Question
-
CreatorTopic
-
May 7, 2008 at 1:02 pm #2146509
Folder Permissions on File Server
Lockedby cwilson21 · about 14 years ago
I would like be able to easily export or flowchart or somehow get a listing of what users and goups have what permissions on the folders on my file server.
Does anyone know how to do this? Is there a script that I can use or a program that will go and grab this info and give me something that I can print out etc…
I am using MS Server 2003 with Active Directory.
Any help would be great. Thanks.
This conversation is currently closed to new comments. -
CreatorTopic
All Answers
-
AuthorReplies
-
-
May 7, 2008 at 1:02 pm #2461748
Clarifications
by cwilson21 · about 14 years ago
In reply to Folder Permissions on File Server
Clarifications
-
May 7, 2008 at 1:42 pm #2461735
Oldie but goodie
by ic-it · about 14 years ago
In reply to Folder Permissions on File Server
Cut-n-paste this into notepad, save it as a vbs file (watch out that .txt is not appended).
Change the sComputer section to reflect your server name. Save it, open a cmd prompt, verify the path (or environment variables point to) that directory.
type Cscript vbsname.vbs>test.txt‘==========================================================================
‘
‘ VBScript Source File — Created with SAPIEN Technologies PrimalScript 4.0
‘
‘ NAME:
‘
‘ AUTHOR: Todd Fields , *
‘ DATE : 2005/12/19
‘
‘ COMMENT:
‘
‘==========================================================================
Option Explicit‘ Define Variables
Dim sComputer
Dim oShare, oWMIService
Dim colShares
Dim StdOut‘ Local Computer
sComputer = “server to check”‘ Connect to the WMI provider
Set oWMIService = GetObject(“winmgmts:” _
& “{impersonationLevel=impersonate}!\\” & sComputer & “\root\cimv2”)‘ Query Win32_Share to get a collection of the shares
Set colShares = oWMIService.ExecQuery(“SELECT * FROM Win32_Share”)‘ Set the standard out to the console
Set StdOut = WScript.StdOut‘ Loop Through each share in the collection of shares
For Each oShare in colShares
‘ If this is set to true, then Maximum Allowed will be disregarded
StdOut.WriteLine “Allow Maximum: ” & vbTab & oShare.AllowMaximum
‘ Description of the share
StdOut.WriteLine “Caption: ” & vbTab & oShare.Caption
‘ The maximum number of user allowed to connect to the resource concurrently.
‘ This value will only be valid if Allow Maximum is set to False
StdOut.WriteLine “Maximum Allowed: ” & vbTab & oShare.MaximumAllowed
‘ The network name provided for the share
StdOut.WriteLine “Name: ” & vbTab & oShare.Name
‘ The local path to the share
StdOut.WriteLine “Path: ” & vbTab & oShare.Path
‘ Determine Type of share
Select Case oShare.Type
Case “0”
StdOut.WriteLine “Type: ” & vbTab & “Disk drive”
Case “1”
StdOut.WriteLine “Type: ” & vbTab & “Print queue”
Case “2”
StdOut.WriteLine “Type: ” & vbTab & “Device”
Case “3”
StdOut.WriteLine “Type: ” & vbTab & “IPC”
Case “-2147483648”
StdOut.WriteLine “Type: ” & vbTab & “Disk drive (Administrative share)”
Case “-2147483649”
StdOut.WriteLine “Type: ” & vbTab & “Print queue (Administrative share)”
Case “-2147483650”
StdOut.WriteLine “Type: ” & vbTab & “Device (Administrative share)”
Case “-2147483645”
StdOut.WriteLine “Type: ” & vbTab & “IPC (Administrative share)”
Case Else
StdOut.WriteLine “Type: ” & vbTab & oShare.Type
End Select
StdOut.WriteLine “—————————————————————–”
Next-
May 7, 2008 at 2:30 pm #2461710
Only listed shares and no permissions
by cwilson21 · about 14 years ago
In reply to Oldie but goodie
Here is a sample of the output that script gave me:
—————————————————————–
Allow Maximum: True
Caption: HR
Maximum Allowed:
Name: HR
Path: D:\Admin\Human Resource
Type: Disk drive
—————————————————————–It listed the share but not what groups/users and permisions they have to it.
-
May 7, 2008 at 3:20 pm #2461689
Hmmm, Oh Chit
by ic-it · about 14 years ago
In reply to Only listed shares and no permissions
I sent the wrong one sorry I wasted your time. Try this, it is currently only set to run on a local system so it will have to be run on the server.
Set oWMI = GetObject(“winmgmts:”)
‘ Get only Disk Drive shares
Set oShares = oWMI.ExecQuery(“select Name from Win32_Share where Type=0”)For Each oShare In oShares
‘ Connect to WMI and get the share security object for the share
Set oShareSecSetting = GetObject( _
“winmgmts:Win32_LogicalShareSecuritySetting.Name='” & oShare.Name & “‘”)‘ Use the Win32_LogicalShareSecuritySetting Caption property to create a
‘ simple header before dumping the discretionary access control list (DACL)
WScript.Echo oShareSecSetting.Caption‘ Call the Win32_LogicalShareSecuritySetting GetSecurityDescriptor
‘ method to retrieve an instance of the Win32_SecurityDescriptor class
‘ for the target object. Note that this is achieved by passing an empty
‘ variable to GetSecurityDescriptor, which GetSecurityDescriptor in turn
‘ initializes with an instance of the Win32_SecurityDescriptor class
‘ that corresponds to the security descriptor for the target object.
iRC = oShareSecSetting.GetSecurityDescriptor(oSecurityDescriptor)If iRC <> 0 Then
Select Case iRC
Case 2
WScript.Echo “You do not have access to the requested information”
Case 8
WScript.Echo “Unknown failure”
Case 9
WScript.Echo “You do not have adequate privileges”
Case 21
WScript.Echo “The specified parameter is invalid”
Case Else
WScript.Echo “Unknown error”
End Select
WScript.Quit
End If‘ After the security descriptor is retrieved, you can use the properties
‘ provided by the Win32_SecurityDescriptor class to dissect the security
‘ descriptor’s access control lists (DACL and SACL) and access
‘ control entries (ACEs).‘ Retrieve the content of Win32_SecurityDescriptor DACL property.
‘ The DACL is an array of Win32_ACE objects.
aDACL = oSecurityDescriptor.DACLFor Each oAce In aDACL
WScript.Echo
WScript.Echo “Access Mask: ” & oAce.AccessMask
WScript.Echo “ACE Type: ” & oAce.AceType‘ Get Win32_Trustee object from ACE
Set oTrustee = oAce.Trustee
WScript.Echo “Trustee Domain: ” & oTrustee.Domain
WScript.Echo “Trustee Name: ” & oTrustee.Name‘ Get SID as array from Trustee
aSID = oTrustee.SIDFor i = 0 To UBound(aSID) – 1
strsid = strsid & aSID(i) & “,”
Next
strsid = strsid & aSID(i)
WScript.Echo “Trustee SID: {” & strsid & “}”
Next
Next -
May 8, 2008 at 3:06 pm #2460465
No go….
by cwilson21 · about 14 years ago
In reply to Hmmm, Oh Chit
Thanks but it still doesnt do anything useful.
-
-
-
May 8, 2008 at 3:51 pm #2460453
Dude……
by grey hat geek · about 14 years ago
In reply to Folder Permissions on File Server
Have you tried using the query feature in ADUC? What about GPMC, it may be able to give you the information you are looking for. You may be able to structure your query in ADUC to give you the information you are looking for. Let me know if this helps.
-
May 9, 2008 at 11:37 am #2462897
-
-
May 9, 2008 at 12:34 pm #2462869
-
-
AuthorReplies
