Paolo Pizzolongo

Chi è veramente ricco non ha bisogno dei soldi

share

Server Windows Server

Hot to get shared folders permissions with a powershell script

paolo Nessun commento

with this powershell script we’ll be able to get share permissions and ntfs permissions form all the shares of our servers list.

Function GetSharedFolderPermission($ComputerName)
{
	#test server connectivity
	$PingResult = Test-Connection -ComputerName $ComputerName -Count 1 -Quiet
	if($PingResult)
	{
		#check the credential whether trigger
		if($Credential)
		{
			$SharedFolderSecs = Get-WmiObject -Class Win32_LogicalShareSecuritySetting `
			-ComputerName $ComputerName -Credential $Credential -ErrorAction SilentlyContinue
		}
		else
		{
			$SharedFolderSecs = Get-WmiObject -Class Win32_LogicalShareSecuritySetting `
			-ComputerName $ComputerName -ErrorAction SilentlyContinue
		}
		
		foreach ($SharedFolderSec in $SharedFolderSecs) 
		{ 
		    $Objs = @() #define the empty array
			
	        $SecDescriptor = $SharedFolderSec.GetSecurityDescriptor()
	        foreach($DACL in $SecDescriptor.Descriptor.DACL)
			{  
				$DACLDomain = $DACL.Trustee.Domain
				$DACLName = $DACL.Trustee.Name
				if($DACLDomain -ne $null)
				{
	           		$UserName = "$DACLDomain\$DACLName"
				}
				else
				{
					$UserName = "$DACLName"
				}
				
				#customize the property
				$Properties = @{'ComputerName' = $ComputerName
								'SharedFolderName' = $SharedFolderSec.Name
								'SecurityPrincipal' = $UserName
								'FileSystemRights' = [Security.AccessControl.FileSystemRights]`
								$($DACL.AccessMask -as [Security.AccessControl.FileSystemRights])
                                'NTFS' = 0}
				$SharedACLs = New-Object -TypeName PSObject -Property $Properties
				$Objs += $SharedACLs

	        }
			$Objs|Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS
	    }  
	}
	else
	{
		$Properties = @{'ComputerName' = $ComputerName
						'SharedFolderName' = "Not Available"
						'SecurityPrincipal' = "Not Available"
						'FileSystemRights' = "Not Available"
                        'NTFS' = 0}
		$SharedACLs = New-Object -TypeName PSObject -Property $Properties
		$Objs += $SharedACLs
		$Objs|Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS
	}
}

Function GetSharedFolderNTFSPermission($ComputerName)
{
	#test server connectivity
	$PingResult = Test-Connection -ComputerName $ComputerName -Count 1 -Quiet
	if($PingResult)
	{
		#check the credential whether trigger
		if($Credential)
		{
			$SharedFolders = Get-WmiObject -Class Win32_Share `
			-ComputerName $ComputerName -Credential $Credential -ErrorAction SilentlyContinue
		}
		else
		{
			$SharedFolders = Get-WmiObject -Class Win32_Share `
			-ComputerName $ComputerName -ErrorAction SilentlyContinue
		}

		foreach($SharedFolder in $SharedFolders)
		{
			$Objs = @()
			
			$SharedFolderPath = [regex]::Escape($SharedFolder.Path)
			if($Credential)
			{	
				$SharedNTFSSecs = Get-WmiObject -Class Win32_LogicalFileSecuritySetting `
				-Filter "Path='$SharedFolderPath'" -ComputerName $ComputerName  -Credential $Credential
			}
			else
			{
				$SharedNTFSSecs = Get-WmiObject -Class Win32_LogicalFileSecuritySetting `
				-Filter "Path='$SharedFolderPath'" -ComputerName $ComputerName
			}
			
			$SecDescriptor = $SharedNTFSSecs.GetSecurityDescriptor()
			foreach($DACL in $SecDescriptor.Descriptor.DACL)
			{  
				$DACLDomain = $DACL.Trustee.Domain
				$DACLName = $DACL.Trustee.Name
				if($DACLDomain -ne $null)
				{
	           		$UserName = "$DACLDomain\$DACLName"
				}
				else
				{
					$UserName = "$DACLName"
				}
				
				#customize the property
				$Properties = @{'ComputerName' = $ComputerName
								'SharedFolderName' = $SharedFolder.Name
								'SecurityPrincipal' = $UserName
								'FileSystemRights' = [Security.AccessControl.FileSystemRights]`
								$($DACL.AccessMask -as [Security.AccessControl.FileSystemRights])
								'NTFS' = 1}
								
				$SharedNTFSACL = New-Object -TypeName PSObject -Property $Properties
	            $Objs += $SharedNTFSACL
	        }
			$Objs |Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS -Unique
		}
	}
	else
	{
		$Properties = @{'ComputerName' = $ComputerName
						'SharedFolderName' = "Not Available"
						'SecurityPrincipal' = "Not Available"
						'FileSystemRights' = "Not Available"
						'NTFS' = "1"}
					
		$SharedNTFSACL = New-Object -TypeName PSObject -Property $Properties
	    $Objs += $SharedNTFSACL
		$Objs |Select-Object ComputerName,SharedFolderName,SecurityPrincipal,FileSystemRights,NTFS -Unique
	}
} 

Function LetsStart($ComputerName){
	foreach($CN in $ComputerName){
			GetSharedFolderNTFSPermission -ComputerName $CN
			GetSharedFolderPermission -ComputerName $CN
	}
}

$ComputerName="server01","server02","server03"
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString('yyyy-MM-dd_HH-mm')

LetsStart($ComputerName) | Export-Csv “c:\path\to\file\$CurrentDate.csv" -NoTypeInformation
Linux Server Windows Server

Mount Linux CIFS (windows) share

paolo Nessun commento

Mount CIFS with the default local filesystem permissions:
For example, this is the folder where i want to reach my share:

apt-get install cifs-utils
# mkdir /myfolderpath

These are various examples on how to mount a CIFS (windows) share;

# mount -t cifs //myservername/mysharename /myfolderpath -o username=myuser,password=mypassword,domain=mydomain
# mount -t cifs //192.168.83.200/mysharename /myfolderpath -o username=myuser,password=mypassword,domain=mydomain

OR

# mount.cifs //192.168.83.200/mysharename /myfolderpath -o username=myuser,password=mypassword,domain=mydomain

Explain:

  • username=myuser : is the CIFS (windows share) user name required to access.
  • password=mypassword : is the CIFS (windows share) password related to the username specified above. If this option is not set up then the environment variable PASSWD is used. If the password is not specified directly or indirectly via an argument to mount, mount will prompt for a password, unless the guest option is specified into CIFS (windows share) options.
  • domain=mydomain : sets the domain (active directory or workgroup) of the user

Ti sei perso

Linux Server

Upgrade from Debian 12 to 13 (Bookworm to Trixie)

Linux Server

Dynamic DNS with OVH

News

Firefox Amarcord

Windows Server

How to reset a user password on AD without meeting complexity requirements