PeetersOnline.nl
Now that you can list shares, how about something a bit more challenging?
Let’s take a look at share permissions. I tried using subinacl.exe to get these for a remote share. But it turns out that it does not always give trustworthy results. It showed read permissions for a share with Read and Change permissions. And let’s not mention the single-string, unicode output! What a nightmare!
Then I took one step back and issued the following command:
Get-WmiObject -ComputerName REMOTESERVER -List | Where { $_ -match “share” }
Turns out there is a WMI class called Win32_LogicalShareSecuritySetting that can help out!
Using Get-Member, I found the methods and properties I needed to make this work. And after some googling for the meaning of the AccessMask numbers, I was all done.
I have attached the script. Rename it to .ps1 and dot-source it, or paste it into your profile. Then give this command a try:
Get-MySharePermissions REMOTESERVER SHARENAME
Oh, objects! I love Powershell!
Get-MySharePermissions (rename to .ps1 or copy into profile)
No related posts.
If you enjoyed this article, please consider sharing it!
Thanks Hugo
great cmdet – Saved me hours of work.
You’re welcome Charlie. Thanks for visiting my site.
Hugo
Thanks, Hugo. I have copied this and will study it. However, I need to be able to set share permissions using powershell. I can use get-acl and set-acl for folder permissions. I am working on a script that creates a folder on a remote machine, then shares it (I can do that using WMI), but I need to set permissions.
Hello John,
Take a look at the SetSecurityDescriptor() method of the Win32_LogicalShareSecuritySetting class.
Hugo
Thanks, Hugo. Yes, now I see that, it’s obvious. This will help.
This is very helpful, thanks.
Any chance you would do a post on how to use the SetSecurityDescriptor() method?
Might you have any ideas why some (but not all) perfectly functioning, normal shares would not return anything with your script?
Hey Erich,
Thanks for commenting! I don’t have too much time for creating new posts, unfortunately. If you don’t get any warning or errors, I have no clue why some of your shares are not returning results.
Hugo
Is there any way to make the script get all the shares and its permissions?
Dak,
Take a look at this post: http://www.peetersonline.nl/index.php/powershell/finding-shares-with-powershell/
Hugo
Here is a script that can check permissions on remote shares. Unfortunately you have to enter shares manualy.
#==========================================================================
# NAME: ACL on Shared folder
# AUTHOR: Mladen
# DATE : 01/12/2010
# COMMENT: Check permissions on NTFS shared folder and send report to excel
# REQUIREMENTS: QuestAD for PowerShell (Quest ActiveRoles), Excel, Acces to share
# shares.txt is file with shares in format \\server\share1
#==========================================================================
#$erroractionpreference = “SilentlyContinue”
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = “Share”
$c.Cells.Item(1,2) = “Account”
$c.Cells.Item(1,3) = “Permission”
$c.Cells.Item(1,4) = “User Name”
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$intRow = 2
$colShares = get-content shares.txt
foreach ($strShare in $colShares)
{
$c.Cells.Item($intRow, 1) = $strShare
$c.Cells.Item($intRow, 1).Font.Bold = $True
$acl = Get-Acl $strShare
$perm = $acl.Access
foreach ($object in $perm)
{
$intRow = $intRow + 1
$userName = [string]$object.IdentityReference
$c.Cells.Item($intRow, 2) = $userName
$c.Cells.Item($intRow, 3) = [string]$object.FileSystemRights
$fullName = Get-QADUser $userName
$c.Cells.Item($intRow, 4) = $fullName.Name
}
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
Regards.
[...] Before writing a script I always see if anyone has done this already and in this case yes, I stumbled upon http://www.peetersonline.nl/index.php/powershell/listing-share-permissions-for-remote-shares [...]
Hugo, great script this really helped me out (http://wp.me/pFqJZ-2Z).
Regards,
jfrmilner
Awesome script….Any way to get this to recurse 3 levels?
great script! you’re the man
Thanks for showing me how to read/view share permissions!
Im sorry but I miss something and cant run the script, can you tell me step by step how to do it
Thank you in advance