Solved

Need help in modifying Powershell script to list all File shares with everyone permission

Posted on 2016-09-07
2
58 Views
Last Modified: 2016-09-07
People,

I've found this script to search through the multiple lines of OU of any Server shares with Everyone permission granted. Butsomehow it doesn't work anymore ?

#OU Locations, make sure the index is in order, 1, 2, 3, etc. 
#you cannot have 3 without 2, etc. 
$ous = @{} 
$ous[1] = 'LDAP://OU=Test OU,DC=domain,DC=com' 
$ous[2] = 'LDAP://OU=Production Servers,OU=Servers,DC=domain,DC=com' 
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com' 

#set logfile directory 
$script:logfile = "C:\TEMP\everyoneshares.txt" 

#This pulls all computer accounts from AD 
function getresults($path,$cert) { 
	$objDomain = New-Object System.DirectoryServices.DirectoryEntry 
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher 
	$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path) 
	$objSearcher.PageSize = 1000 

	# How many to retrieve at a time. Not output size. 
	$objSearcher.Filter = $strFilter 
	$objSearcher.PropertiesToLoad.Add("cn") >$null 
	$colResults = $objSearcher.FindAll() 

		foreach ($objResult in $colResults) { 
			$objItem = $objResult.Properties 
            $computer = $objItem.cn[0] 
			$computer = $objItem.cn 
            $script:comps += $computer 
		} 
} 

#This runs the getresults function for each OU supplied above 
$script:comps = @() 
foreach ($ou in 1 .. $ous.Count) { 
	if ($ous.$ou) { 
		$strFilter = "(&(objectClass=Computer))" 
		getresults $ous.$ou 
	} 
} 

$comps = $script:comps | Sort name $script:mylist = @() write-host `n 

foreach ($comp in $comps) {
#1 
	#here's where we actually pull each share from the current computer 
	$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
	#2 
		foreach ($share in $shares){
		#3 
			$SecurityDescriptor = $Share.GetSecurityDescriptor() 
            ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
			#4 
				$myshare = "" | Select Server, Share, ID, AccessMask 
				$myshare.Server = $comp 
				$myshare.Share = $share.name 
				$myshare.ID = $DACL.Trustee.Name 
				Switch ($DACL.AccessMask) {
				#5 
					2032127 {$AccessMask = "FullControl"} 
					1179785 {$AccessMask = "Read"} 
					1180063 {$AccessMask = "Read, Write"} 
					1179817 {$AccessMask = "ReadAndExecute"} 
					-1610612736 {$AccessMask = "ReadAndExecuteExtended"} 
					1245631 {$AccessMask = "ReadAndExecute, Modify, Write"} 
					1180095 {$AccessMask = "ReadAndExecute, Write"} 
					268435456 {$AccessMask = "FullControl (Sub Only)"} 
					default {$AccessMask = $DACL.AccessMask} 
				}
				#5 
				$myshare.AccessMask = $AccessMask 
				if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
					$script:mylist += $myshare
				} Clear-Variable AccessMask -ErrorAction SilentlyContinue 
			}#4 
		}#3 
	}#2 
}#1 
$mylist | out-file $script:logfile 
$count = $mylist.count 
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n

Open in new window


This is the error message that I got:

Sort-Object : A positional parameter cannot be found that accepts argument '$null'.
At line:42 char:26
+ $comps = $script:comps | Sort name $script:mylist = @() write-host `n
+                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Sort-Object], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SortObjectCommand
 
Where-Object : A positional parameter cannot be found that accepts argument 'if'.
At line:47 char:93
+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand

.....

few hundred lines.... the same as above.

.....

Where-Object : A positional parameter cannot be found that accepts argument 'if'.
At line:47 char:93
+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
 
 
Out-File : Cannot validate argument on parameter 'Encoding'. The argument "write-host" does not belong to the set "unknown,string,unicode,bigendianunicode,utf8,utf7,utf32,ascii,default,oem" specified by the ValidateSet attribute. Supply an argument that is 
in the set and then try the command again.
At line:81 char:111
+ ... s given FullControl" | out-file $script:logfile -append write-host `n
+                                                             ~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Out-File], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand

Open in new window


So any help would be greatly appreciated.

Thanks,
0
Comment
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
You're missing some line breaks.  The line numbers above don't match up with the error messages.  Line 40 should be like
$comps = $script:comps | Sort name
$script:mylist = @()
write-host `n

Open in new window

And line 45 should have a line break before the If statement.
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
Comment Utility
THanks !
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Set OWA language and time zone in Exchange for individuals, all users or per database.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now