This simple powershell script returns True o False if our object is of the same specified type or not.
<# $object contains my username string #> $object="MyUser" <# $type contains the type string (User or Group or Computer or OU) #> $type="User" $seek = [System.DirectoryServices.DirectorySearcher]"LDAP://dc=contoso,dc=com" $seek.Filter = “(&(name=$object)(objectCategory=$type))” Write-Host($seek.FindOne() -ne $null)
This is a simple script for sending an html formatted e-mail:
$subject = "My Subject";
$headers = "From: paolo@pizzolongo.com\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = <<< EOT
< html >
< head >
< style >
body{background-color:#eee;margin:0;padding:0;border:0;}
h1{background-color:black;color:white;border-bottom:2px solid red;
font-size:16px; font-family:Arial;height:30px;line-height:30px;
text-indent:10px;vertical-align:middle;}
p{font-size:13px;font-family:Arial;line-height:1.2em;}
< body >
< h1 >Example Text< /h1 >
Hello,
this is a little text example.
Paolo's web site
regards
EOT;
mail($send_to,$subject,$message,$headers);
with this powershell script we’ll be able to get share permissions and ntfs permissions form all the shares of our servers list.
Function GetSharedFolderPermission($ComputerName)
{
#test server connectivity
$PingResult = Test-Connection -ComputerName $ComputerName -Count 1 -Quiet
if($PingResult)
{
#check the credential whether trigger
if($Credential)
{
$SharedFolderSecs = Get-WmiObject -Class Win32_LogicalShareSecuritySetting `
-ComputerName $ComputerName -Credential $Credential -ErrorAction SilentlyContinue
}
else
{
$SharedFolderSecs = Get-WmiObject -Class Win32_LogicalShareSecuritySetting `
-ComputerName $ComputerName -ErrorAction SilentlyContinue
}
foreach ($SharedFolderSec in $SharedFolderSecs)
{
$Objs = @() #define the empty array
$SecDescriptor = $SharedFolderSec.GetSecurityDescriptor()
foreach($DACL in $SecDescriptor.Descriptor.DACL)
{
$DACLDomain = $DACL.Trustee.Domain
$DACLName = $DACL.Trustee.Name
if($DACLDomain -ne $null)
{
$UserName = "$DACLDomain\$DACLName"
}
else
{
$UserName = "$DACLName"
}
#customize the property
$Properties = @{'ComputerName' = $ComputerName
'SharedFolderName' = $SharedFolderSec.Name
'SecurityPrincipal' = $UserName
'FileSystemRights' = [Security.AccessControl.FileSystemRights]`
$($DACL.AccessMask -as [Security.AccessControl.FileSystemRights])
'NTFS' = 0}
$SharedACLs = New-Object -TypeName PSObject -Property $Properties
$Objs += $SharedACLs
}
$Objs|Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS
}
}
else
{
$Properties = @{'ComputerName' = $ComputerName
'SharedFolderName' = "Not Available"
'SecurityPrincipal' = "Not Available"
'FileSystemRights' = "Not Available"
'NTFS' = 0}
$SharedACLs = New-Object -TypeName PSObject -Property $Properties
$Objs += $SharedACLs
$Objs|Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS
}
}
Function GetSharedFolderNTFSPermission($ComputerName)
{
#test server connectivity
$PingResult = Test-Connection -ComputerName $ComputerName -Count 1 -Quiet
if($PingResult)
{
#check the credential whether trigger
if($Credential)
{
$SharedFolders = Get-WmiObject -Class Win32_Share `
-ComputerName $ComputerName -Credential $Credential -ErrorAction SilentlyContinue
}
else
{
$SharedFolders = Get-WmiObject -Class Win32_Share `
-ComputerName $ComputerName -ErrorAction SilentlyContinue
}
foreach($SharedFolder in $SharedFolders)
{
$Objs = @()
$SharedFolderPath = [regex]::Escape($SharedFolder.Path)
if($Credential)
{
$SharedNTFSSecs = Get-WmiObject -Class Win32_LogicalFileSecuritySetting `
-Filter "Path='$SharedFolderPath'" -ComputerName $ComputerName -Credential $Credential
}
else
{
$SharedNTFSSecs = Get-WmiObject -Class Win32_LogicalFileSecuritySetting `
-Filter "Path='$SharedFolderPath'" -ComputerName $ComputerName
}
$SecDescriptor = $SharedNTFSSecs.GetSecurityDescriptor()
foreach($DACL in $SecDescriptor.Descriptor.DACL)
{
$DACLDomain = $DACL.Trustee.Domain
$DACLName = $DACL.Trustee.Name
if($DACLDomain -ne $null)
{
$UserName = "$DACLDomain\$DACLName"
}
else
{
$UserName = "$DACLName"
}
#customize the property
$Properties = @{'ComputerName' = $ComputerName
'SharedFolderName' = $SharedFolder.Name
'SecurityPrincipal' = $UserName
'FileSystemRights' = [Security.AccessControl.FileSystemRights]`
$($DACL.AccessMask -as [Security.AccessControl.FileSystemRights])
'NTFS' = 1}
$SharedNTFSACL = New-Object -TypeName PSObject -Property $Properties
$Objs += $SharedNTFSACL
}
$Objs |Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS -Unique
}
}
else
{
$Properties = @{'ComputerName' = $ComputerName
'SharedFolderName' = "Not Available"
'SecurityPrincipal' = "Not Available"
'FileSystemRights' = "Not Available"
'NTFS' = "1"}
$SharedNTFSACL = New-Object -TypeName PSObject -Property $Properties
$Objs += $SharedNTFSACL
$Objs |Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS -Unique
}
}
Function LetsStart($ComputerName){
foreach($CN in $ComputerName){
GetSharedFolderNTFSPermission -ComputerName $CN
GetSharedFolderPermission -ComputerName $CN
}
}
$ComputerName="server01","server02","server03"
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString('yyyy-MM-dd_HH-mm')
LetsStart($ComputerName) | Export-Csv “c:\path\to\file\$CurrentDate.csv" -NoTypeInformation