Combine these two WSH scripts?
I'd like to use WMI to query the shares on a pc, or array of pc's as in this script:
On Error Resume Next
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("S
I'd also like to get the permissions for each item it returns with the script here:
http://www.microsoft.com/technet/scriptcenter/scripts/security/dacls/sedcvb02.mspx
I've been trying to set the first line in this script to:
strFolderName = objItem.Path (rather than strFolderName = "C:\scripts\sec_center")
But it hasn't worked. Also using just the path won't really work on a remote pc share, as c:\something\something is not a valid share name.
perhaps strFolderName = strComputer\objItem.Name (not that that is a valid statement, but it should get the idea accross)
I'll probably need a for each... in there, anyone have any ideas? Should I post this to a different TA?
-rich
On Error Resume Next
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("S
I'd also like to get the permissions for each item it returns with the script here:
http://www.microsoft.com/technet/scriptcenter/scripts/security/dacls/sedcvb02.mspx
I've been trying to set the first line in this script to:
strFolderName = objItem.Path (rather than strFolderName = "C:\scripts\sec_center")
But it hasn't worked. Also using just the path won't really work on a remote pc share, as c:\something\something is not a valid share name.
perhaps strFolderName = strComputer\objItem.Name (not that that is a valid statement, but it should get the idea accross)
I'll probably need a for each... in there, anyone have any ideas? Should I post this to a different TA?
-rich
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Pleasure :)
Chris
ASKER
There is certainly an easier way... but I've modifed the script to output in XML
Option Explicit
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
Sub ReadDescriptor(strPath)
Dim objFolderSecuritySettings,
Dim arrACEs
Dim intControlFlags
Set objFolderSecuritySettings = objWMIService.Get("Win32_L
objFolderSecuritySettings.
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo "<ACL>"
WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>
End If
If objACE.AccessMask AND FILE_DELETE Then
WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
End If
If objACE.AccessMask AND FILE_READ_EA Then
WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
End If
WScript.Echo "</ACL>"
Next
Else
WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
End If
End Sub
'
' Main Code
'
Wscript.Echo "<?xml version=" & Chr(34) & "1.0" & Chr(34) & "?>"
Wscript.Echo "<Inventory_1.0>"
WScript.Echo "<Computer>"
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
WScript.Echo "<Computer_Name>" & strComputer & "</Computer_Name>"
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("S
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "<Shares>"
WScript.Echo "<Path>" & objItem.Path & "</Path>"
ReadDescriptor objItem.Path
WScript.Echo "</Shares>"
Next
WScript.Echo "</Computer>"
Set objWMIService = Nothing
On Error Goto 0
Next
Wscript.Echo "</Inventory_1.0>"
Option Explicit
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
Sub ReadDescriptor(strPath)
Dim objFolderSecuritySettings,
Dim arrACEs
Dim intControlFlags
Set objFolderSecuritySettings = objWMIService.Get("Win32_L
objFolderSecuritySettings.
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo "<ACL>"
WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>
End If
If objACE.AccessMask AND FILE_DELETE Then
WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
End If
If objACE.AccessMask AND FILE_READ_EA Then
WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
End If
WScript.Echo "</ACL>"
Next
Else
WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
End If
End Sub
'
' Main Code
'
Wscript.Echo "<?xml version=" & Chr(34) & "1.0" & Chr(34) & "?>"
Wscript.Echo "<Inventory_1.0>"
WScript.Echo "<Computer>"
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
WScript.Echo "<Computer_Name>" & strComputer & "</Computer_Name>"
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("S
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "<Shares>"
WScript.Echo "<Path>" & objItem.Path & "</Path>"
ReadDescriptor objItem.Path
WScript.Echo "</Shares>"
Next
WScript.Echo "</Computer>"
Set objWMIService = Nothing
On Error Goto 0
Next
Wscript.Echo "</Inventory_1.0>"
ASKER
Sorry typos...
There is a missing "/" and an incorrect "\" around lines 44-45 here is the corrections and some minor changes, I'm posted the whole thing again... with corrections.
Option Explicit
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
Sub ReadDescriptor(strPath)
Dim objFolderSecuritySettings,
Dim arrACEs
Dim intControlFlags
Set objFolderSecuritySettings = objWMIService.Get("Win32_L
objFolderSecuritySettings.
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "</objACE.Trustee.Domain>"
WScript.Echo "<ACL>"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>
End If
If objACE.AccessMask AND FILE_DELETE Then
WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
End If
If objACE.AccessMask AND FILE_READ_EA Then
WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
End If
WScript.Echo "</ACL>"
Next
Else
WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
End If
End Sub
'
' Main Code
'
Wscript.Echo "<?xml version=" & Chr(34) & "1.0" & Chr(34) & "?>"
Wscript.Echo "<Inventory_1.0>"
WScript.Echo "<Computer>"
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
WScript.Echo "<Computer_Name>" & strComputer & "</Computer_Name>"
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("S
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "<Share>"
WScript.Echo "<Path>" & objItem.Path & "</Path>"
ReadDescriptor objItem.Path
WScript.Echo "</Share>"
Next
WScript.Echo "</Computer>"
Set objWMIService = Nothing
On Error Goto 0
Next
Wscript.Echo "</Inventory_1.0>"
There is a missing "/" and an incorrect "\" around lines 44-45 here is the corrections and some minor changes, I'm posted the whole thing again... with corrections.
Option Explicit
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
Sub ReadDescriptor(strPath)
Dim objFolderSecuritySettings,
Dim arrACEs
Dim intControlFlags
Set objFolderSecuritySettings = objWMIService.Get("Win32_L
objFolderSecuritySettings.
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "</objACE.Trustee.Domain>"
WScript.Echo "<ACL>"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>
End If
If objACE.AccessMask AND FILE_DELETE Then
WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
End If
If objACE.AccessMask AND FILE_READ_EA Then
WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
End If
WScript.Echo "</ACL>"
Next
Else
WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
End If
End Sub
'
' Main Code
'
Wscript.Echo "<?xml version=" & Chr(34) & "1.0" & Chr(34) & "?>"
Wscript.Echo "<Inventory_1.0>"
WScript.Echo "<Computer>"
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
WScript.Echo "<Computer_Name>" & strComputer & "</Computer_Name>"
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("S
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "<Share>"
WScript.Echo "<Path>" & objItem.Path & "</Path>"
ReadDescriptor objItem.Path
WScript.Echo "</Share>"
Next
WScript.Echo "</Computer>"
Set objWMIService = Nothing
On Error Goto 0
Next
Wscript.Echo "</Inventory_1.0>"
This script works great, but I have one question. Is there a way to get it to show sub directories for the shares: for instance.....
It shows results for:
D:\Share
I need:
D:\Share\subfolder
Is there an easy way of achieving this without rewriting the whole script?
It shows results for:
D:\Share
I need:
D:\Share\subfolder
Is there an easy way of achieving this without rewriting the whole script?
It's not too difficult, just a bit of messing around.
The only tricky bit is constantly changing between the shared path and local path. That's because you'd need to use the FileSystemObject to perform recursion from the share down. Probably okay doing a Replace operation on the path before passing it to ReadDescriptor.
To be honest, if you're looking to enumerate permissions you'd be better dropping VbScript completely and using PowerShell. Get-ACL is a hell of a lot more powerful.
Chris
Great, I'll give it a shot. Thanks for the quick reply!
I am not getting this to work for my SHARES. Only the folders. I have two shares defined one New Folder and ther other MOST (just to test) It gives me info on New Folder but nothing else.
Does it echo both shares?
It won't enumerate the descriptor on the share itself, but it should capture all folder level permissions.
Chris
ASKER
I've tried getting the script to read from a file, but haven't had much success..
I'm sure I'm missing something...
I'm sure I'm missing something...
For the "main code" I changed to:
Const INPUT_FILE_NAME = "C:\Computers.txt"
Const FOR_READING = 1
Dim objFSO
Dim objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputers = objFile.ReadAll
objFile.Close
arrComputers = Split(strComputers, vbCrLf)
For Each strComputer In arrComputers
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "Listing Permissions for " & objItem.Path
ReadDescriptor objItem.Path
Next
Set objWMIService = Nothing
On Error Goto 0
Next
Take out the "On Error Resume Next" statement, it's going to hide any error you're bumping into when connecting to the computer.
Chris
ASKER
C:\shares.vbs(110, 1) Microsoft VBScript runtime error: Variable is undefined: 'strComputers'
Oh, and if you could reply faster next time... *wink*
The entire code is attached below. I added the Dim objFSo and Dim objFile because those were also undfined... strComputers is Dim'd at the top of the script... I really am a hack ;)
Oh, and if you could reply faster next time... *wink*
The entire code is attached below. I added the Dim objFSo and Dim objFile because those were also undfined... strComputers is Dim'd at the top of the script... I really am a hack ;)
Option Explicit
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
Sub ReadDescriptor(strPath)
Dim objFolderSecuritySettings, objSD, objACE
Dim arrACEs
Dim intControlFlags
Set objFolderSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strPath & "'")
objFolderSecuritySettings.GetSecurityDescriptor objSD
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo "<ACL>"
WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>" & "Allowed" & "<ACCESS_ALLOWED_ACE_TYPE>"
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>" & "Denied" & "</ACCESS_DENIED_ACE_TYPE>"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>" & " FOLDER_ADD_SUBDIRECTORY " & "</FOLDER_ADD_SUBDIRECTORY>"
End If
If objACE.AccessMask AND FILE_DELETE Then
WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
End If
If objACE.AccessMask AND FILE_READ_EA Then
WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
End If
WScript.Echo "</ACL>"
Next
Else
WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
End If
End Sub
'
' Main Code
'
Const INPUT_FILE_NAME = "C:\tools\Computers.txt"
Const FOR_READING = 1
Dim objFSO
Dim objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputers = objFile.ReadAll
objFile.Close
arrComputers = Split(strComputers, vbCrLf)
For Each strComputer In arrComputers
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "Listing Permissions for " & objItem.Path
ReadDescriptor objItem.Path
Next
Set objWMIService = Nothing
On Error Goto 0
Next
ASKER
ahhh! it's the "S" ... duh
ASKER
I was asking for that... here is the corrected code, that works for me, if someone else can test too? The file needs to be one pc or ip per line
ip.ip.ip.ip
pc_name
pc_name02
etc...
ip.ip.ip.ip
pc_name
pc_name02
etc...
Option Explicit
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
Sub ReadDescriptor(strPath)
Dim objFolderSecuritySettings, objSD, objACE
Dim arrACEs
Dim intControlFlags
Set objFolderSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strPath & "'")
objFolderSecuritySettings.GetSecurityDescriptor objSD
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
WScript.Echo "<ACL>"
WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>" & "Allowed" & "<ACCESS_ALLOWED_ACE_TYPE>"
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>" & "Denied" & "</ACCESS_DENIED_ACE_TYPE>"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>" & " FOLDER_ADD_SUBDIRECTORY " & "</FOLDER_ADD_SUBDIRECTORY>"
End If
If objACE.AccessMask AND FILE_DELETE Then
WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
End If
If objACE.AccessMask AND FILE_READ_EA Then
WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
End If
WScript.Echo "</ACL>"
Next
Else
WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
End If
End Sub
'
' Main Code
'
Const INPUT_FILE_NAME = "C:\\stools\Computers.txt"
Const FOR_READING = 1
Dim objFSO
Dim objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputer = objFile.ReadAll
objFile.Close
arrComputers = Split(strComputer, vbCrLf)
For Each strComputer In arrComputers
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem in colItems
WScript.Echo "Listing Permissions for " & objItem.Path
ReadDescriptor objItem.Path
Next
Set objWMIService = Nothing
On Error Goto 0
Next
:)
strComputer and arrComputers are dimensioned, but strComputers is missing. Works just fine after you add that one in :)
Chris
ASKER
another error on my part... this line should read (change to whatever dir you are using)
Const INPUT_FILE_NAME = "C:\tools\Computers.txt"
... I need to go back to bed...
-rich
Const INPUT_FILE_NAME = "C:\tools\Computers.txt"
... I need to go back to bed...
-rich
lol sorry, I was a bit slow there :)
Anyway, it does indeed work after the correction :)
Chris
ASKER
-rich