Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need to Modify a Script I found

Posted on 2016-11-10
5
Medium Priority
?
132 Views
1 Endorsement
Last Modified: 2016-11-18
Greeting Experts,

I need some help converting existing script (See Below) to scan for SMB network shares based on a IP Range/CIDR  and come back with a list shares ( with Read or Read/Write permissions) , what folders are in those shares, Device Information ( Device Name, User logon, IP address etc) , and output that information in to .csv format.  Currently the Script is based off using what is in Active Directory but I want to to look for devices that are on AD and Standalone. Can somebody help me convert the following script below to scan for devices based on an IP Range.... thanks for your help in advance.


#OU Locations, make sure the index is in order, 1, 2, 3, etc. 
#you cannot have 3 without 2, etc. 
$ous = @{} 
$ous[1] = 'LDAP://OU=Branch Office Servers,OU=Servers,DC=domain,DC=com' 
$ous[2] = 'LDAP://OU=Test Server,DC=domain,DC=com' 
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com' 

#set logfile directory 
$script:logfile = "C:\TEMP\everyoneshares.txt" 

#This pulls all computer accounts from AD 
function getresults($path,$cert) { 
	$objDomain = New-Object System.DirectoryServices.DirectoryEntry 
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher 
	$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path) 
	$objSearcher.PageSize = 1000 

	# How many to retrieve at a time. Not output size. 
	$objSearcher.Filter = $strFilter 
	$objSearcher.PropertiesToLoad.Add("cn") >$null 
	$colResults = $objSearcher.FindAll() 

		foreach ($objResult in $colResults) { 
			$objItem = $objResult.Properties 
            $computer = $objItem.cn[0] 
			$computer = $objItem.cn 
            $script:comps += $computer 
		} 
} 

#This runs the getresults function for each OU supplied above 
$script:comps = @() 
foreach ($ou in 1 .. $ous.Count) { 
	if ($ous.$ou) { 
		$strFilter = "(&(objectClass=Computer))" 
		getresults $ous.$ou 
	} 
} 

$comps = $script:comps | Sort name 
$script:mylist = @() 
write-host `n 

foreach ($comp in $comps) {
#1 
	#here's where we actually pull each share from the current computer 
	$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} 
    if ($shares) {
	#2 
		foreach ($share in $shares){
		#3 
			$SecurityDescriptor = $Share.GetSecurityDescriptor() 
            ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
			#4 
				$myshare = "" | Select Server, Share, ID, AccessMask 
				$myshare.Server = $comp 
				$myshare.Share = $share.name 
				$myshare.ID = $DACL.Trustee.Name 
				Switch ($DACL.AccessMask) {
				#5 
					2032127 {$AccessMask = "FullControl"} 
					1179785 {$AccessMask = "Read"} 
					1180063 {$AccessMask = "Read, Write"} 
					1179817 {$AccessMask = "ReadAndExecute"} 
					-1610612736 {$AccessMask = "ReadAndExecuteExtended"} 
					1245631 {$AccessMask = "ReadAndExecute, Modify, Write"} 
					1180095 {$AccessMask = "ReadAndExecute, Write"} 
					268435456 {$AccessMask = "FullControl (Sub Only)"} 
					default {$AccessMask = $DACL.AccessMask} 
				}
				#5 
				$myshare.AccessMask = $AccessMask 
				if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
					$script:mylist += $myshare
				} Clear-Variable AccessMask -ErrorAction SilentlyContinue 
			}#4 
		}#3 
	}#2 
}#1 
$mylist | out-file $script:logfile 
$count = $mylist.count 
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n

Open in new window

1
Comment
Question by:amstoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
Austin Texas earned 2000 total points
ID: 41885064
This expert suggested creating a Gigs project.
You could IP scan the network. I helped someone with that here:
https://www.experts-exchange.com/questions/28979213/powershell-for-a-begginner.html
(Use the last script I posted.)

Then you can perform NET VIEW on each of them and suck them into an array.
$listOshares = net.exe view $24bitnet$i /all 

Open in new window


You could then strip out the first 7 lines and then parse on spaces to get the share names. Found the example
$listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'} | %{$_ -match '^(.+?)\s+Disk*'|out-null;$matches[1]}

Open in new window

Another option would be just to dump each to a file. (this is probably what I would do)
net.exe view $24bitnet$i /all | Out-File "Filename.txt"

Open in new window

You will still need rights to each of the machines.
IMHO - It is a lot easier to pull this info out of AD.
$cim = New-CimSession -ComputerName $24bitnet$i
Get-SmbShare -CimSession $cim

Open in new window

By the way...I'm just typing and not testing so you may need to tweak some of this.
1
 

Author Closing Comment

by:amstoots
ID: 41888198
thanks for the help
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41890728
Hi amstoots,

What's the final code that works for your environment ?
0
 

Author Comment

by:amstoots
ID: 41891966
I used the following: $listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'}
0
 
LVL 6

Expert Comment

by:Austin Texas
ID: 41893668
Glad I could help!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question