How to extract users from a network shared drive NTFS not shares

Lone Ranger
Lone Ranger used Ask the Experts™
on
I am on a windows 2008 r2 I have tried powershell cmds but no success I need to get a list of users from one of my network shared folders. Can anyone help the environment is a live prod that is pretty locked down so I am limited to batch vbs or powershell scripts.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chris DentPowerShell Developer
Top Expert 2010

Commented:
What do you mean by a list of users? Those connected to a share? Those listed in an access control list?

Author

Commented:
A list of who has access to the share so most probably the ACL. I have had no joy yet in getting users I have managed to get owners and permissions but not users.
Chris DentPowerShell Developer
Top Expert 2010

Commented:
You're hoping to resolve whatever is in the access control list to a set of users?
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Author

Commented:
I might be confusing the situation I need a list of users that has access to the shared folder.
Chris DentPowerShell Developer
Top Expert 2010

Commented:
There are two different sets of permissions governing access, share and NTFS. I imagine you want the share permissions, but you'll have to take whatever is in there and work out users.

Starting with Share rights, are you able to run this? I can't remember if the command is available on 2008. No problem really if it's not.
Get-SmbShareAccess -Name TheShareName

Open in new window

Author

Commented:
Ok I will give this a try in the morning but all the file services shares are controlled through NTFS permissions in and the share aspect has everyone in most of them. will this work for that sorry for dumb questions. complete novice with shares.
PowerShell Developer
Top Expert 2010
Commented:
That's okay, start with that. Get-Acl can extra the NTFS rights, but it'll need the same thing, the set of rights will need picking apart and expanding into individuals.

Something like, which might work but haven't any way to test it right now.
$acl = Get-Acl c:\path
$acl.Access | ForEach-Object {
    $sid = $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
    Get-ADObject -Filter { objectSID -eq $sid }
}

Open in new window

You can certainly search by SID in general terms though.

It'll need handlers for local vs domain principals, and well-known principals will need picking out too.

Get to a real thing, test if it's a group, pull the members.

Author

Commented:
Cheers Chris will do

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial