Avatar of Rich Rumble
Rich Rumble
Flag for United States of America asked on

Combine these two WSH scripts?

I'd like to use WMI to query the shares on a pc, or array of pc's as in this script:
On Error Resume Next
arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
   WScript.Echo
   WScript.Echo "=========================================="
   WScript.Echo "Computer: " & strComputer
   WScript.Echo "=========================================="

   Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
   Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share Where Type = 0 ")

I'd also like to get the permissions for each item it returns with the script here:
http://www.microsoft.com/technet/scriptcenter/scripts/security/dacls/sedcvb02.mspx
I've been trying to set the first line in this script to:
strFolderName = objItem.Path (rather than strFolderName = "C:\scripts\sec_center")
But it hasn't worked. Also using just the path won't really work on a remote pc share, as c:\something\something is not a valid share name.
perhaps strFolderName = strComputer\objItem.Name (not that that is a valid statement, but it should get the idea accross)
I'll probably need a for each... in there, anyone have any ideas? Should I post this to a different TA?
-rich
Visual Basic ClassicVB Script

Avatar of undefined
Last Comment
Chris Dent

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Chris Dent

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Rich Rumble

ASKER
That's sweet Chris! Thanks, I love this place. It does work very well, again thank you.
-rich
Chris Dent


Pleasure :)

Chris
Rich Rumble

ASKER
There is certainly an easier way... but I've modifed the script to output in XML
Option Explicit

Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE  = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20

Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems

Sub ReadDescriptor(strPath)
     Dim objFolderSecuritySettings, objSD, objACE
     Dim arrACEs
     Dim intControlFlags

     Set objFolderSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strPath & "'")
     objFolderSecuritySettings.GetSecurityDescriptor objSD
               
     intControlFlags = objSD.ControlFlags

     If intControlFlags AND SE_DACL_PRESENT Then
          arrACEs = objSD.DACL
          For Each objACE in arrACEs
                       WScript.Echo "<ACL>"
               WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
               If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>" & "Allowed" & "<ACCESS_ALLOWED_ACE_TYPE>"
               ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>" & "Denied" & "</ACCESS_DENIED_ACE_TYPE>"
               End If
               If objACE.AccessMask AND FILE_ALL_ACCESS Then
                    WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>" & " FOLDER_ADD_SUBDIRECTORY " & "</FOLDER_ADD_SUBDIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_DELETE Then
                    WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
               End If
               If objACE.AccessMask AND FILE_DELETE_CHILD Then
                    WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
               End If
               If objACE.AccessMask AND FOLDER_TRAVERSE Then
                    WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
               End If
               If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_READ_CONTROL Then
                    WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
               End If
               If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_READ_EA Then
                    WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
               End If
               If objACE.AccessMask AND FILE_SYNCHRONIZE Then
                    WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_WRITE_DAC Then
                    WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_FILE Then
                    WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_EA Then
                    WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
               End If
               If objACE.AccessMask AND FILE_WRITE_OWNER Then
                    WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
               End If
               WScript.Echo "</ACL>"
          Next
     Else
             WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
     End If
End Sub

'
' Main Code
'
            Wscript.Echo "<?xml version=" & Chr(34) & "1.0" & Chr(34) & "?>"
    Wscript.Echo "<Inventory_1.0>"
    WScript.Echo "<Computer>"

arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
     WScript.Echo "<Computer_Name>" & strComputer & "</Computer_Name>"

     On Error Resume Next
     Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
     Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
               WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)

     For Each objItem in colItems
                       WScript.Echo "<Shares>"
          WScript.Echo "<Path>" & objItem.Path & "</Path>"
          ReadDescriptor objItem.Path
                       WScript.Echo "</Shares>"
     Next
     WScript.Echo "</Computer>"
         Set objWMIService = Nothing
     On Error Goto 0
Next
Wscript.Echo "</Inventory_1.0>"
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Rich Rumble

ASKER
Sorry typos...
There is a missing "/" and an incorrect "\" around lines 44-45 here is the corrections and some minor changes, I'm posted the whole thing again... with corrections.

Option Explicit

Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE  = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20

Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems

Sub ReadDescriptor(strPath)
     Dim objFolderSecuritySettings, objSD, objACE
     Dim arrACEs
     Dim intControlFlags

     Set objFolderSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strPath & "'")
     objFolderSecuritySettings.GetSecurityDescriptor objSD
               
     intControlFlags = objSD.ControlFlags

     If intControlFlags AND SE_DACL_PRESENT Then
          arrACEs = objSD.DACL
          For Each objACE in arrACEs
                       WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "</objACE.Trustee.Domain>"
                       WScript.Echo "<ACL>"
               If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>" & "Allowed" & "</ACCESS_ALLOWED_ACE_TYPE>"
               ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>" & "Denied" & "</ACCESS_DENIED_ACE_TYPE>"
               End If
               If objACE.AccessMask AND FILE_ALL_ACCESS Then
                    WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>" & " FOLDER_ADD_SUBDIRECTORY " & "</FOLDER_ADD_SUBDIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_DELETE Then
                    WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
               End If
               If objACE.AccessMask AND FILE_DELETE_CHILD Then
                    WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
               End If
               If objACE.AccessMask AND FOLDER_TRAVERSE Then
                    WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
               End If
               If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_READ_CONTROL Then
                    WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
               End If
               If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_READ_EA Then
                    WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
               End If
               If objACE.AccessMask AND FILE_SYNCHRONIZE Then
                    WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_WRITE_DAC Then
                    WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_FILE Then
                    WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_EA Then
                    WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
               End If
               If objACE.AccessMask AND FILE_WRITE_OWNER Then
                    WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
               End If
               WScript.Echo "</ACL>"
          Next
     Else
             WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
     End If
End Sub

'
' Main Code
'
            Wscript.Echo "<?xml version=" & Chr(34) & "1.0" & Chr(34) & "?>"
    Wscript.Echo "<Inventory_1.0>"
    WScript.Echo "<Computer>"

arrComputers = Array("127.0.0.1")
For Each strComputer In arrComputers
     WScript.Echo "<Computer_Name>" & strComputer & "</Computer_Name>"

     On Error Resume Next
     Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
     Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
               WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)

     For Each objItem in colItems
                       WScript.Echo "<Share>"
          WScript.Echo "<Path>" & objItem.Path & "</Path>"
          ReadDescriptor objItem.Path
                       WScript.Echo "</Share>"
     Next
     WScript.Echo "</Computer>"
         Set objWMIService = Nothing
     On Error Goto 0
Next
Wscript.Echo "</Inventory_1.0>"
mouseware

This script works great, but I have one question.  Is there a way to get it to show sub directories for the shares: for instance.....

It shows results for:
D:\Share

I need:
D:\Share\subfolder

Is there an easy way of achieving this without rewriting the whole script?
Chris Dent


It's not too difficult, just a bit of messing around.

The only tricky bit is constantly changing between the shared path and local path. That's because you'd need to use the FileSystemObject to perform recursion from the share down. Probably okay doing a Replace operation on the path before passing it to ReadDescriptor.

To be honest, if you're looking to enumerate permissions you'd be better dropping VbScript completely and using PowerShell. Get-ACL is a hell of a lot more powerful.

Chris
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
mouseware

Great, I'll give it a shot. Thanks for the quick reply!
jointheir

I am not getting this to work for my SHARES. Only the folders. I have two shares defined one New Folder and ther other MOST (just to test) It gives me info on New Folder but nothing else.
Chris Dent


Does it echo both shares?

It won't enumerate the descriptor on the share itself, but it should capture all folder level permissions.

Chris
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Rich Rumble

ASKER
I've tried getting the script to read from a file, but haven't had much success..
I'm sure I'm missing something...
For the "main code" I changed to:
 
 
Const INPUT_FILE_NAME = "C:\Computers.txt"
Const FOR_READING = 1
Dim objFSO
Dim objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputers = objFile.ReadAll
objFile.Close
arrComputers = Split(strComputers, vbCrLf)
For Each strComputer In arrComputers
 
      On Error Resume Next
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
      Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
                  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
      For Each objItem in colItems
            WScript.Echo "Listing Permissions for " & objItem.Path
            ReadDescriptor objItem.Path
      Next
      Set objWMIService = Nothing
      On Error Goto 0
Next

Open in new window

Chris Dent


Take out the "On Error Resume Next" statement, it's going to hide any error you're bumping into when connecting to the computer.

Chris
Rich Rumble

ASKER
C:\shares.vbs(110, 1) Microsoft VBScript runtime error: Variable is undefined: 'strComputers'
Oh, and if you could reply faster next time... *wink*
The entire code is attached below. I added the Dim objFSo and Dim objFile because those were also undfined... strComputers is Dim'd at the top of the script... I really am a hack ;)
Option Explicit
 
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE  = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
 
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
 
Sub ReadDescriptor(strPath)
     Dim objFolderSecuritySettings, objSD, objACE
     Dim arrACEs
     Dim intControlFlags
 
     Set objFolderSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strPath & "'")
     objFolderSecuritySettings.GetSecurityDescriptor objSD
               
     intControlFlags = objSD.ControlFlags
 
     If intControlFlags AND SE_DACL_PRESENT Then
          arrACEs = objSD.DACL
          For Each objACE in arrACEs
                       WScript.Echo "<ACL>"
               WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
               If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>" & "Allowed" & "<ACCESS_ALLOWED_ACE_TYPE>"
               ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>" & "Denied" & "</ACCESS_DENIED_ACE_TYPE>"
               End If
               If objACE.AccessMask AND FILE_ALL_ACCESS Then
                    WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>" & " FOLDER_ADD_SUBDIRECTORY " & "</FOLDER_ADD_SUBDIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_DELETE Then
                    WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
               End If
               If objACE.AccessMask AND FILE_DELETE_CHILD Then
                    WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
               End If
               If objACE.AccessMask AND FOLDER_TRAVERSE Then
                    WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
               End If
               If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_READ_CONTROL Then
                    WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
               End If
               If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_READ_EA Then
                    WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
               End If
               If objACE.AccessMask AND FILE_SYNCHRONIZE Then
                    WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_WRITE_DAC Then
                    WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_FILE Then
                    WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_EA Then
                    WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
               End If
               If objACE.AccessMask AND FILE_WRITE_OWNER Then
                    WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
               End If
               WScript.Echo "</ACL>"
          Next
     Else
             WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
     End If
End Sub
 
'
' Main Code
'
Const INPUT_FILE_NAME = "C:\tools\Computers.txt"
Const FOR_READING = 1
Dim objFSO 
Dim objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputers = objFile.ReadAll
objFile.Close
arrComputers = Split(strComputers, vbCrLf)
For Each strComputer In arrComputers
 
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
      Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
                  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
      For Each objItem in colItems
            WScript.Echo "Listing Permissions for " & objItem.Path
            ReadDescriptor objItem.Path
      Next
      Set objWMIService = Nothing
      On Error Goto 0
Next

Open in new window

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Rich Rumble

ASKER
ahhh! it's the "S" ... duh
Rich Rumble

ASKER
I was asking for that... here is the corrected code, that works for me, if someone else can test too? The file needs to be one pc or ip per line
ip.ip.ip.ip
pc_name
pc_name02
etc...

Option Explicit
 
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE  = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
 
Dim objWMIService, objItem
Dim strComputer
Dim arrComputers
Dim colItems
 
Sub ReadDescriptor(strPath)
     Dim objFolderSecuritySettings, objSD, objACE
     Dim arrACEs
     Dim intControlFlags
 
     Set objFolderSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strPath & "'")
     objFolderSecuritySettings.GetSecurityDescriptor objSD
               
     intControlFlags = objSD.ControlFlags
 
     If intControlFlags AND SE_DACL_PRESENT Then
          arrACEs = objSD.DACL
          For Each objACE in arrACEs
                       WScript.Echo "<ACL>"
               WScript.Echo "<objACE.Trustee.Domain>" & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & "<\objACE.Trustee.Domain>"
               If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_ALLOWED_ACE_TYPE>" & "Allowed" & "<ACCESS_ALLOWED_ACE_TYPE>"
               ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
                    WScript.Echo vbTab & "<ACCESS_DENIED_ACE_TYPE>" & "Denied" & "</ACCESS_DENIED_ACE_TYPE>"
               End If
               If objACE.AccessMask AND FILE_ALL_ACCESS Then
                    WScript.Echo vbTab & "<FILE_ALL_ACCESS>" & "FILE_ALL_ACCESS " & "</FILE_ALL_ACCESS>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_ADD_SUBDIRECTORY>" & " FOLDER_ADD_SUBDIRECTORY " & "</FOLDER_ADD_SUBDIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_DELETE Then
                    WScript.Echo vbTab & "<FILE_DELETE>" & "FILE_DELETE " & "</FILE_DELETE>"
               End If
               If objACE.AccessMask AND FILE_DELETE_CHILD Then
                    WScript.Echo vbTab & "<FILE_DELETE_CHILD>" & "FILE_DELETE_CHILD " & "</FILE_DELETE_CHILD>"
               End If
               If objACE.AccessMask AND FOLDER_TRAVERSE Then
                    WScript.Echo vbTab & "<FOLDER_TRAVERSE>" & " FOLDER_TRAVERSE " & "</FOLDER_TRAVERSE>"
               End If
               If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_READ_ATTRIBUTES>" & "FILE_READ_ATTRIBUTES " & "</FILE_READ_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_READ_CONTROL Then
                    WScript.Echo vbTab & "<FILE_READ_CONTROL>" & "FILE_READ_CONTROL " & "</FILE_READ_CONTROL>"
               End If
               If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
                    WScript.Echo vbTab & "<FOLDER_LIST_DIRECTORY>" & " FOLDER_LIST_DIRECTORY " & "</FOLDER_LIST_DIRECTORY>"
               End If
               If objACE.AccessMask AND FILE_READ_EA Then
                    WScript.Echo vbTab & "<FILE_READ_EA>" & "FILE_READ_EA " & "</FILE_READ_EA>"
               End If
               If objACE.AccessMask AND FILE_SYNCHRONIZE Then
                    WScript.Echo vbTab & "<FILE_SYNCHRONIZE>" & "FILE_SYNCHRONIZE " & "</FILE_SYNCHRONIZE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
                    WScript.Echo vbTab & "<FILE_WRITE_ATTRIBUTES>" & "FILE_WRITE_ATTRIBUTES " & "</FILE_WRITE_ATTRIBUTES>"
               End If
               If objACE.AccessMask AND FILE_WRITE_DAC Then
                    WScript.Echo vbTab & "<FILE_WRITE_DAC>" & "FILE_WRITE_DAC " & "</FILE_WRITE_DAC>"
               End If
               If objACE.AccessMask AND FOLDER_ADD_FILE Then
                    WScript.Echo vbTab & "<FOLDER_ADD_FILE>" & " FOLDER_ADD_FILE " & "</FOLDER_ADD_FILE>"
               End If
               If objACE.AccessMask AND FILE_WRITE_EA Then
                    WScript.Echo vbTab & "<FILE_WRITE_EA>" & "FILE_WRITE_EA " & "</FILE_WRITE_EA>"
               End If
               If objACE.AccessMask AND FILE_WRITE_OWNER Then
                    WScript.Echo vbTab & "<FILE_WRITE_OWNER>" & "FILE_WRITE_OWNER " & "</FILE_WRITE_OWNER>"
               End If
               WScript.Echo "</ACL>"
          Next
     Else
             WScript.Echo "<No_DACL>" & "No DACL present in security descriptor" & "</No_DACL>"
     End If
End Sub
 
'
' Main Code
'
Const INPUT_FILE_NAME = "C:\\stools\Computers.txt"
Const FOR_READING = 1
Dim objFSO
Dim objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputer = objFile.ReadAll
objFile.Close
arrComputers = Split(strComputer, vbCrLf)
For Each strComputer In arrComputers
 
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
      Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Share WHERE Type=0", "WQL",_
                  WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
 
      For Each objItem in colItems
            WScript.Echo "Listing Permissions for " & objItem.Path
            ReadDescriptor objItem.Path
      Next
      Set objWMIService = Nothing
      On Error Goto 0
Next

Open in new window

Chris Dent


:)

strComputer and arrComputers are dimensioned, but strComputers is missing. Works just fine after you add that one in :)

Chris
Your help has saved me hundreds of hours of internet surfing.
fblack61
Rich Rumble

ASKER
another error on my part... this line should read (change to whatever dir you are using)
Const INPUT_FILE_NAME = "C:\tools\Computers.txt"
... I need to go back to bed...
-rich
Chris Dent


lol sorry, I was a bit slow there :)

Anyway, it does indeed work after the correction :)

Chris