Listing share permissions for remote shares

Now that you can list shares, how about something a bit more challenging?

Let’s take a look at share permissions. I tried using subinacl.exe to get these for a remote share. But it turns out that it does not always give trustworthy results. It showed read permissions for a share with Read and Change permissions. And let’s not mention the single-string, unicode output! What a nightmare!

Then I took one step back and issued the following command:

Get-WmiObject -ComputerName REMOTESERVER -List | Where { $_ -match “share” }

Turns out there is a WMI class called Win32_LogicalShareSecuritySetting that can help out!

Using Get-Member, I found the methods and properties I needed to make this work. And after some googling for the meaning of the AccessMask numbers, I was all done.

I have attached the script. Rename it to .ps1 and dot-source it, or paste it into your profile. Then give this command a try:


Oh, objects! I love Powershell!

Get-MySharePermissions (rename to .ps1 or copy into profile)


Finding Shares with Powershell

Here’s a handy little function I wrote for enumerating all shares on a remote server:

function Get-MyShares
 $Shares = Get-WmiObject -Class Win32_Share -ComputerName $Server
 $output = @()
 ForEach ($Share in $Shares)
  $fullpath = “\\{0}\{1}” -f $server, $share.name
  Add-Member -MemberType NoteProperty -InputObject $Share -Name FullPath -Value $fullpath
  $output += $Share
 Return $output

Note that I am adding an additional property to the default output of the WMI query. It contains the full path to the share in the format \\server\share.