Folder Permissions on File Server

By cwilson21 ·
I would like be able to easily export or flowchart or somehow get a listing of what users and goups have what permissions on the folders on my file server.

Does anyone know how to do this? Is there a script that I can use or a program that will go and grab this info and give me something that I can print out etc...

I am using MS Server 2003 with Active Directory.

Any help would be great. Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Oldie but goodie

by IC-IT In reply to Folder Permissions on Fil ...

Cut-n-paste this into notepad, save it as a vbs file (watch out that .txt is not appended).
Change the sComputer section to reflect your server name. Save it, open a cmd prompt, verify the path (or environment variables point to) that directory.
type Cscript vbsname.vbs>test.txt

' VBScript Source File -- Created with SAPIEN Technologies PrimalScript 4.0
' AUTHOR: Todd Fields , *
' DATE : 2005/12/19
Option Explicit

' Define Variables
Dim sComputer
Dim oShare, oWMIService
Dim colShares
Dim StdOut

' Local Computer
sComputer = "server to check"

' Connect to the WMI provider
Set oWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & sComputer & "\root\cimv2")

' Query Win32_Share to get a collection of the shares
Set colShares = oWMIService.ExecQuery("SELECT * FROM Win32_Share")

' Set the standard out to the console
Set StdOut = WScript.StdOut

' Loop Through each share in the collection of shares
For Each oShare in colShares
' If this is set to true, then Maximum Allowed will be disregarded
StdOut.WriteLine "Allow Maximum: " & vbTab & oShare.AllowMaximum
' Description of the share
StdOut.WriteLine "Caption: " & vbTab & oShare.Caption
' The maximum number of user allowed to connect to the resource concurrently.
' This value will only be valid if Allow Maximum is set to False
StdOut.WriteLine "Maximum Allowed: " & vbTab & oShare.MaximumAllowed
' The network name provided for the share
StdOut.WriteLine "Name: " & vbTab & oShare.Name
' The local path to the share
StdOut.WriteLine "Path: " & vbTab & oShare.Path
' Determine Type of share
Select Case oShare.Type
Case "0"
StdOut.WriteLine "Type: " & vbTab & "Disk drive"
Case "1"
StdOut.WriteLine "Type: " & vbTab & "Print queue"
Case "2"
StdOut.WriteLine "Type: " & vbTab & "Device"
Case "3"
StdOut.WriteLine "Type: " & vbTab & "IPC"
Case "-2147483648"
StdOut.WriteLine "Type: " & vbTab & "Disk drive (Administrative share)"
Case "-2147483649"
StdOut.WriteLine "Type: " & vbTab & "Print queue (Administrative share)"
Case "-2147483650"
StdOut.WriteLine "Type: " & vbTab & "Device (Administrative share)"
Case "-2147483645"
StdOut.WriteLine "Type: " & vbTab & "IPC (Administrative share)"
Case Else
StdOut.WriteLine "Type: " & vbTab & oShare.Type
End Select
StdOut.WriteLine "-----------------------------------------------------------------"

Collapse -

Only listed shares and no permissions

by cwilson21 In reply to Oldie but goodie

Here is a sample of the output that script gave me:

Allow Maximum: True
Caption: HR
Maximum Allowed:
Name: HR
Path: \Admin\Human Resource
Type: Disk drive

It listed the share but not what groups/users and permisions they have to it.

Collapse -

Hmmm, Oh Chit

by IC-IT In reply to Only listed shares and no ...

I sent the wrong one sorry I wasted your time. Try this, it is currently only set to run on a local system so it will have to be run on the server.

Set oWMI = GetObject("winmgmts:")

' Get only Disk Drive shares
Set oShares = oWMI.ExecQuery("select Name from Win32_Share where Type=0")

For Each oShare In oShares

' Connect to WMI and get the share security object for the share
Set oShareSecSetting = GetObject( _
"winmgmts:Win32_LogicalShareSecuritySetting.Name='" & oShare.Name & "'")

' Use the Win32_LogicalShareSecuritySetting Caption property to create a
' simple header before dumping the discretionary access control list (DACL)
WScript.Echo oShareSecSetting.Caption

' Call the Win32_LogicalShareSecuritySetting GetSecurityDescriptor
' method to retrieve an instance of the Win32_SecurityDescriptor class
' for the target object. Note that this is achieved by passing an empty
' variable to GetSecurityDescriptor, which GetSecurityDescriptor in turn
' initializes with an instance of the Win32_SecurityDescriptor class
' that corresponds to the security descriptor for the target object.
iRC = oShareSecSetting.GetSecurityDescriptor(oSecurityDescriptor)

If iRC <> 0 Then
Select Case iRC
Case 2
WScript.Echo "You do not have access to the requested information"
Case 8
WScript.Echo "Unknown failure"
Case 9
WScript.Echo "You do not have adequate privileges"
Case 21
WScript.Echo "The specified parameter is invalid"
Case Else
WScript.Echo "Unknown error"
End Select
End If

' After the security descriptor is retrieved, you can use the properties
' provided by the Win32_SecurityDescriptor class to dissect the security
' descriptor's access control lists (DACL and SACL) and access
' control entries (ACEs).

' Retrieve the content of Win32_SecurityDescriptor DACL property.
' The DACL is an array of Win32_ACE objects.
aDACL = oSecurityDescriptor.DACL

For Each oAce In aDACL
WScript.Echo "Access Mask: " & oAce.AccessMask
WScript.Echo "ACE Type: " & oAce.AceType

' Get Win32_Trustee object from ACE
Set oTrustee = oAce.Trustee
WScript.Echo "Trustee Domain: " & oTrustee.Domain
WScript.Echo "Trustee Name: " & oTrustee.Name

' Get SID as array from Trustee
aSID = oTrustee.SID

For i = 0 To UBound(aSID) - 1
strsid = strsid & aSID(i) & ","
strsid = strsid & aSID(i)
WScript.Echo "Trustee SI {" & strsid & "}"

Collapse -

No go....

by cwilson21 In reply to Hmmm, Oh Chit

Thanks but it still doesnt do anything useful.

Collapse -


by Grey Hat Geek In reply to Folder Permissions on Fil ...

Have you tried using the query feature in ADUC? What about GPMC, it may be able to give you the information you are looking for. You may be able to structure your query in ADUC to give you the information you are looking for. Let me know if this helps.

Collapse -

Not gonna work

by cwilson21 In reply to Dude......

Havent tried that but I know thats not going to give me the info Im looking for. Thanks though.

Related Discussions

Related Forums