with this powershell script we’ll be able to get share permissions and ntfs permissions form all the shares of our servers list.
Function GetSharedFolderPermission($ComputerName) { #test server connectivity $PingResult = Test-Connection -ComputerName $ComputerName -Count 1 -Quiet if($PingResult) { #check the credential whether trigger if($Credential) { $SharedFolderSecs = Get-WmiObject -Class Win32_LogicalShareSecuritySetting ` -ComputerName $ComputerName -Credential $Credential -ErrorAction SilentlyContinue } else { $SharedFolderSecs = Get-WmiObject -Class Win32_LogicalShareSecuritySetting ` -ComputerName $ComputerName -ErrorAction SilentlyContinue } foreach ($SharedFolderSec in $SharedFolderSecs) { $Objs = @() #define the empty array $SecDescriptor = $SharedFolderSec.GetSecurityDescriptor() foreach($DACL in $SecDescriptor.Descriptor.DACL) { $DACLDomain = $DACL.Trustee.Domain $DACLName = $DACL.Trustee.Name if($DACLDomain -ne $null) { $UserName = "$DACLDomain\$DACLName" } else { $UserName = "$DACLName" } #customize the property $Properties = @{'ComputerName' = $ComputerName 'SharedFolderName' = $SharedFolderSec.Name 'SecurityPrincipal' = $UserName 'FileSystemRights' = [Security.AccessControl.FileSystemRights]` $($DACL.AccessMask -as [Security.AccessControl.FileSystemRights]) 'NTFS' = 0} $SharedACLs = New-Object -TypeName PSObject -Property $Properties $Objs += $SharedACLs } $Objs|Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS } } else { $Properties = @{'ComputerName' = $ComputerName 'SharedFolderName' = "Not Available" 'SecurityPrincipal' = "Not Available" 'FileSystemRights' = "Not Available" 'NTFS' = 0} $SharedACLs = New-Object -TypeName PSObject -Property $Properties $Objs += $SharedACLs $Objs|Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS } } Function GetSharedFolderNTFSPermission($ComputerName) { #test server connectivity $PingResult = Test-Connection -ComputerName $ComputerName -Count 1 -Quiet if($PingResult) { #check the credential whether trigger if($Credential) { $SharedFolders = Get-WmiObject -Class Win32_Share ` -ComputerName $ComputerName -Credential $Credential -ErrorAction SilentlyContinue } else { $SharedFolders = Get-WmiObject -Class Win32_Share ` -ComputerName $ComputerName -ErrorAction SilentlyContinue } foreach($SharedFolder in $SharedFolders) { $Objs = @() $SharedFolderPath = [regex]::Escape($SharedFolder.Path) if($Credential) { $SharedNTFSSecs = Get-WmiObject -Class Win32_LogicalFileSecuritySetting ` -Filter "Path='$SharedFolderPath'" -ComputerName $ComputerName -Credential $Credential } else { $SharedNTFSSecs = Get-WmiObject -Class Win32_LogicalFileSecuritySetting ` -Filter "Path='$SharedFolderPath'" -ComputerName $ComputerName } $SecDescriptor = $SharedNTFSSecs.GetSecurityDescriptor() foreach($DACL in $SecDescriptor.Descriptor.DACL) { $DACLDomain = $DACL.Trustee.Domain $DACLName = $DACL.Trustee.Name if($DACLDomain -ne $null) { $UserName = "$DACLDomain\$DACLName" } else { $UserName = "$DACLName" } #customize the property $Properties = @{'ComputerName' = $ComputerName 'SharedFolderName' = $SharedFolder.Name 'SecurityPrincipal' = $UserName 'FileSystemRights' = [Security.AccessControl.FileSystemRights]` $($DACL.AccessMask -as [Security.AccessControl.FileSystemRights]) 'NTFS' = 1} $SharedNTFSACL = New-Object -TypeName PSObject -Property $Properties $Objs += $SharedNTFSACL } $Objs |Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS -Unique } } else { $Properties = @{'ComputerName' = $ComputerName 'SharedFolderName' = "Not Available" 'SecurityPrincipal' = "Not Available" 'FileSystemRights' = "Not Available" 'NTFS' = "1"} $SharedNTFSACL = New-Object -TypeName PSObject -Property $Properties $Objs += $SharedNTFSACL $Objs |Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS -Unique } } Function LetsStart($ComputerName){ foreach($CN in $ComputerName){ GetSharedFolderNTFSPermission -ComputerName $CN GetSharedFolderPermission -ComputerName $CN } } $ComputerName="server01","server02","server03" $CurrentDate = Get-Date $CurrentDate = $CurrentDate.ToString('yyyy-MM-dd_HH-mm') LetsStart($ComputerName) | Export-Csv “c:\path\to\file\$CurrentDate.csv" -NoTypeInformation
Recent Comments