE,FULL gives access to Everyone, but that does not include anonymous access (e.g. non-domain joined users, WITHOUT prompting credentials).

I know there's a way to do this from a GUI (https://serverfault.com/questions/272409/setting-up-an-anonymous-windows-server-2008-network-share), but is there a way changing security policies and creating anonymous network shares can be done strictly from PowerShell?

EDIT

This is what happens when I run the WMI script posted by Ansgar Wiechers. I get an exception but the share mounts successfully: However, when I try and connect to the share from another box on the same network, I am still prompted for a username and password, as seen below:

Again, I want anonymous access (no username and password) to be set up all from command line.

Here is the exact code I am using in testingAnonShare.ps1, on a Win7 system:

$path        = 'C:\Users\<REDACTED>\Desktop\Attempt'
$name        = 'testinganon'
$description = 'share description'

function Get-Trustee($sid) {
  $trustee = ([wmiclass]'Win32_Trustee').CreateInstance()
  $trustee.SID = ([wmi]"Win32_SID.SID='$sid'").BinaryRepresentation
  return $trustee
}

function New-FullAce($sid) {
  $ace = ([wmiclass]'Win32_ACE').CreateInstance()
  $ace.AccessMask = 2032127  # full control
  $ace.AceFlags   = 3        # container inherit + object inherit
  $ace.AceType    = 0        # access allowed
  $ace.Trustee    = Get-Trustee $sid
  return $ace
}

$sd = ([wmiclass]'Win32_SecurityDescriptor').CreateInstance()
$sd.ControlFlags = 4
$sd.DACL         = (New-FullAce 'S-1-1-0'),
                   (New-FullAce 'S-1-5-7')

$wmi = Get-WmiObject Win32_Share -List
$wmi.Create($path, $name, 0, $null, $description, '', $sd) | Out-Null

Answer 1

All examples create a share called test mapped to a path D:\test, granting full access to Anonymous and Everyone.

Windows Server 2012 R2 and newer

To create a share with everyone having Full access this is the command

New-SmbShare -Name 'test' -path 'D:\test' -FullAccess 'ANONYMOUS LOGON','Everyone'

To update an existing share to have the same permission is a little more complicated. First, assume the share name is test. Here is the code to change it to the same permissions as above.

Get-SmbShare -Name test | 
    Set-SmbShare -SecurityDescriptor 'O:BAG:DUD:(A;;FA;;;AN)(A;;FA;;;WD)'

To get the SecurityDescriptor string, create a share test like you want it and run the following command.

(get-smbshare -Name Test).SecurityDescriptor

Backward compatible (NET SHARE)

This can also be done with net share

net share test=D:\test /GRANT:"ANONYMOUS LOGON,FULL" /GRANT:"Everyone,FULL"