Solved

Need to Modify a Script I found

Posted on 2016-11-10
5
116 Views
1 Endorsement
Last Modified: 2016-11-18
Greeting Experts,

I need some help converting existing script (See Below) to scan for SMB network shares based on a IP Range/CIDR  and come back with a list shares ( with Read or Read/Write permissions) , what folders are in those shares, Device Information ( Device Name, User logon, IP address etc) , and output that information in to .csv format.  Currently the Script is based off using what is in Active Directory but I want to to look for devices that are on AD and Standalone. Can somebody help me convert the following script below to scan for devices based on an IP Range.... thanks for your help in advance.


#OU Locations, make sure the index is in order, 1, 2, 3, etc. 
#you cannot have 3 without 2, etc. 
$ous = @{} 
$ous[1] = 'LDAP://OU=Branch Office Servers,OU=Servers,DC=domain,DC=com' 
$ous[2] = 'LDAP://OU=Test Server,DC=domain,DC=com' 
$ous[3] = 'LDAP://CN=Computers,DC=domain,DC=com' 

#set logfile directory 
$script:logfile = "C:\TEMP\everyoneshares.txt" 

#This pulls all computer accounts from AD 
function getresults($path,$cert) { 
	$objDomain = New-Object System.DirectoryServices.DirectoryEntry 
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher 
	$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($path) 
	$objSearcher.PageSize = 1000 

	# How many to retrieve at a time. Not output size. 
	$objSearcher.Filter = $strFilter 
	$objSearcher.PropertiesToLoad.Add("cn") >$null 
	$colResults = $objSearcher.FindAll() 

		foreach ($objResult in $colResults) { 
			$objItem = $objResult.Properties 
            $computer = $objItem.cn[0] 
			$computer = $objItem.cn 
            $script:comps += $computer 
		} 
} 

#This runs the getresults function for each OU supplied above 
$script:comps = @() 
foreach ($ou in 1 .. $ous.Count) { 
	if ($ous.$ou) { 
		$strFilter = "(&(objectClass=Computer))" 
		getresults $ous.$ou 
	} 
} 

$comps = $script:comps | Sort name 
$script:mylist = @() 
write-host `n 

foreach ($comp in $comps) {
#1 
	#here's where we actually pull each share from the current computer 
	$shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue | ? {$_.Name -notlike "*$"} 
    if ($shares) {
	#2 
		foreach ($share in $shares){
		#3 
			$SecurityDescriptor = $Share.GetSecurityDescriptor() 
            ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL) {
			#4 
				$myshare = "" | Select Server, Share, ID, AccessMask 
				$myshare.Server = $comp 
				$myshare.Share = $share.name 
				$myshare.ID = $DACL.Trustee.Name 
				Switch ($DACL.AccessMask) {
				#5 
					2032127 {$AccessMask = "FullControl"} 
					1179785 {$AccessMask = "Read"} 
					1180063 {$AccessMask = "Read, Write"} 
					1179817 {$AccessMask = "ReadAndExecute"} 
					-1610612736 {$AccessMask = "ReadAndExecuteExtended"} 
					1245631 {$AccessMask = "ReadAndExecute, Modify, Write"} 
					1180095 {$AccessMask = "ReadAndExecute, Write"} 
					268435456 {$AccessMask = "FullControl (Sub Only)"} 
					default {$AccessMask = $DACL.AccessMask} 
				}
				#5 
				$myshare.AccessMask = $AccessMask 
				if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){
					$script:mylist += $myshare
				} Clear-Variable AccessMask -ErrorAction SilentlyContinue 
			}#4 
		}#3 
	}#2 
}#1 
$mylist | out-file $script:logfile 
$count = $mylist.count 
write-output `n "found $count shares where Everyone was given FullControl" | out-file $script:logfile -append write-host `n

Open in new window

1
Comment
Question by:amstoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
Austin Texas earned 500 total points
ID: 41885064
This expert suggested creating a Gigs project.
You could IP scan the network. I helped someone with that here:
https://www.experts-exchange.com/questions/28979213/powershell-for-a-begginner.html
(Use the last script I posted.)

Then you can perform NET VIEW on each of them and suck them into an array.
$listOshares = net.exe view $24bitnet$i /all 

Open in new window


You could then strip out the first 7 lines and then parse on spaces to get the share names. Found the example
$listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'} | %{$_ -match '^(.+?)\s+Disk*'|out-null;$matches[1]}

Open in new window

Another option would be just to dump each to a file. (this is probably what I would do)
net.exe view $24bitnet$i /all | Out-File "Filename.txt"

Open in new window

You will still need rights to each of the machines.
IMHO - It is a lot easier to pull this info out of AD.
$cim = New-CimSession -ComputerName $24bitnet$i
Get-SmbShare -CimSession $cim

Open in new window

By the way...I'm just typing and not testing so you may need to tweak some of this.
1
 

Author Closing Comment

by:amstoots
ID: 41888198
thanks for the help
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41890728
Hi amstoots,

What's the final code that works for your environment ?
0
 

Author Comment

by:amstoots
ID: 41891966
I used the following: $listOshares = net.exe view $24bitnet$i /all | select -Skip 7 | ?{$_ -match 'disk*'}
0
 
LVL 5

Expert Comment

by:Austin Texas
ID: 41893668
Glad I could help!
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question