Need help in modifying Powershell script to list all File shares with everyone permission
People,
I've found this script to search through the multiple lines of OU of any Server shares with Everyone permission granted. Butsomehow it doesn't work anymore ?
#OU Locations, make sure the index is in order, 1, 2, 3, etc. #you cannot have 3 without 2, etc. $ous = @{} $ous[1] = 'LDAP://OU=Test OU,DC=domain,DC=com' $ous[2] = 'LDAP://OU=Production Servers,OU=Servers,DC=domain,DC=com' $ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com' #set logfile directory $script:logfile = "C:\TEMP\everyoneshares.txt" #This pulls all computer accounts from AD function getresults($path,$cert) { $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path) $objSearcher.PageSize = 1000 # How many to retrieve at a time. Not output size. $objSearcher.Filter = $strFilter $objSearcher.PropertiesToLoad.Add("cn") >$null $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) { $objItem = $objResult.Properties $computer = $objItem.cn[0] $computer = $objItem.cn $script:comps += $computer } } #This runs the getresults function for each OU supplied above $script:comps = @() foreach ($ou in 1 .. $ous.Count) { if ($ous.$ou) { $strFilter = "(&(objectClass=Computer))" getresults $ous.$ou } } $comps = $script:comps | Sort name $script:mylist = @() write-host `n foreach ($comp in $comps) {#1 #here's where we actually pull each share from the current computer $shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) { #2 foreach ($share in $shares){ #3 $SecurityDescriptor = $Share.GetSecurityDescriptor() ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) { #4 $myshare = "" | Select Server, Share, ID, AccessMask $myshare.Server = $comp $myshare.Share = $share.name $myshare.ID = $DACL.Trustee.Name Switch ($DACL.AccessMask) { #5 2032127 {$AccessMask = "FullControl"} 1179785 {$AccessMask = "Read"} 1180063 {$AccessMask = "Read, Write"} 1179817 {$AccessMask = "ReadAndExecute"} -1610612736 {$AccessMask = "ReadAndExecuteExtended"} 1245631 {$AccessMask = "ReadAndExecute, Modify, Write"} 1180095 {$AccessMask = "ReadAndExecute, Write"} 268435456 {$AccessMask = "FullControl (Sub Only)"} default {$AccessMask = $DACL.AccessMask} } #5 $myshare.AccessMask = $AccessMask if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){ $script:mylist += $myshare } Clear-Variable AccessMask -ErrorAction SilentlyContinue }#4 }#3 }#2 }#1 $mylist | out-file $script:logfile $count = $mylist.count write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n
Sort-Object : A positional parameter cannot be found that accepts argument '$null'.At line:42 char:26+ $comps = $script:comps | Sort name $script:mylist = @() write-host `n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Sort-Object], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SortObjectCommandWhere-Object : A positional parameter cannot be found that accepts argument 'if'.At line:47 char:93+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand.....few hundred lines.... the same as above......Where-Object : A positional parameter cannot be found that accepts argument 'if'.At line:47 char:93+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommandOut-File : Cannot validate argument on parameter 'Encoding'. The argument "write-host" does not belong to the set "unknown,string,unicode,bigendianunicode,utf8,utf7,utf32,ascii,default,oem" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.At line:81 char:111+ ... s given FullControl" | out-file $script:logfile -append write-host `n+ ~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Out-File], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand