AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of maharlika
maharlika
 asked on

Need to see permissions on all drives/folders/subfolders in Windows Server 2008/2012

I need to see what all the security permissions are on all drives on a server so I can recreate these permissions on another server.  I used to use dumpsec, but I don't think that has been updated for Server 2008 or 2012.
Windows Server 2008Windows Server 2012SecurityMiscellaneous
Avatar of undefined
Last Comment
McKnife
8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Rohan12690
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
McKnife
Icacls.exe is built-in and can dump this info (NTFS-permissions), too.
Jose Torres
This should do the trick
# Generate CSV file with all shares and share/ntfs permissions

Clear

# Change to the target server
$ComputerName = 'YourServer'
# Change to the path you want the CSV to go to
$OuputPath = 'C:\DisasterRecovery\Backup_Shares\' + $ComputerName + '_Shares.csv'
$SecurityOut = @()

$Shares = Get-WmiObject -Class Win32_Share -ComputerName $ComputerName | Where-Object {$_.Type -eq 0} | Select Name, Path
ForEach ($ShareItem in $Shares) {
    $ShareName = $ShareItem.Name
    $SharePath = $ShareItem.Path
    $ShareUNCPath = "\\$ComputerName\$ShareName"
    $Acl = Get-Acl $ShareUNCPath
    # Get NTFS permissions for Share
    ForEach ($AccessRule in $Acl.Access) {
        $SecurityType = 'NTFS'
        $SecurityOut += New-Object PSObject -Property @{ShareName=$($ShareName);SharePath=$($SharePath);SecurityType=$($SecurityType);UserName=$($AccessRule.IdentityReference);UserAccess=$($AccessRule.FileSystemRights)}
    }
    # Get SMB permissions for Share
    $Share = Get-WmiObject win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $ComputerName
    If($Share) {
        $Obj = @()
        $ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
        ForEach($ACL in $ACLS) {
            $SecurityType = 'SMB'
            $User = $ACL.Trustee.Name
            If(!($User)) {
                $User = $ACL.Trustee.SID
            }
            $Domain = $ACL.Trustee.Domain
            Switch($ACL.AccessMask) {
                2032127 {$Perm = "Full Control"}
                1245631 {$Perm = "Change"}
                1179817 {$Perm = "Read"}
            }
            $SecurityOut += New-Object PSObject -Property @{ShareName=$($ShareName);SharePath=$($SharePath);SecurityType=$($SecurityType);UserName=$("$Domain\$User");UserAccess=$($Perm)}
        }
    }
}

$SecurityOut | Select-Object ShareName, SharePath, SecurityType, UserName, UserAccess | Export-Csv -NoTypeInformation -Path $OuputPath

Open in new window

McKnife
The other comments were solutions, too - a "thank you" never hurts :-)
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent