Solved

Need a PowerShell script to list shares and share permissions residing on a remote server

Posted on 2008-10-24
4
7,023 Views
Last Modified: 2012-06-27
I'm a VERY new user to powerShell and would like to get a listing of the shares and share permissions on remote servers.  I know the start is "Get-WMIObject Win32_Share -computername myserver" but beyond that I haven't been successful.  What I'm looking for is something like the following:
Sharename
User1 - modify
User2 - readOnly
Domain Admins - full

0
Comment
Question by:Diannec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Expert Comment

by:BSonPosh
ID: 22799791
Do you want NTFS permissions or Share permissions?
0
 

Author Comment

by:Diannec
ID: 22802735
right now I'm looking for Share permissions
0
 
LVL 18

Accepted Solution

by:
BSonPosh earned 250 total points
ID: 22812843
Ah... that is quite another beast.

unfortunately, I believe you need to rely on an external app for this one

rmtshare (from NT 4.0 reskit)

This assumes rmtshare is in your path.
$results = rmtshare.exe $share
$results | ?{$_ -match "\w+\\.+\:"}

Open in new window

0
 

Expert Comment

by:sonytechsoft
ID: 25578846
I found a webpage describing solution without relying on external tools here:

http://www.highorbit.co.uk/?p=972

Examples:
PS C:\> Get-ShareACL Test
PS C:\> (Get-ShareACL Test).Access


function Get-ShareACL {
  Param(
    [String]$Name = "%",
    [String]$Computer = $Env:ComputerName
  )
 
  $Shares = @() 
  Get-WMIObject Win32_Share `
    -Computer $Computer -Filter "Name LIKE '$Name'" | `
    %{
      $Access = @();
      If ($_.Type -eq 0) {
        $SD = (Get-WMIObject -Class Win32_LogicalShareSecuritySetting `
          -Computer $Computer `
          -Filter "Name='$($_.Name)'").GetSecurityDescriptor().Descriptor
        $SD.DACL | %{
          $Trustee = $_.Trustee.Name
          If ($_.Trustee.Domain -ne $Null) { $Trustee = "$($_.Trustee.Domain)\$Trustee" }
          $Access += New-Object System.Security.AccessControl.FileSystemAccessRule( `
            $Trustee, $_.AccessMask, $_.AceType)
        }
      }
      $Shares += $_ | Select-Object Name, Path, Description, Caption, `
        @{n='Type';e={ Switch ($_.Type) {
          0 { "Disk Drive" }
          1 { "Print Queue" }
          2 { "Device" }
          2147483648 { "Disk Drive Admin" }
          2147483649 { "Print Queue Admin" }
          2147483650 { "Device Admin" }
          2147483651 { "IPC Admin" } }} }, `
        MaximumAllowed, AllowMaximum, Status, InstallDate, `
        @{n='Access';e={ $Access }}
  }
  Return $Shares
}

Open in new window

0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question