Script to locate shares and show mappings.

[ptrex]

@all

Nice examples.

Good to see you got it going !!

regards

ptrex

[schilbiz]

I have been toying with this and cannot alter the ouput. It states the same access control for all shares and users. I have made a share and changed the permission settings but it still spits out the same 15 permissions mentioned below even though I know they do not have the access, I can deny the access but it still shows up. Any suggestions? Thanks.

Also I am having trouble getting this to work on an NT system.. any suggestions there?

expandcollapse popup

If $wmiAce.AccessMask And $FILE_ALL_ACCESS Then $strMsg &= @TAB & "FILE_ALL_ACCESS " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_ADD_SUBDIRECTORY Then $strMsg &= @TAB & "FOLDER_ADD_SUBDIRECTORY " & @CRLF
        If $wmiAce.AccessMask And $FILE_DELETE Then $strMsg &= @TAB & "FILE_DELETE " & @CRLF
        If $wmiAce.AccessMask And $FILE_DELETE_CHILD Then $strMsg &= @TAB & "FILE_DELETE_CHILD " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_TRAVERSE Then $strMsg &= @TAB & "FOLDER_TRAVERSE " & @CRLF
        If $wmiAce.AccessMask And $FILE_READ_ATTRIBUTES Then $strMsg &= @TAB & "FILE_READ_ATTRIBUTES " & @CRLF
        If $wmiAce.AccessMask And $FILE_READ_CONTROL Then $strMsg &= @TAB & "FILE_READ_CONTROL " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_LIST_DIRECTORY Then $strMsg &= @TAB & "FOLDER_LIST_DIRECTORY " & @CRLF
        If $wmiAce.AccessMask And $FILE_READ_EA Then $strMsg &= @TAB & "FILE_READ_EA " & @CRLF
        If $wmiAce.AccessMask And $FILE_SYNCHRONIZE Then $strMsg &= @TAB & "FILE_SYNCHRONIZE " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_ATTRIBUTES Then $strMsg &= @TAB & "FILE_WRITE_ATTRIBUTES " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_DAC Then $strMsg &= @TAB & "FILE_WRITE_DAC " & @CRLF
        If $wmiAce.AccessMask And $FOLDER_ADD_FILE Then $strMsg &= @TAB & "FOLDER_ADD_FILE " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_EA Then $strMsg &= @TAB & "FILE_WRITE_EA " & @CRLF
        If $wmiAce.AccessMask And $FILE_WRITE_OWNER Then $strMsg &= @TAB & "FILE_WRITE_OWNERoÝ÷ Ù«­¢+ØIÅեɵ¥¸)±½°ÀÌØíÉÉä°ÀÌØíÍÉÉä°ÀÌØí¡5奱ôÅÕ½ÐíM¡É%¹¼¹ÑáÐÅÕ½Ðì(íIÕ¹ÍMÐ ÅÕ½ÐíÕÍɹµÅÕ½Ðì°ÅÕ½Ðí½µ¥¸ÅÕ½Ðì°ÅÕ½ÐíÁÍÍݽÉÅÕ½Ðì¤()
½¹ÍÐÀÌØíM}
1}AIM9PôÁàÐ)
½¹ÍÐÀÌØí

MM}11=]}
}QeAôÁàÀ)
½¹ÍÐÀÌØí

MM}9%}
}QeAôÁàÄ)
½¹ÍÐÀÌØí%1}11}

MLôÁàÅÀÅ)
½¹ÍÐÀÌØí=1I}}MU %I
Q=IdôÁàÀÀÀÀÀÐ)
½¹ÍÐÀÌØí%1}1QôÁàÀÄÀÀÀÀ)
½¹ÍÐÀÌØí%1}1Q}
!%1ôÁàÀÀÀÀÐÀ)
½¹ÍÐÀÌØí=1I}QIYIMôÁàÀÀÀÀÈÀ)
½¹ÍÐÀÌØí%1}I}QQI%   UQLôÁàÀÀÀÀàÀ)
½¹ÍÐÀÌØí%1}I}
=9QI=0ôÁàÀÈÀÀÀÀ)
½¹ÍÐÀÌØí=1I}1%MQ}%I
Q=IdôÁàÀÀÀÀÀÄ)
½¹ÍÐÀÌØí%1}I}ôÁàÀÀÀÀÀà)
½¹ÍÐÀÌØí%1}Me9
!I=9%iôÁàÄÀÀÀÀÀ)
½¹ÍÐÀÌØí%1}]I%Q}QQI%    UQLôÁàÀÀÀÄÀÀ)
½¹ÍÐÀÌØí%1}]I%Q}ôÁàÀÐÀÀÀÀ)
½¹ÍÐÀÌØí=1I}}%1ôÁàÀÀÀÀÀÈ)
½¹ÍÐÀÌØí%1}]I%Q}ôÁàÀÀÀÀÄÀ)
½¹ÍÐÀÌØí%1}]I%Q}=]9HôÁàÀàÀÀÀÀ((íIÑÉ¥ÙÍ¡ÉÌ(ÀÌØíÍÑÉ
½µÁÕÑÈôÅÕ½Ðì¸ÅÕ½Ðì(ÀÌØí½©]5%MÉÙ¥ô=©Ð ÅÕ½ÐíÝ¥¹µµÑÌèÀäÈìÀäÈìÅÕ½ÐìµÀìÀÌØíÍÑÉ
½µÁÕÑȵÀìÅÕ½ÐìÀäÈíɽ½ÐÀäÈí¥µØÈÅÕ½Ðì¤((ÀÌØí½±%ѵÌôÀÌØí½©]5%MÉÙ¥¹áEÕÉä ÌäíM1
P¨I=4]¥¸ÌÉ}1½¥±M¡ÉMÕÉ¥ÑåMÑÑ¥¹Ìäì°ÅÕ½Ðí]E0ÅÕ½Ðì°Ðà¤()½ÈÀÌØí½©%Ñ´¥¸ÀÌØí½±%ѵÌ((ÀÌØíÍÑÉM¡É9µôÀÌØí½©%Ñ´¹¹µ((ÀÌØíݵ¥¥±MMÑÑ¥¹ô=©Ð ÅÕ½ÐíÝ¥¹µµÑÌéí¥µÁÉͽ¹Ñ¥½¹1Ù°õ¥µÁÉͽ¹ÑôÌÌì¼¼ÅÕ½ÐìµÀìÀÌØíÍÑÉ
½µÁÕÑȵÀìÅÕ½Ðì½É½½Ð½¥µØÈé]¥¸ÌÉ}1½¥±M¡ÉMÕÉ¥ÑåMÑÑ¥¹¹9µôÌäìÅÕ½ÐìµÀìÀÌØíÍÑÉM¡É9µµÀìÅÕ½ÐìÌäìÅÕ½Ðì¤((íIÑÉ¥ÙÍÕÉ¥ÑäÍÉ¥ÁѽÈäÉɹ(¥´ÀÌØíݵ¥MÕÉ¥ÑåÍÉ¥ÁѽÈ(ÀÌØíIÑY°ôÀÌØíݵ¥¥±MMÑÑ¥¹¹ÑMÕÉ¥ÑåÍÉ¥ÁÑ½È ÀÌØíݵ¥MÕÉ¥ÑåÍÉ¥ÁѽȤ(%ÉɽÈQ¡¸(
½¹Í½±]É¥Ñ ÅÕ½ÐíÑMÕÉ¥ÑåÍÉ¥Áѽȥ±½¸ÅÕ½ÐìµÀìÀÌØíÍÑÉM¡É9µµÀì
I1¤(±Í(
½¹Í½±]É¥Ñ ÅÕ½Ðì´´´´´´´´´´´´´´´´´´´´´´´ÅÕ½ÐìµÀì
I1¤(
½¹Í½±]É¥Ñ ÅÕ½ÐíM¡É¹µèÅÕ½ÐìµÀìÀÌØíÍÑÉM¡É9µµÀì
I1¤(
½¹Í½±]É¥Ñ ÅÕ½Ðì´´´´´´´´´´´´´´´´´´´´´´´ÅÕ½ÐìµÀì
I1¤($$(¹%((ìIÑÉ¥ÙÑ¡
0ÉÉä½]¥¸ÌÉ}
½©Ñ̸(ÀÌØí
0ôÀÌØíݵ¥MÕÉ¥ÑåÍÉ¥Áѽȹ
0((½ÈÀÌØíݵ¥¥¸ÀÌØí
0(ÀÌØíÍÑÉ5ÍôÅÕ½ÐìÅÕ½Ðì((ìÐ]¥¸ÌÉ}QÉÕÍѽ©Ðɽ´
(ÀÌØíQÉÕÍÑôÀÌØíݵ¥¹QÉÕÍÑ(ÀÌØíÍÑÉ5͵ÀìôÅÕ½ÐíQÉÕÍѽµ¥¸èÅÕ½ÐìµÀìÀÌØíQÉÕÍѹ½µ¥¸µÀì
I1(ÀÌØíÍÑÉ5͵ÀìôÅÕ½ÐíQÉÕÍÑ9µèÅÕ½ÐìµÀìÀÌØíQÉÕÍѹ9µµÀì
I1((%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}11}

MLQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}11}

MLÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí=1I}}MU  %I
Q=IdQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí=1I}}MU  %I
Q=IdÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}1QQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}1QÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}1Q}
!%1Q¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}1Q}
!%1ÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí=1I}QIYIMQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí=1I}QIYIMÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}I}QQI%    UQLQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}I}QQI% UQLÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}I}
=9QI=0Q¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}I}
=9QI=0ÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí=1I}1%MQ}%I
Q=IdQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí=1I}1%MQ}%I
Q=IdÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}I}Q¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}I}ÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}Me9
!I=9%iQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}Me9
!I=9%iÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}]I%Q}QQI% UQLQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}]I%Q}QQI%  UQLÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}]I%Q}Q¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}]I%Q}ÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí=1I}}%1Q¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí=1I}}%1ÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}]I%Q}Q¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}]I%Q}ÅÕ½ÐìµÀì
I1(%ÀÌØíݵ¥¹ÍÍ5ͬ¹ÀÌØí%1}]I%Q}=]9HQ¡¸ÀÌØíÍÑÉ5͵ÀìôQµÀìÅÕ½Ðí%1}]I%Q}=]9HÅÕ½ÐìµÀì
I1((
½¹Í½±]É¥Ñ ÀÌØíÍÑÉ5͵Àì
I1¤(ÀÌØíÍÉÉäôMÑÉ¥¹MÁ±¥Ð ÀÌØíÍÑÉM¡É9µ°ÅÕ½Ðì°ÅÕ½Ðì¤(ÀÌØíÉÉäôMÑÉ¥¹MÁ±¥Ð ÀÌØíÍÑÉ5Í°ÅÕ½Ðì°ÅÕ½Ðì¤(}¥±]É¥ÑQ½1¥¹É½µÉÉä ÀÌØí¡5奱°ÀÌØíÉÉä°Ä°´Ä°È¤(}¥±]É¥ÑQ½1¥¹É½µÉÉä ÀÌØí¡5奱°ÀÌØíÍÉÉä°Ä°´Ä°È¤(í5Í ½à ÐÀäØ°ÅÕ½ÐìÅÕ½Ðì°ÀÌØíÍÑÉ5ͤ(9áÐ)9áÐ(()Õ¹}¥±]É¥ÑQ½1¥¹É½µÉÉä ÀÌØí¡¥±°ÀÌØíÙÉÉä°ÀÌØí¹MÑÉÑÉÉäôÀ°ÀÌØí¹¹ÉÉäô´Ä°ÀÌØí¹1¥¹¥±ô´Ä¤(1½°ÀÌØíÍMÑÉ¥¹MѽɰÀÌØíÍI°ÀÌØíÍMÑÉÑMѽɰÀÌØíMÁ±¥Ð°ÀÌØí¥
°ÀÌØí¹U   ½Õ¹ôÀÌØí¹¹ÉÉä°ÀÌØí͹MѽÉ(%ÀÌØí¹¹ÉÉäô´ÄQ¡¸ÀÌØí¹U   ½Õ¹ôU   ½Õ¹ ÀÌØíÙÉÉ䤴Ä(MÝ¥Ñ ÀÌØí¹1¥¹¥±(
Í´Ä(½ÈÀÌØí¥
ôÀÌØí¹MÑÉÑÉÉäQ¼ÀÌØí¹U ½Õ¹(ÀÌØíÍMÑÉ¥¹MѽɵÀìôÀÌØíÙÉÉäµÀì
I1(9áÐ(IÑÕɸ¥±]É¥Ñ ÀÌØí¡¥±°MÑÉ¥¹QÉ¥µI¥¡Ð ÀÌØíÍMÑÉ¥¹MѽɰȤ¤(
ͱÍ(%ÀÌØí¹1¥¹¥±ÐìÄQ¡¸(ÀÌØíÍIô¥±I ÀÌØí¡¥±¤(ÀÌØíMÁ±¥ÐôMÑÉ¥¹MÁ±¥Ð¡MÑÉ¥¹MÑÉ¥Á
H ÀÌØíÍI¤°1¤(½ÈÀÌØí¥
ôÄQ¼ÀÌØí¹1¥¹¥±´Ä(ÀÌØíÍMÑÉÑMѽɵÀìôÀÌØíMÁ±¥ÑlÀÌØí¥

tµÀì
I1(9áÐ(½ÈÀÌØí¥
ôÀÌØí¹1¥¹¥±Q¼ÀÌØíMÁ±¥ÑlÁt(ÀÌØí͹MѽɵÀìôÀÌØíMÁ±¥ÑlÀÌØí¥

tµÀì
I1(9áÐ(ÀÌØí͹MѽÉôMÑÉ¥¹QÉ¥µI¥¡Ð ÀÌØí͹MѽɰȤ(¹%(½ÈÀÌØí¥
ôÀÌØí¹MÑÉÑÉÉäQ¼ÀÌØí¹U ½Õ¹(ÀÌØíÍMÑÉ¥¹MѽɵÀìôÀÌØíÙÉÉålÀÌØí¥

tµÀì
I1(9áÐ(%ÀÌØí͹MѽÉôÅÕ½ÐìÅÕ½ÐìQ¡¸ÀÌØíÍMÑÉ¥¹MѽÉôMÑÉ¥¹QÉ¥µI¥¡Ð ÀÌØíÍMÑÉ¥¹MѽɰȤ(¥±
±½Í¡¥±=Á¸ ÀÌØí¡¥±°È¤¤(IÑÕɸ¥±]É¥Ñ ÀÌØí¡¥±°ÀÌØíÍMÑÉÑMѽɵÀìÀÌØíÍMÑÉ¥¹MѽɵÀìÀÌØí͹Mѽɤ(¹MÝ¥Ñ (IÑÕɸMÑÉÉ½È Ä°À°À¤)¹Õ¹

[schilbiz]

An example of the output:

Settings: Full Deny Outputs...

NewShare$

Trustee Domain:

Trustee Name: Everyone

FILE_ALL_ACCESS

FOLDER_ADD_SUBDIRECTORY

FILE_DELETE

FILE_DELETE_CHILD

FOLDER_TRAVERSE

FILE_READ_ATTRIBUTES

FILE_READ_CONTROL

FOLDER_LIST_DIRECTORY

FILE_READ_EA

FILE_SYNCHRONIZE

FILE_WRITE_ATTRIBUTES

FILE_WRITE_DAC

FOLDER_ADD_FILE

FILE_WRITE_EA

FILE_WRITE_OWNER

Settings: Full Access Outputs...

NewShare$

Trustee Domain:

Trustee Name: Everyone

FILE_ALL_ACCESS

FOLDER_ADD_SUBDIRECTORY

FILE_DELETE

FILE_DELETE_CHILD

FOLDER_TRAVERSE

FILE_READ_ATTRIBUTES

FILE_READ_CONTROL

FOLDER_LIST_DIRECTORY

FILE_READ_EA

FILE_SYNCHRONIZE

FILE_WRITE_ATTRIBUTES

FILE_WRITE_DAC

FOLDER_ADD_FILE

FILE_WRITE_EA

FILE_WRITE_OWNER

Edited April 28, 2008 by schilbiz

[UEZ]

Just FYI:

It is not working on Vista x32!

It is working on Vista, too! Default system shares will not be shown...

Sorry for the wrong information!!!

UEZ

Edited November 29, 2008 by UEZ

[skull]

Hey guys,

this script seems to be the thing what I am looking for, but when I try to start it just runs until the first FOR-loop. I tryed to put in "localhost" and my "computername" in the $strComputer = ".", it didn't worked.

Could you say me what I am doing wrong?

Thank you

sKuLL

Edit: I am using XP Pro SP3

Edited December 8, 2008 by skull

[UEZ]

Hey guys,

this script seems to be the thing what I am looking for, but when I try to start it just runs until the first FOR-loop. I tryed to put in "localhost" and my "computername" in the $strComputer = ".", it didn't worked.

Could you say me what I am doing wrong?

Thank you

sKuLL

Edit: I am using XP Pro SP3

Try this, maybe this is what for you:

expandcollapse popup

$server = "Localhost"
$objWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & $server & "\root\cimv2")

Shares($server)

Func Shares($srv)
    Local $Local_Shares, $LS_Name, $LS_Path, $LS_Status, $LS_Description, $LS_Group, $LS_Permission, $TimeStamp
    $colItems = $objWMIService.ExecQuery("SELECT Name, Path, Status, Description FROM Win32_Share", "WQL", 0x30)
    If IsObj($colItems) Then
        For $objItem In $colItems
            $LS_Name = $objItem.Name
            $LS_Path = $objItem.Path
            $LS_Description = $objItem.Description
            $LS_Status = $objItem.Status
            $LS_Group = ""
            $LS_Permission = ""
            If $LS_Description = "" Then
                $Local_Shares &= Share_Permission($srv, $LS_Name, $LS_Path, $LS_Description, $LS_Status)
            Else
                $Local_Shares &= $srv & ";" & $LS_Name & ";" & $LS_Path & ";" & $LS_Description & ";" & $LS_Status & ";" & $LS_Group & ";" & $LS_Permission & @CRLF
            EndIf
        Next
        MsgBox(0, "Test", $Local_Shares)
;~         ConsoleWrite($Local_Shares & @CRLF)
    Else
    EndIf
EndFunc

Func Share_Permission($srv, $name, $path, $description, $status)
    Dim $wmiSecurityDescriptor
    $wmiFileSecSetting = ObjGet("winmgmts:{impersonationLevel=impersonate}!//" & $srv & "/root/cimv2:Win32_LogicalShareSecuritySetting.Name='" & $name & "'")
    If IsObj($wmiFileSecSetting) Then
        $RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)
        Local $DACL = $wmiSecurityDescriptor.DACL
        Local $strsid = ""
        Local $ACE = ""
        For $wmiAce in $DACL
            Select
                Case $wmiAce.AccessMask = 1179817 And $wmiAce.AceType = 0
                    $Permission = "Read"
                Case $wmiAce.AccessMask = 1245631 And $wmiAce.AceType = 0
                    $Permission = "Change"
                Case $wmiAce.AccessMask = 2032127 And $wmiAce.AceType = 0
                    $Permission = "Full"
                Case $wmiAce.AccessMask = 1179817 And $wmiAce.AceType = 1
                    $Permission = "Read Denied"
                Case $wmiAce.AccessMask = 1245631  And $wmiAce.AceType = 1
                    $Permission = "Change  Denied"
                Case $wmiAce.AccessMask = 2032127  And $wmiAce.AceType = 1
                    $Permission = "Full  Denied"
            EndSelect
            $Trustee = $wmiAce.Trustee
            $ACE &= $srv & ";" & $name & ";" & $path & ";" & $description & ";" & $status & ";" & $Trustee.Name & ";" & $Permission  & ";" & @CRLF 
        Next
        Return $ACE
    EndIf
EndFunc

UEZ

Edited December 12, 2008 by UEZ

[skull]

Hey vielen vielen dank UEZ du hast mir sehr geholfen. Kannst du dir denken warum das erste bei mir nicht Funktioniert hat?

Kennst du eine Seite wo es mehr zum Thema "winmgmts" und "/root/cimv2" gibt. Ich blick da noch nicht so ganz durch

Ich würde jetzt gern noch die Sicherheitsberechtigungen über "Win32_LogicalFileSecuritySetting" (glaub ich) auslesen für alle Freigaben.

Englisch:

Thx UEZ

Greez sKuLL