• Creator
  • #2146509

    Folder Permissions on File Server


    by cwilson21 ·

    I would like be able to easily export or flowchart or somehow get a listing of what users and goups have what permissions on the folders on my file server.

    Does anyone know how to do this? Is there a script that I can use or a program that will go and grab this info and give me something that I can print out etc…

    I am using MS Server 2003 with Active Directory.

    Any help would be great. Thanks.

All Answers

  • Author
    • #2461748


      by cwilson21 ·

      In reply to Folder Permissions on File Server


    • #2461735

      Oldie but goodie

      by ic-it ·

      In reply to Folder Permissions on File Server

      Cut-n-paste this into notepad, save it as a vbs file (watch out that .txt is not appended).
      Change the sComputer section to reflect your server name. Save it, open a cmd prompt, verify the path (or environment variables point to) that directory.
      type Cscript vbsname.vbs>test.txt


      ‘ VBScript Source File — Created with SAPIEN Technologies PrimalScript 4.0

      ‘ NAME:

      ‘ AUTHOR: Todd Fields , *
      ‘ DATE : 2005/12/19

      ‘ COMMENT:

      Option Explicit

      ‘ Define Variables
      Dim sComputer
      Dim oShare, oWMIService
      Dim colShares
      Dim StdOut

      ‘ Local Computer
      sComputer = “server to check”

      ‘ Connect to the WMI provider
      Set oWMIService = GetObject(“winmgmts:” _
      & “{impersonationLevel=impersonate}!\\” & sComputer & “\root\cimv2”)

      ‘ Query Win32_Share to get a collection of the shares
      Set colShares = oWMIService.ExecQuery(“SELECT * FROM Win32_Share”)

      ‘ Set the standard out to the console
      Set StdOut = WScript.StdOut

      ‘ Loop Through each share in the collection of shares
      For Each oShare in colShares
      ‘ If this is set to true, then Maximum Allowed will be disregarded
      StdOut.WriteLine “Allow Maximum: ” & vbTab & oShare.AllowMaximum
      ‘ Description of the share
      StdOut.WriteLine “Caption: ” & vbTab & oShare.Caption
      ‘ The maximum number of user allowed to connect to the resource concurrently.
      ‘ This value will only be valid if Allow Maximum is set to False
      StdOut.WriteLine “Maximum Allowed: ” & vbTab & oShare.MaximumAllowed
      ‘ The network name provided for the share
      StdOut.WriteLine “Name: ” & vbTab & oShare.Name
      ‘ The local path to the share
      StdOut.WriteLine “Path: ” & vbTab & oShare.Path
      ‘ Determine Type of share
      Select Case oShare.Type
      Case “0”
      StdOut.WriteLine “Type: ” & vbTab & “Disk drive”
      Case “1”
      StdOut.WriteLine “Type: ” & vbTab & “Print queue”
      Case “2”
      StdOut.WriteLine “Type: ” & vbTab & “Device”
      Case “3”
      StdOut.WriteLine “Type: ” & vbTab & “IPC”
      Case “-2147483648”
      StdOut.WriteLine “Type: ” & vbTab & “Disk drive (Administrative share)”
      Case “-2147483649”
      StdOut.WriteLine “Type: ” & vbTab & “Print queue (Administrative share)”
      Case “-2147483650”
      StdOut.WriteLine “Type: ” & vbTab & “Device (Administrative share)”
      Case “-2147483645”
      StdOut.WriteLine “Type: ” & vbTab & “IPC (Administrative share)”
      Case Else
      StdOut.WriteLine “Type: ” & vbTab & oShare.Type
      End Select
      StdOut.WriteLine “—————————————————————–”

      • #2461710

        Only listed shares and no permissions

        by cwilson21 ·

        In reply to Oldie but goodie

        Here is a sample of the output that script gave me:

        Allow Maximum: True
        Caption: HR
        Maximum Allowed:
        Name: HR
        Path: D:\Admin\Human Resource
        Type: Disk drive

        It listed the share but not what groups/users and permisions they have to it.

        • #2461689

          Hmmm, Oh Chit

          by ic-it ·

          In reply to Only listed shares and no permissions

          I sent the wrong one sorry I wasted your time. Try this, it is currently only set to run on a local system so it will have to be run on the server.

          Set oWMI = GetObject(“winmgmts:”)

          ‘ Get only Disk Drive shares
          Set oShares = oWMI.ExecQuery(“select Name from Win32_Share where Type=0”)

          For Each oShare In oShares

          ‘ Connect to WMI and get the share security object for the share
          Set oShareSecSetting = GetObject( _
          “winmgmts:Win32_LogicalShareSecuritySetting.Name='” & oShare.Name & “‘”)

          ‘ Use the Win32_LogicalShareSecuritySetting Caption property to create a
          ‘ simple header before dumping the discretionary access control list (DACL)
          WScript.Echo oShareSecSetting.Caption

          ‘ Call the Win32_LogicalShareSecuritySetting GetSecurityDescriptor
          ‘ method to retrieve an instance of the Win32_SecurityDescriptor class
          ‘ for the target object. Note that this is achieved by passing an empty
          ‘ variable to GetSecurityDescriptor, which GetSecurityDescriptor in turn
          ‘ initializes with an instance of the Win32_SecurityDescriptor class
          ‘ that corresponds to the security descriptor for the target object.
          iRC = oShareSecSetting.GetSecurityDescriptor(oSecurityDescriptor)

          If iRC <> 0 Then
          Select Case iRC
          Case 2
          WScript.Echo “You do not have access to the requested information”
          Case 8
          WScript.Echo “Unknown failure”
          Case 9
          WScript.Echo “You do not have adequate privileges”
          Case 21
          WScript.Echo “The specified parameter is invalid”
          Case Else
          WScript.Echo “Unknown error”
          End Select
          End If

          ‘ After the security descriptor is retrieved, you can use the properties
          ‘ provided by the Win32_SecurityDescriptor class to dissect the security
          ‘ descriptor’s access control lists (DACL and SACL) and access
          ‘ control entries (ACEs).

          ‘ Retrieve the content of Win32_SecurityDescriptor DACL property.
          ‘ The DACL is an array of Win32_ACE objects.
          aDACL = oSecurityDescriptor.DACL

          For Each oAce In aDACL
          WScript.Echo “Access Mask: ” & oAce.AccessMask
          WScript.Echo “ACE Type: ” & oAce.AceType

          ‘ Get Win32_Trustee object from ACE
          Set oTrustee = oAce.Trustee
          WScript.Echo “Trustee Domain: ” & oTrustee.Domain
          WScript.Echo “Trustee Name: ” & oTrustee.Name

          ‘ Get SID as array from Trustee
          aSID = oTrustee.SID

          For i = 0 To UBound(aSID) – 1
          strsid = strsid & aSID(i) & “,”
          strsid = strsid & aSID(i)
          WScript.Echo “Trustee SID: {” & strsid & “}”

        • #2460465

          No go….

          by cwilson21 ·

          In reply to Hmmm, Oh Chit

          Thanks but it still doesnt do anything useful.

    • #2460453


      by grey hat geek ·

      In reply to Folder Permissions on File Server

      Have you tried using the query feature in ADUC? What about GPMC, it may be able to give you the information you are looking for. You may be able to structure your query in ADUC to give you the information you are looking for. Let me know if this helps.

      • #2462897

        Not gonna work

        by cwilson21 ·

        In reply to Dude……

        Havent tried that but I know thats not going to give me the info Im looking for. Thanks though.

    • #2462869
Viewing 3 reply threads