0
votes

I am writing a script to get permissions and some other info on shares throughout the a network and I am having trouble getting the shares permissions. I read online that one can use "GetAccessMask" but I thought it was just for the current user.

#loop for each computer in computers file
 ForEach ($computer in $allComputers)
 {
 Write-Host "Checking - $computer"
 If($computer -ne '')
 {
 #check if online, this uses WMI so if you don't have access to the machine it will show as offline
If(Test-Connection -Computername $computer -ErrorAction SilentlyContinue)
 {
 $shares = Get-WmiObject -Class Win32_share -ComputerName $computer -Credential $uCredentials
 ForEach($share in $shares)
 {
 $sName = $share.Name
 $sPath = $share.Path
 $sDesc = $share.Description

 $objShare = New-Object -TypeName PSObject
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Server -NotePropertyValue $computer
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Online -NotePropertyValue $True
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Share -NotePropertyValue $sName
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Path -NotePropertyValue $sPath
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Description -NotePropertyValue $sDesc
 $objShare | Export-CSV -Path $fOutfile -Append -NoClobber -NoTypeInformation
 }
 }
 }
 }

Above is a snippet of my script (as a whole it reads server list from a file, lists the share name,path, description) and I am wondering if anyone knows how I could get permissions on a given share for all users/groups with rights to the share. Thanks in advance!

1

1 Answers

1
votes

After you get the Shares from win32_share Class, Get the Share Permissions from the Win32_LogicalShareSecuritySetting Class, like this:

$Shares = Get-WmiObject Win32_Share -ComputerName $computer -Credential $uCredentials | 
? {$_.Type -eq 0} ## 0 for Disk Drive shares only see: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-share
$Array = @()
$ACL = @()
Foreach ($Share in $Shares)
{
$ShareName = $share.name
$SharePermissions = Get-WmiObject Win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $computer
Foreach ($SP in $SharePermissions)
{
$SecDesc = $SP.GetSecurityDescriptor().Descriptor    
        foreach($ace in $SecDesc.DACL){   
            $UserName = $ace.Trustee.Name      
            If ($ace.Trustee.Domain -ne $Null) {$UserName = "$($ace.Trustee.Domain)\$UserName"}    
            If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }      
            $ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType)  
            }            
} 

$Results = "" | Select Server,Name,Status,Path,Description, ID, Rights
$Results.Server = $Share.__Server
$Results.Name = $Share.Name
$Results.Status = $Share.Status
$Results.Path = $Share.Path
$Results.Description = $Share.Description
$Results.ID = $ACL | % {$_.IdentityReference}
$Results.Rights = $ACL | % {$_.FileSystemRights}
$Results = $Results | ? {$_.id -ne $null}
$Array += $Results
} 

$Array