#OU Locations, make sure the index is in order, 1, 2, 3, etc.
#you cannot have 3 without 2, etc.
$ous = @{}
$ous[1] = 'LDAP://OU=Test OU,DC=domain,DC=com'
$ous[2] = 'LDAP://OU=Production Servers,OU=Servers,DC=domain,DC=com'
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com'
#set logfile directory
$script:logfile = "C:\TEMP\everyoneshares.txt"
#This pulls all computer accounts from AD
function getresults($path,$cert) {
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path)
$objSearcher.PageSize = 1000
# How many to retrieve at a time. Not output size.
$objSearcher.Filter = $strFilter
$objSearcher.PropertiesToLoad.Add("cn") >$null
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
$objItem = $objResult.Properties
$computer = $objItem.cn[0]
$computer = $objItem.cn
$script:comps += $computer
}
}
#This runs the getresults function for each OU supplied above
$script:comps = @()
foreach ($ou in 1 .. $ous.Count) {
if ($ous.$ou) {
$strFilter = "(&(objectClass=Computer))"
getresults $ous.$ou
}
}
$comps = $script:comps | Sort name $script:mylist = @() write-host `n
foreach ($comp in $comps) {
#1
#here's where we actually pull each share from the current computer
$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
#2
foreach ($share in $shares){
#3
$SecurityDescriptor = $Share.GetSecurityDescriptor()
ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
#4
$myshare = "" | Select Server, Share, ID, AccessMask
$myshare.Server = $comp
$myshare.Share = $share.name
$myshare.ID = $DACL.Trustee.Name
Switch ($DACL.AccessMask) {
#5
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
default {$AccessMask = $DACL.AccessMask}
}
#5
$myshare.AccessMask = $AccessMask
if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
$script:mylist += $myshare
} Clear-Variable AccessMask -ErrorAction SilentlyContinue
}#4
}#3
}#2
}#1
$mylist | out-file $script:logfile
$count = $mylist.count
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n
Sort-Object : A positional parameter cannot be found that accepts argument '$null'.
At line:42 char:26
+ $comps = $script:comps | Sort name $script:mylist = @() write-host `n
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Sort-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SortObjectCommand
Where-Object : A positional parameter cannot be found that accepts argument 'if'.
At line:47 char:93
+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
.....
few hundred lines.... the same as above.
.....
Where-Object : A positional parameter cannot be found that accepts argument 'if'.
At line:47 char:93
+ ... roraction silentlycontinue | ? {$_.Name -notlike "*$"} if ($shares) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
Out-File : Cannot validate argument on parameter 'Encoding'. The argument "write-host" does not belong to the set "unknown,string,unicode,bigendianunicode,utf8,utf7,utf32,ascii,default,oem" specified by the ValidateSet attribute. Supply an argument that is
in the set and then try the command again.
At line:81 char:111
+ ... s given FullControl" | out-file $script:logfile -append write-host `n
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Out-File], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.