Listing share permissions for remote shares

Now that you can list shares, how about something a bit more challenging?

Let’s take a look at share permissions. I tried using subinacl.exe to get these for a remote share. But it turns out that it does not always give trustworthy results. It showed read permissions for a share with Read and Change permissions. And let’s not mention the single-string, unicode output! What a nightmare!

Then I took one step back and issued the following command:

Get-WmiObject -ComputerName REMOTESERVER -List | Where { $_ -match “share” }

Turns out there is a WMI class called Win32_LogicalShareSecuritySetting that can help out!

Using Get-Member, I found the methods and properties I needed to make this work. And after some googling for the meaning of the AccessMask numbers, I was all done.

I have attached the script. Rename it to .ps1 and dot-source it, or paste it into your profile. Then give this command a try:

Get-MySharePermissions REMOTESERVER SHARENAME

Oh, objects! I love Powershell!

Get-MySharePermissions (rename to .ps1 or copy into profile)

//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

(adsbygoogle = window.adsbygoogle || []).push({});

A pro with more than 6 years and less than 10 years of experience can earn a maximum 30%, whereas a pro with more than 10 years of experience can earn 35% of the salary cap.. The official gauge pressure of an NFL football is 13 pounds per square inch, or psi. “. In Glasgow in 2014, they lowered the world record to 3:30.98. Mohamed Sanu, the second leading receiver with 49 catches, is out because of a groin injury. CTE is a degenerative brain disease found in deceased athletes who have a history of repeated head trauma, including concussions or blows to the head. I lingered longer than I normally would. Only list important and pertinent information on your agenda. The creators (servants?) of the program say things like, “He just loaded up on value stocks,” and “I’ve learned not to question the cheap nfl jerseys AI.” We will all be batteries soon enough.. Some FBI agents did occasionally Wholesale Jerseys chase Abagnale, but he didn’t have a Batman/Joker relationship Cheap nfl jerseys with any of them, and he certainly didn’t call them every Wholesale NFL Jerseys Online Christmas. He played quarterback there for four years. Attorney’s Office for the Northern District of Illinois, which includes Chicago, has been very busy in recent years. Hack deep enough into the CIA’s website and you can get into their mainframe. Include rules that have been developed over the years to make football safer, such as limiting the sport to the fall and winter months and disallowing defenders from hitting defenseless players in the air. Paying child support for one child can be a financial burden. Looking to become a major player in the smart meter market, Xylem (NYSE:XYL) is nearing a deal to acquire Sensus USA for Cheap NFL Jerseys around $1.7B, including debt, according to Reuters. Shattuck is a former Baltimore Ravens cheerleader and was once the NFL’s oldest cheerleader. This is a surgical method in which a hole is cut into the skull to release pressure on the brain. Before the advent of Islam and after advent the in the first few years the consumption of Alcohol was quite a common act in Arabs. But I’ve spent time out East and in the Midwest where this wasn’t the case. IPL is at the incubation stage and is intended for bodies Cheap nfl jerseys corporate with very high net worth and sustaining capacity (in financial parlance). His friends and neighbors feared the worst: He could www.buyoakleysunglasses.com be frozen. Chargers.. There’s skin in this one. For more than two years, which has contributed to eroding the fan base in San Diego. Adidas zx flux Sung dre beats laughed: p90 swarovski australia drink yoga pants a hermes outlet jar jimmy choo outlet fills. We are heading in the right direction.”. So long as you can feel the vision, what does it matter that you have to walk half a mile to reach the fridge?Not before time, it appears, Mini is about to do something about it.With the Paceman they’ve already relocated the window switches from behind the water bottles to the armrests so you can actually reach them.The Paceman features another departure for new Mini.

17 thoughts on “Listing share permissions for remote shares”

  1. Thanks, Hugo. I have copied this and will study it. However, I need to be able to set share permissions using powershell. I can use get-acl and set-acl for folder permissions. I am working on a script that creates a folder on a remote machine, then shares it (I can do that using WMI), but I need to set permissions.

    »crosslinked«

  2. This is very helpful, thanks.

    Any chance you would do a post on how to use the SetSecurityDescriptor() method?

    Might you have any ideas why some (but not all) perfectly functioning, normal shares would not return anything with your script?

    1. Hey Erich,
      Thanks for commenting! I don’t have too much time for creating new posts, unfortunately. If you don’t get any warning or errors, I have no clue why some of your shares are not returning results.
      Hugo

  3. Here is a script that can check permissions on remote shares. Unfortunately you have to enter shares manualy.

    #==========================================================================
    # NAME: ACL on Shared folder
    # AUTHOR: Mladen
    # DATE : 01/12/2010
    # COMMENT: Check permissions on NTFS shared folder and send report to excel
    # REQUIREMENTS: QuestAD for PowerShell (Quest ActiveRoles), Excel, Acces to share
    # shares.txt is file with shares in format \\server\share1
    #==========================================================================

    #$erroractionpreference = “SilentlyContinue”
    $a = New-Object -comobject Excel.Application
    $a.visible = $True
    $b = $a.Workbooks.Add()
    $c = $b.Worksheets.Item(1)
    $c.Cells.Item(1,1) = “Share”
    $c.Cells.Item(1,2) = “Account”
    $c.Cells.Item(1,3) = “Permission”
    $c.Cells.Item(1,4) = “User Name”
    $d = $c.UsedRange
    $d.Interior.ColorIndex = 19
    $d.Font.ColorIndex = 11
    $d.Font.Bold = $True

    $intRow = 2

    $colShares = get-content shares.txt
    foreach ($strShare in $colShares)
    {
    $c.Cells.Item($intRow, 1) = $strShare
    $c.Cells.Item($intRow, 1).Font.Bold = $True
    $acl = Get-Acl $strShare
    $perm = $acl.Access
    foreach ($object in $perm)
    {
    $intRow = $intRow + 1
    $userName = [string]$object.IdentityReference
    $c.Cells.Item($intRow, 2) = $userName
    $c.Cells.Item($intRow, 3) = [string]$object.FileSystemRights
    $fullName = Get-QADUser $userName
    $c.Cells.Item($intRow, 4) = $fullName.Name
    }
    $intRow = $intRow + 1
    }
    $d.EntireColumn.AutoFit()

    Regards.

  4. Hi, I ‘m using both your scripts get-myshare AND permissions to take all NAS Shares with permissions but I couldn’t make them work together.

    So I’m firstly taking the list of shares with Get-MyShare
    Get-MyShares bos2-nassvr | select __SERVER, Caption

    and than I’m proccessing in excel than I’m taking permission lists one by one to csv file.

    But I was wandering is there any way to add Server Name and Share name to permission list.

    OR it would be perfect to make such script wich takes all share names and log their permissions in csv file. Most of people needs such script because of security reasonsI tried to combine your scripts but I couldn’t 🙁

Leave a Reply