Solved

Need to Modify a Script I found

Posted on 2016-11-10
5
107 Views
1 Endorsement
Last Modified: 2016-11-18
Greeting Experts,

I need some help converting existing script (See Below) to scan for SMB network shares based on a IP Range/CIDR  and come back with a list shares ( with Read or Read/Write permissions) , what folders are in those shares, Device Information ( Device Name, User logon, IP address etc) , and output that information in to .csv format.  Currently the Script is based off using what is in Active Directory but I want to to look for devices that are on AD and Standalone. Can somebody help me convert the following script below to scan for devices based on an IP Range.... thanks for your help in advance.


#OU Locations, make sure the index is in order, 1, 2, 3, etc. 
#you cannot have 3 without 2, etc. 
$ous = @{} 
$ous[1] = 'LDAP://OU=Branch Office Servers,OU=Servers,DC=domain,DC=com' 
$ous[2] = 'LDAP://OU=Test Server,DC=domain,DC=com' 
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com' 

#set logfile directory 
$script:logfile = "C:\TEMP\everyoneshares.txt" 

#This pulls all computer accounts from AD 
function getresults($path,$cert) { 
	$objDomain = New-Object System.DirectoryServices.DirectoryEntry 
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher 
	$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path) 
	$objSearcher.PageSize = 1000 

	# How many to retrieve at a time. Not output size. 
	$objSearcher.Filter = $strFilter 
	$objSearcher.PropertiesToLoad.Add("cn") >$null 
	$colResults = $objSearcher.FindAll() 

		foreach ($objResult in $colResults) { 
			$objItem = $objResult.Properties 
            $computer = $objItem.cn[0] 
			$computer = $objItem.cn 
            $script:comps += $computer 
		} 
} 

#This runs the getresults function for each OU supplied above 
$script:comps = @() 
foreach ($ou in 1 .. $ous.Count) { 
	if ($ous.$ou) { 
		$strFilter = "(&(objectClass=Computer))" 
		getresults $ous.$ou 
	} 
} 

$comps = $script:comps | Sort name 
$script:mylist = @() 
write-host `n 

foreach ($comp in $comps) {
#1 
	#here's where we actually pull each share from the current computer 
	$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} 
    if ($shares) {
	#2 
		foreach ($share in $shares){
		#3 
			$SecurityDescriptor = $Share.GetSecurityDescriptor() 
            ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
			#4 
				$myshare = "" | Select Server, Share, ID, AccessMask 
				$myshare.Server = $comp 
				$myshare.Share = $share.name 
				$myshare.ID = $DACL.Trustee.Name 
				Switch ($DACL.AccessMask) {
				#5 
					2032127 {$AccessMask = "FullControl"} 
					1179785 {$AccessMask = "Read"} 
					1180063 {$AccessMask = "Read, Write"} 
					1179817 {$AccessMask = "ReadAndExecute"} 
					-1610612736 {$AccessMask = "ReadAndExecuteExtended"} 
					1245631 {$AccessMask = "ReadAndExecute, Modify, Write"} 
					1180095 {$AccessMask = "ReadAndExecute, Write"} 
					268435456 {$AccessMask = "FullControl (Sub Only)"} 
					default {$AccessMask = $DACL.AccessMask} 
				}
				#5 
				$myshare.AccessMask = $AccessMask 
				if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
					$script:mylist += $myshare
				} Clear-Variable AccessMask -ErrorAction SilentlyContinue 
			}#4 
		}#3 
	}#2 
}#1 
$mylist | out-file $script:logfile 
$count = $mylist.count 
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n

Open in new window

1
Comment
Question by:amstoots
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
Austin Texas earned 500 total points
ID: 41885064
This expert suggested creating a Gigs project.
You could IP scan the network. I helped someone with that here:
https://www.experts-exchange.com/questions/28979213/powershell-for-a-begginner.html
(Use the last script I posted.)

Then you can perform NET VIEW on each of them and suck them into an array.
$listOshares = net.exe view $24bitnet$i /all 

Open in new window


You could then strip out the first 7 lines and then parse on spaces to get the share names. Found the example
$listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'} | %{$_ -match '^(.+?)\s+Disk*'|out-null;$matches[1]}

Open in new window

Another option would be just to dump each to a file. (this is probably what I would do)
net.exe view $24bitnet$i /all | Out-File "Filename.txt"

Open in new window

You will still need rights to each of the machines.
IMHO - It is a lot easier to pull this info out of AD.
$cim = New-CimSession -ComputerName $24bitnet$i
Get-SmbShare -CimSession $cim

Open in new window

By the way...I'm just typing and not testing so you may need to tweak some of this.
1
 

Author Closing Comment

by:amstoots
ID: 41888198
thanks for the help
0
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41890728
Hi amstoots,

What's the final code that works for your environment ?
0
 

Author Comment

by:amstoots
ID: 41891966
I used the following: $listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'}
0
 
LVL 5

Expert Comment

by:Austin Texas
ID: 41893668
Glad I could help!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question