How Can I Export Share Permissions for each Server, from Server.txt Input File?
Firstly, I already have the NTFS permissions. I ONLY need the "Share" permissions.
I have been working to understand and manipulate this script from here [http://poshcode.org/3398] to export all share permissions to an HTML file, per server. I understand that this script is not written to access an input file, so I have been implementing variations of the code to include these few lines as described here [https://www.sapien.com/for
Also, of note is that when I initially ran this a few hours ago, it ran with no errors, then I noticed that the HTML file was created after I refreshed my $Profile by typing .$Profile at cmd prompt or by closing and restarting PS. But subsequently I noticed this line, which is coded in the script:
ERROR: cannot enumerate share permissions
It continued to output an HTML file (only for the local server) but only AFTER I refreshed my "$Profile".
Thank you!
========================
Get-Content servers.txt |
ForEach-Object{
# call script file and pass variable $_ which is current line of file
c:\folder\filename.ps1 -server $_
}
========================
Function Get-SharePermissions($Shar
$Share = Get-WmiObject win32_LogicalShareSecurity
if($Share){
$obj = @()
$ACLS = $Share.GetSecurityDescript
foreach($ACL in $ACLS){
$User = $ACL.Trustee.Name
if(!($user)){$user = $ACL.Trustee.SID}
$Domain = $ACL.Trustee.Domain
switch($ACL.AccessMask)
{
2032127 {$Perm = "Full Control"}
1245631 {$Perm = "Change"}
1179817 {$Perm = "Read"}
}
$obj = $obj + "$Domain\$user $Perm<br>"
}
}
if(!($Share)){$obj = " ERROR: cannot enumerate share permissions. "}
Return $obj
} # End Get-SharePermissions Function
Function Get-NTFSOwner($Path){
$ACL = Get-Acl -Path $Path
$a = $ACL.Owner.ToString()
Return $a
} # End Get-NTFSOwner Function
Function Get-NTFSPerms($Path){
$ACL = Get-Acl -Path $Path
$obj = @()
foreach($a in $ACL.Access){
$aA = $a.FileSystemRights
$aB = $a.AccessControlType
$aC = $a.IdentityReference
$aD = $a.IsInherited
$aE = $a.InheritanceFlags
$aF = $a.PropagationFlags
$obj = $obj + "$aC | $aB | $aA | $aD | $aE | $aF <br>"
}
Return $obj
} # End Get-NTFSPerms Function
Function Get-AllShares{
$a = Get-WmiObject win32_share -Filter "type=0"
Return $a
} # End Get-AllShares Function
# Create Webpage Header
$z = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`" `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$z = $z + "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$z = "<head><style>"
$z = $z + "TABLE{border-width: 2px;border-style: solid;border-color: black;border-collapse: collapse;}"
$z = $z + "TH{border-width: 2px;padding: 4px;border-style: solid;border-color: black;background-color:lig
$z = $z + "TD{border-width: 1px;padding: 4px;border-style: solid;border-color: black;font-size:12px}"
$z = $z + "</style></head><body>"
$z = $z + "<H4>File Share Report for $env:COMPUTERNAME</H4>"
$z = $z + "<table><colgroup><col/><c
$z = $z + "<tr><th>ShareName</th><th
$MainShares = Get-AllShares
Foreach($MainShare in $MainShares){
$MainShareName = $MainShare.Name
$MainLocation = $MainShare.Path
$MainNTFSPermissions = Get-NTFSPerms -Path $MainLocation
$MainNTFSOwner = Get-NTFSOwner -Path $MainLocation
$MainSharePermissions = Get-SharePermissions -ShareName $MainShareName
$MainShareDescription = $MainShare.Description
$z = $z + "<tr><td>$MainShareName</t
}
$z = $z + "</table></body></html>"
$OutFileName = $env:COMPUTERNAME + "ShareReport.html"
Out-File -FilePath .\$OutFileName -InputObject $z -Encoding ASCII
$OutFileItem = Get-Item -Path .\$OutFileName
Write-Host " Report available here: $OutFileItem" -Foregroundcolor Yellow
Exit
I have been working to understand and manipulate this script from here [http://poshcode.org/3398] to export all share permissions to an HTML file, per server. I understand that this script is not written to access an input file, so I have been implementing variations of the code to include these few lines as described here [https://www.sapien.com/for
Also, of note is that when I initially ran this a few hours ago, it ran with no errors, then I noticed that the HTML file was created after I refreshed my $Profile by typing .$Profile at cmd prompt or by closing and restarting PS. But subsequently I noticed this line, which is coded in the script:
ERROR: cannot enumerate share permissions
It continued to output an HTML file (only for the local server) but only AFTER I refreshed my "$Profile".
Thank you!
========================
Get-Content servers.txt |
ForEach-Object{
# call script file and pass variable $_ which is current line of file
c:\folder\filename.ps1 -server $_
}
========================
Function Get-SharePermissions($Shar
$Share = Get-WmiObject win32_LogicalShareSecurity
if($Share){
$obj = @()
$ACLS = $Share.GetSecurityDescript
foreach($ACL in $ACLS){
$User = $ACL.Trustee.Name
if(!($user)){$user = $ACL.Trustee.SID}
$Domain = $ACL.Trustee.Domain
switch($ACL.AccessMask)
{
2032127 {$Perm = "Full Control"}
1245631 {$Perm = "Change"}
1179817 {$Perm = "Read"}
}
$obj = $obj + "$Domain\$user $Perm<br>"
}
}
if(!($Share)){$obj = " ERROR: cannot enumerate share permissions. "}
Return $obj
} # End Get-SharePermissions Function
Function Get-NTFSOwner($Path){
$ACL = Get-Acl -Path $Path
$a = $ACL.Owner.ToString()
Return $a
} # End Get-NTFSOwner Function
Function Get-NTFSPerms($Path){
$ACL = Get-Acl -Path $Path
$obj = @()
foreach($a in $ACL.Access){
$aA = $a.FileSystemRights
$aB = $a.AccessControlType
$aC = $a.IdentityReference
$aD = $a.IsInherited
$aE = $a.InheritanceFlags
$aF = $a.PropagationFlags
$obj = $obj + "$aC | $aB | $aA | $aD | $aE | $aF <br>"
}
Return $obj
} # End Get-NTFSPerms Function
Function Get-AllShares{
$a = Get-WmiObject win32_share -Filter "type=0"
Return $a
} # End Get-AllShares Function
# Create Webpage Header
$z = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`" `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$z = $z + "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$z = "<head><style>"
$z = $z + "TABLE{border-width: 2px;border-style: solid;border-color: black;border-collapse: collapse;}"
$z = $z + "TH{border-width: 2px;padding: 4px;border-style: solid;border-color: black;background-color:lig
$z = $z + "TD{border-width: 1px;padding: 4px;border-style: solid;border-color: black;font-size:12px}"
$z = $z + "</style></head><body>"
$z = $z + "<H4>File Share Report for $env:COMPUTERNAME</H4>"
$z = $z + "<table><colgroup><col/><c
$z = $z + "<tr><th>ShareName</th><th
$MainShares = Get-AllShares
Foreach($MainShare in $MainShares){
$MainShareName = $MainShare.Name
$MainLocation = $MainShare.Path
$MainNTFSPermissions = Get-NTFSPerms -Path $MainLocation
$MainNTFSOwner = Get-NTFSOwner -Path $MainLocation
$MainSharePermissions = Get-SharePermissions -ShareName $MainShareName
$MainShareDescription = $MainShare.Description
$z = $z + "<tr><td>$MainShareName</t
}
$z = $z + "</table></body></html>"
$OutFileName = $env:COMPUTERNAME + "ShareReport.html"
Out-File -FilePath .\$OutFileName -InputObject $z -Encoding ASCII
$OutFileItem = Get-Item -Path .\$OutFileName
Write-Host " Report available here: $OutFileItem" -Foregroundcolor Yellow
Exit
500 points is the maximum.
I'm not quite clear, do you need a separate file for each server?
I'm not quite clear, do you need a separate file for each server?
ASKER
Yes sir, I would like to create one HTML report for each server, which lists all shares on said server. But maybe it makes more sense to create one HTML file that contains permissions for ALL servers in the servers.txt input file, as long as there is a separation header that indicates where one server stops and the next one starts.
The above script did output one HTML file named "SAL9001ShareReport.html",
$OutFileName = $env:COMPUTERNAME + "ShareReport.html"
I am attaching a copy of that output HTML file here.
SAL9001ShareReport.html
The above script did output one HTML file named "SAL9001ShareReport.html",
$OutFileName = $env:COMPUTERNAME + "ShareReport.html"
I am attaching a copy of that output HTML file here.
SAL9001ShareReport.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
footech.. thank you very much for your help with this! i am attaching a copy of one of the HTML files for your fans.
it works wonderfully! i love the clean appearance of your code as well.
it throws this message, but this is obviously related to many servers being unreachable for whatever reason.
do you think it will be feasible for me to wrestle with this to integrate the NTFS permissions as well with an additional column? i like the Get-ACL approach, but how much work do you think it would be to reach that goal?
can you tell me what "GetWMICOMException" is related to in this instance?
Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At \\111.111.111.111\folderna
+ $shareInfo = @(Get-WmiObject <<<< Win32_Share -ComputerName $server -filter "type = 0" | Select Name,Path)
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microso
shareinfo-MyServerName.html
it works wonderfully! i love the clean appearance of your code as well.
it throws this message, but this is obviously related to many servers being unreachable for whatever reason.
do you think it will be feasible for me to wrestle with this to integrate the NTFS permissions as well with an additional column? i like the Get-ACL approach, but how much work do you think it would be to reach that goal?
can you tell me what "GetWMICOMException" is related to in this instance?
Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At \\111.111.111.111\folderna
+ $shareInfo = @(Get-WmiObject <<<< Win32_Share -ComputerName $server -filter "type = 0" | Select Name,Path)
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microso
shareinfo-MyServerName.html
"The RPC server is unavailable" error can be caused by a few reasons, including: 1) incorrect DNS info, 2) firewall blocking ports, 3) service not running, 4) maybe others.
The code really doesn't have any error handling. About the most basic you could do is including the following inside the foreach loop, which would just test if the machine is pingable before trying to get share info.
The code really doesn't have any error handling. About the most basic you could do is including the following inside the foreach loop, which would just test if the machine is pingable before trying to get share info.
If ( Test-Connection $server -count 1 -quiet )
{
#do stuff
}
ASKER
http://support.experts-exchange.com/customer/portal/articles/1021286