Mike
asked on
Need to Modify a Script I found
Greeting Experts,
I need some help converting existing script (See Below) to scan for SMB network shares based on a IP Range/CIDR and come back with a list shares ( with Read or Read/Write permissions) , what folders are in those shares, Device Information ( Device Name, User logon, IP address etc) , and output that information in to .csv format. Currently the Script is based off using what is in Active Directory but I want to to look for devices that are on AD and Standalone. Can somebody help me convert the following script below to scan for devices based on an IP Range.... thanks for your help in advance.
I need some help converting existing script (See Below) to scan for SMB network shares based on a IP Range/CIDR and come back with a list shares ( with Read or Read/Write permissions) , what folders are in those shares, Device Information ( Device Name, User logon, IP address etc) , and output that information in to .csv format. Currently the Script is based off using what is in Active Directory but I want to to look for devices that are on AD and Standalone. Can somebody help me convert the following script below to scan for devices based on an IP Range.... thanks for your help in advance.
#OU Locations, make sure the index is in order, 1, 2, 3, etc.
#you cannot have 3 without 2, etc.
$ous = @{}
$ous[1] = 'LDAP://OU=Branch Office Servers,OU=Servers,DC=domain,DC=com'
$ous[2] = 'LDAP://OU=Test Server,DC=domain,DC=com'
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com'
#set logfile directory
$script:logfile = "C:\TEMP\everyoneshares.txt"
#This pulls all computer accounts from AD
function getresults($path,$cert) {
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path)
$objSearcher.PageSize = 1000
# How many to retrieve at a time. Not output size.
$objSearcher.Filter = $strFilter
$objSearcher.PropertiesToLoad.Add("cn") >$null
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
$objItem = $objResult.Properties
$computer = $objItem.cn[0]
$computer = $objItem.cn
$script:comps += $computer
}
}
#This runs the getresults function for each OU supplied above
$script:comps = @()
foreach ($ou in 1 .. $ous.Count) {
if ($ous.$ou) {
$strFilter = "(&(objectClass=Computer))"
getresults $ous.$ou
}
}
$comps = $script:comps | Sort name
$script:mylist = @()
write-host `n
foreach ($comp in $comps) {
#1
#here's where we actually pull each share from the current computer
$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"}
if ($shares) {
#2
foreach ($share in $shares){
#3
$SecurityDescriptor = $Share.GetSecurityDescriptor()
ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
#4
$myshare = "" | Select Server, Share, ID, AccessMask
$myshare.Server = $comp
$myshare.Share = $share.name
$myshare.ID = $DACL.Trustee.Name
Switch ($DACL.AccessMask) {
#5
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
default {$AccessMask = $DACL.AccessMask}
}
#5
$myshare.AccessMask = $AccessMask
if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
$script:mylist += $myshare
} Clear-Variable AccessMask -ErrorAction SilentlyContinue
}#4
}#3
}#2
}#1
$mylist | out-file $script:logfile
$count = $mylist.count
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi amstoots,
What's the final code that works for your environment ?
What's the final code that works for your environment ?
ASKER
I used the following: $listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'}
Glad I could help!
ASKER