Jump to content

Script to locate shares and show mappings.


Recommended Posts

I have to go through an old NT file server and locate all the shares and document who has permissions and then migrate them over to a win 2003 file server. Anyone who has done this will know how much of a hassle it can be. Anyone have a script or an idea on how this can be done other then the manual way? Thanks.

Edit: spelling

Edited by schilbiz
Link to comment
Share on other sites

This?

net share
net use
I have looked at both net share and net use, I was actually thinking more along the lines of a registry save and export. I believe it can be located at: SYSTEM\CurrentControlSet\Services\LanmanServer\Shares, I am wondering if it is as simple as saving the registry key then exporting it.. Edited by schilbiz
Link to comment
Share on other sites

Dim $objWMIService = ObjGet("winmgmts:\\.\root\cimv2")

Dim $colDrives = $objWMIService.ExecQuery ("Select * From Win32_LogicalDisk Where DriveType = 4")

For $objDrive in $colDrives
    ConsoleWrite("Drive letter: " & $objDrive.DeviceID & @CRLF)
    ConsoleWrite("Network path: " & $objDrive.ProviderName & @CRLF)
Next

Link to comment
Share on other sites

Dim $objWMIService = ObjGet("winmgmts:\\.\root\cimv2")

Dim $colDrives = $objWMIService.ExecQuery ("Select * From Win32_LogicalDisk Where DriveType = 4")

For $objDrive in $colDrives
    ConsoleWrite("Drive letter: " & $objDrive.DeviceID & @CRLF)
    ConsoleWrite("Network path: " & $objDrive.ProviderName & @CRLF)
Next

Brilliant, it shows the drive letter and path, what about who has permissions tied to each share?

Link to comment
Share on other sites

Brilliant, it shows the drive letter and path, what about who has permissions tied to each share?

Are you running this on each client? My code is meant to be run on the client, running on the server probably won't return anything.

Link to comment
Share on other sites

Are you running this on each client? My code is meant to be run on the client, running on the server probably won't return anything.

Yes I ran it on a client and it shows the network drive and the path, but nothing about which users have access to each share because its implicit to the user who is logged on. I am actually looking for something that can be ran on the old file server that will show each share and the path, and then what users have access to each share. Like if you were to access each share individually on the file server and look at who has permissions for it.

Link to comment
Share on other sites

Does this help?

$strComputer = "." 
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") 
$colItems = $objWMIService.ExecQuery( _
    "SELECT * FROM Win32_Share") 
For $objItem in $colItems 
    $x = ""
    $x &=("-----------------------------------" &@CRLF)
    $x &=("Win32_Share instance"&@CRLF)
    $x &=("-----------------------------------" &@CRLF)
    $x &=("AccessMask: " & $objItem.AccessMask &@CRLF)
    $x &=("AllowMaximum: " & $objItem.AllowMaximum &@CRLF)
    $x &=("Caption: " & $objItem.Caption &@CRLF)
    $x &=("Description: " & $objItem.Description &@CRLF)
    $x &=("InstallDate: " & $objItem.InstallDate &@CRLF)
    $x &=("MaximumAllowed: " & $objItem.MaximumAllowed &@CRLF)
    $x &=("Name: " & $objItem.Name &@CRLF)
    $x &=("Path: " & $objItem.Path &@CRLF)
    $x &=("Status: " & $objItem.Status &@CRLF)
    $x &=("Type: " & $objItem.Type &@CRLF)
    ConsoleWrite($x & @CRLF)
    MsgBox(0, '', $x)
Next

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Link to comment
Share on other sites

This script here will tell you the selected folder security settings with access settings. But I would have to run it for each individual share. I am trying to implement it into another script that will locate each share and have this run on each share then have it save the output to a log.

Dim $strFolderName = "C:\"

Dim $SE_DACL_PRESENT = 0x4
Dim $ACCESS_ALLOWED_ACE_TYPE = 0x0
Dim $ACCESS_DENIED_ACE_TYPE = 0x1
Dim $FILE_ALL_ACCESS = 0x1f01ff
Dim $FOLDER_ADD_SUBDIRECTORY = 0x000004
Dim $FILE_DELETE = 0x010000
Dim $FILE_DELETE_CHILD = 0x000040
Dim $FOLDER_TRAVERSE = 0x000020
Dim $FILE_READ_ATTRIBUTES = 0x000080
Dim $FILE_READ_CONTROL = 0x020000
Dim $FOLDER_LIST_DIRECTORY = 0x000001
Dim $FILE_READ_EA = 0x000008
Dim $FILE_SYNCHRONIZE = 0x100000
Dim $FILE_WRITE_ATTRIBUTES = 0x000100
Dim $FILE_WRITE_DAC = 0x040000
Dim $FOLDER_ADD_FILE = 0x000002
Dim $FILE_WRITE_EA = 0x000010
Dim $FILE_WRITE_OWNER = 0x080000

Dim $objWMIService = ObjGet("winmgmts:")
Dim $objFolderSecuritySettings = $objWMIService.Get("Win32_LogicalFileSecuritySetting='" & $strFolderName & "'")
Dim $objSD
Dim $intRetVal = $objFolderSecuritySettings.GetSecurityDescriptor ($objSD)
Dim $intControlFlags = $objSD.ControlFlags

If $intControlFlags And $SE_DACL_PRESENT Then
    Dim $strMsg = "", $objACE
    Dim $arrACEs = $objSD.DACL
    For $objACE In $arrACEs
        $strMsg &= $objACE.Trustee.Domain & "\" & $objACE.Trustee.Name
        
        If $objACE.AceType = $ACCESS_ALLOWED_ACE_TYPE Then
            $strMsg &= @TAB & "Allowed:" & @CRLF
        ElseIf $objACE.AceType = $ACCESS_DENIED_ACE_TYPE Then
            $strMsg &= @TAB & "Denied:" & @CRLF
        EndIf

        If $objACE.AccessMask And $FILE_ALL_ACCESS Then $strMsg &= @TAB & @TAB & "FILE_ALL_ACCESS " & @CRLF
        If $objACE.AccessMask And $FOLDER_ADD_SUBDIRECTORY Then $strMsg &= @TAB & @TAB & "FOLDER_ADD_SUBDIRECTORY " & @CRLF
        If $objACE.AccessMask And $FILE_DELETE Then $strMsg &= @TAB & @TAB & "FILE_DELETE " & @CRLF
        If $objACE.AccessMask And $FILE_DELETE_CHILD Then $strMsg &= @TAB & @TAB & "FILE_DELETE_CHILD " & @CRLF
        If $objACE.AccessMask And $FOLDER_TRAVERSE Then $strMsg &= @TAB & @TAB & "FOLDER_TRAVERSE " & @CRLF
        If $objACE.AccessMask And $FILE_READ_ATTRIBUTES Then $strMsg &= @TAB & @TAB & "FILE_READ_ATTRIBUTES " & @CRLF
        If $objACE.AccessMask And $FILE_READ_CONTROL Then $strMsg &= @TAB & @TAB & "FILE_READ_CONTROL " & @CRLF
        If $objACE.AccessMask And $FOLDER_LIST_DIRECTORY Then $strMsg &= @TAB & @TAB & "FOLDER_LIST_DIRECTORY " & @CRLF
        If $objACE.AccessMask And $FILE_READ_EA Then $strMsg &= @TAB & @TAB & "FILE_READ_EA " & @CRLF
        If $objACE.AccessMask And $FILE_SYNCHRONIZE Then $strMsg &= @TAB & @TAB & "FILE_SYNCHRONIZE " & @CRLF
        If $objACE.AccessMask And $FILE_WRITE_ATTRIBUTES Then $strMsg &= @TAB & @TAB & "FILE_WRITE_ATTRIBUTES " & @CRLF
        If $objACE.AccessMask And $FILE_WRITE_DAC Then $strMsg &= @TAB & @TAB & "FILE_WRITE_DAC " & @CRLF
        If $objACE.AccessMask And $FOLDER_ADD_FILE Then $strMsg &= @TAB & @TAB & "FOLDER_ADD_FILE " & @CRLF
        If $objACE.AccessMask And $FILE_WRITE_EA Then $strMsg &= @TAB & @TAB & "FILE_WRITE_EA " & @CRLF
        If $objACE.AccessMask And $FILE_WRITE_OWNER Then $strMsg &= @TAB & @TAB & "FILE_WRITE_OWNER " & @CRLF
    Next
Else
    $strMsg = "No DACL present in security descriptor"
EndIf
ConsoleWrite($strMsg)
Link to comment
Share on other sites

I found this VB script which I was able to convert:

http://www.dbforums.com/showthread.php?t=892948

With some lines from:

http://cwashington.netreach.net/depo/view.asp?Index=1115

$strComputer = "."
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

$colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_LogicalShareSecuritySetting', "WQL", 48)

For $objItem in $colItems

    $strShareName = $objItem.name
    
    Dim $wmiSecurityDescriptor

    $wmiFileSecSetting = ObjGet("winmgmts:{impersonationLevel=impersonate}!//" & $strComputer & "/root/cimv2:Win32_LogicalShareSecuritySetting.Name='" & $strShareName & "'")

    
    $RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)
    If @Error Then
        ConsoleWrite("GetSecurityDescriptor failed on " & $strShareName & @CRLF)
    Else
        ConsoleWrite("GetSecurityDescriptor succeeded for " & $strShareName & @CRLF)
    EndIf

    ; Retrieve the DACL array of Win32_ACE objects.
    $DACL = $wmiSecurityDescriptor.DACL
    
    $strsid = ""

    For $wmiAce in $DACL

        ConsoleWrite( "-----------------------" & @CRLF)
        ConsoleWrite("Found ACE" & @CRLF)
        ConsoleWrite( "-----------------------" & @CRLF)
        ConsoleWrite( "Access Mask: " & $wmiAce.AccessMask & @CRLF)
        ConsoleWrite( "ACE Type: " & $wmiAce.AceType & @CRLF)

        ; Get Win32_Trustee object from ACE
        $Trustee = $wmiAce.Trustee
        ConsoleWrite( "Trustee Domain: " & $Trustee.Domain & @CRLF)
        ConsoleWrite( "Trustee Name: " & $Trustee.Name & @CRLF)

        ; Get SID as array from Trustee
        $SID = $Trustee.SID

        For $i = 0 To UBound($SID) - 1
            $strsid &= $SID[$i] & ","
        Next
        
        ConsoleWrite( "Trustee SID: {" & $strsid & "}" & @CRLF)
        ConsoleWrite(@CRLF)
    Next
Next
Link to comment
Share on other sites

Personally, I don't think you are going to be able to do this from the client side. The server where the share resides is where all the ACLs are maintained. I mean think about it, it would be quite a security vulnerability if any remote user was able to see user account names and ACLs for any share.

Link to comment
Share on other sites

Personally, I don't think you are going to be able to do this from the client side. The server where the share resides is where all the ACLs are maintained. I mean think about it, it would be quite a security vulnerability if any remote user was able to see user account names and ACLs for any share.

The plan is to run it from the server side once I get it working. The shares reside on the file server.

Link to comment
Share on other sites

Here is a combination of my script and your script:

Const $SE_DACL_PRESENT = 0x4
Const $ACCESS_ALLOWED_ACE_TYPE = 0x0
Const $ACCESS_DENIED_ACE_TYPE = 0x1
Const $FILE_ALL_ACCESS = 0x1f01ff
Const $FOLDER_ADD_SUBDIRECTORY = 0x000004
Const $FILE_DELETE = 0x010000
Const $FILE_DELETE_CHILD = 0x000040
Const $FOLDER_TRAVERSE = 0x000020
Const $FILE_READ_ATTRIBUTES = 0x000080
Const $FILE_READ_CONTROL = 0x020000
Const $FOLDER_LIST_DIRECTORY = 0x000001
Const $FILE_READ_EA = 0x000008
Const $FILE_SYNCHRONIZE = 0x100000
Const $FILE_WRITE_ATTRIBUTES = 0x000100
Const $FILE_WRITE_DAC = 0x040000
Const $FOLDER_ADD_FILE = 0x000002
Const $FILE_WRITE_EA = 0x000010
Const $FILE_WRITE_OWNER = 0x080000

;Retrieve shares
$strComputer = "."
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

$colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_LogicalShareSecuritySetting', "WQL", 48)

For $objItem in $colItems

    $strShareName = $objItem.name

    $wmiFileSecSetting = ObjGet("winmgmts:{impersonationLevel=impersonate}!//" & $strComputer & "/root/cimv2:Win32_LogicalShareSecuritySetting.Name='" & $strShareName & "'")

    ;Retrieve security descriptor by reference
    Dim $wmiSecurityDescriptor
    $RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)
    If @Error Then
        ConsoleWrite("GetSecurityDescriptor failed on " & $strShareName & @CRLF)
    Else
        ConsoleWrite( "-----------------------" & @CRLF)
        ConsoleWrite("Share name: " & $strShareName & @CRLF)
        ConsoleWrite( "-----------------------" & @CRLF)
    EndIf

    ; Retrieve the DACL array of Win32_ACE objects.
    $DACL = $wmiSecurityDescriptor.DACL

    For $wmiAce in $DACL
        $strMsg = ""
        
        $strMsg &= "Access Mask: " & $wmiAce.AccessMask & @CRLF
        $strMsg &= "ACE Type: " & $wmiAce.AceType & @CRLF

        ; Get Win32_Trustee object from ACE
        $Trustee = $wmiAce.Trustee
        $strMsg &= "Trustee Domain: " & $Trustee.Domain & @CRLF
        $strMsg &= "Trustee Name: " & $Trustee.Name & @CRLF

        ; Get SID as array from Trustee
        $SID = $Trustee.SID
        
        $strsid = ""
        For $i = 0 To UBound($SID) - 1
            $strsid &= $SID[$i] & ","
        Next
        
        If $wmiAce.AccessMask And $FILE_ALL_ACCESS Then $strMsg &= @TAB & "FILE_ALL_ACCESS " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_ADD_SUBDIRECTORY Then $strMsg &= @TAB & "FOLDER_ADD_SUBDIRECTORY " & @CRLF
        If $wmiAce.AccessMask And $FILE_DELETE Then $strMsg &= @TAB & "FILE_DELETE " & @CRLF
        If $wmiAce.AccessMask And $FILE_DELETE_CHILD Then $strMsg &= @TAB & "FILE_DELETE_CHILD " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_TRAVERSE Then $strMsg &= @TAB & "FOLDER_TRAVERSE " & @CRLF
        If $wmiAce.AccessMask And $FILE_READ_ATTRIBUTES Then $strMsg &= @TAB & "FILE_READ_ATTRIBUTES " & @CRLF
        If $wmiAce.AccessMask And $FILE_READ_CONTROL Then $strMsg &= @TAB & "FILE_READ_CONTROL " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_LIST_DIRECTORY Then $strMsg &= @TAB & "FOLDER_LIST_DIRECTORY " & @CRLF
        If $wmiAce.AccessMask And $FILE_READ_EA Then $strMsg &= @TAB & "FILE_READ_EA " & @CRLF
        If $wmiAce.AccessMask And $FILE_SYNCHRONIZE Then $strMsg &= @TAB & "FILE_SYNCHRONIZE " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_ATTRIBUTES Then $strMsg &= @TAB & "FILE_WRITE_ATTRIBUTES " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_DAC Then $strMsg &= @TAB & "FILE_WRITE_DAC " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_ADD_FILE Then $strMsg &= @TAB & "FOLDER_ADD_FILE " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_EA Then $strMsg &= @TAB & "FILE_WRITE_EA " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_OWNER Then $strMsg &= @TAB & "FILE_WRITE_OWNER " & @CRLF
        
        $strMsg &= "Trustee SID: {" & $strsid & "}" & @CRLF
        ConsoleWrite($strMsg & @CRLF)
    Next
Next

I'm not sure if its just me, if a user is Read Only it shows the same thing as a user with Full Control.

Edited by weaponx
Link to comment
Share on other sites

In windows XP there is a user level cache that is stored for fast load times, which is different then win 2000. You have to disable it via group policy at the local level in order to have it load the network information before the cached data loads. That is if you primarily use shared/FC on "everyone" and use NTFS security to manage your files/folders.

Then sometimes you just need to reboot/log off a couple times to see share/security changes.

Edited by schilbiz
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...