troubleshooting Question
Need help in modifying Powershell script to list all File shares with everyone permission
asked on
People,
I've found this script to search through the multiple lines of OU of any Server shares with Everyone permission granted. Butsomehow it doesn't work anymore ?
This is the error message that I got:
So any help would be greatly appreciated.
Thanks,
I've found this script to search through the multiple lines of OU of any Server shares with Everyone permission granted. Butsomehow it doesn't work anymore ?
#OU Locations, make sure the index is in order, 1, 2, 3, etc.
#you cannot have 3 without 2, etc.
$ous = @{}
$ous[1] = 'LDAP://OU=Test OU,DC=domain,DC=com'
$ous[2] = 'LDAP://OU=Production Servers,OU=Servers,DC=domain,DC=com'
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com'
#set logfile directory
$script:logfile = "C:\TEMP\everyoneshares.txt"
#This pulls all computer accounts from AD
function getresults($path,$cert) {
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path)
$objSearcher.PageSize = 1000
# How many to retrieve at a time. Not output size.
$objSearcher.Filter = $strFilter
$objSearcher.PropertiesToLoad.Add("cn") >$null
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
$objItem = $objResult.Properties
$computer = $objItem.cn[0]
$computer = $objItem.cn
$script:comps += $computer
}
}
#This runs the getresults function for each OU supplied above
$script:comps = @()
foreach ($ou in 1 .. $ous.Count) {
if ($ous.$ou) {
$strFilter = "(&(objectClass=Computer))"
getresults $ous.$ou
}
}
$comps = $script:comps | Sort name $script:mylist = @() write-host `n
foreach ($comp in $comps) {
#1
#here's where we actually pull each share from the current computer
$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
#2
foreach ($share in $shares){
#3
$SecurityDescriptor = $Share.GetSecurityDescriptor()
ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
#4
$myshare = "" | Select Server, Share, ID, AccessMask
$myshare.Server = $comp
$myshare.Share = $share.name
$myshare.ID = $DACL.Trustee.Name
Switch ($DACL.AccessMask) {
#5
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
default {$AccessMask = $DACL.AccessMask}
}
#5
$myshare.AccessMask = $AccessMask
if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
$script:mylist += $myshare
} Clear-Variable AccessMask -ErrorAction SilentlyContinue
}#4
}#3
}#2
}#1
$mylist | out-file $script:logfile
$count = $mylist.count
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n
This is the error message that I got:
Sort-Object : A positional parameter cannot be found that accepts argument '$null'.
At line:42 char:26
+ $comps = $script:comps | Sort name $script:mylist = @() write-host `n
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Sort-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SortObjectCommand
Where-Object : A positional parameter cannot be found that accepts argument 'if'.
At line:47 char:93
+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
.....
few hundred lines.... the same as above.
.....
Where-Object : A positional parameter cannot be found that accepts argument 'if'.
At line:47 char:93
+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
Out-File : Cannot validate argument on parameter 'Encoding'. The argument "write-host" does not belong to the set "unknown,string,unicode,bigendianunicode,utf8,utf7,utf32,ascii,default,oem" specified by the ValidateSet attribute. Supply an argument that is
in the set and then try the command again.
At line:81 char:111
+ ... s given FullControl" | out-file $script:logfile -append write-host `n
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Out-File], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand
So any help would be greatly appreciated.
Thanks,
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.