How to extract users from a network shared drive NTFS not shares

I am on a windows 2008 r2 I have tried powershell cmds but no success I need to get a list of users from one of my network shared folders. Can anyone help the environment is a live prod that is pretty locked down so I am limited to batch vbs or powershell scripts.
Lone RangerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
What do you mean by a list of users? Those connected to a share? Those listed in an access control list?
Lone RangerAuthor Commented:
A list of who has access to the share so most probably the ACL. I have had no joy yet in getting users I have managed to get owners and permissions but not users.
Chris DentPowerShell DeveloperCommented:
You're hoping to resolve whatever is in the access control list to a set of users?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Lone RangerAuthor Commented:
I might be confusing the situation I need a list of users that has access to the shared folder.
Chris DentPowerShell DeveloperCommented:
There are two different sets of permissions governing access, share and NTFS. I imagine you want the share permissions, but you'll have to take whatever is in there and work out users.

Starting with Share rights, are you able to run this? I can't remember if the command is available on 2008. No problem really if it's not.
Get-SmbShareAccess -Name TheShareName

Open in new window

Lone RangerAuthor Commented:
Ok I will give this a try in the morning but all the file services shares are controlled through NTFS permissions in and the share aspect has everyone in most of them. will this work for that sorry for dumb questions. complete novice with shares.
Chris DentPowerShell DeveloperCommented:
That's okay, start with that. Get-Acl can extra the NTFS rights, but it'll need the same thing, the set of rights will need picking apart and expanding into individuals.

Something like, which might work but haven't any way to test it right now.
$acl = Get-Acl c:\path
$acl.Access | ForEach-Object {
    $sid = $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
    Get-ADObject -Filter { objectSID -eq $sid }

Open in new window

You can certainly search by SID in general terms though.

It'll need handlers for local vs domain principals, and well-known principals will need picking out too.

Get to a real thing, test if it's a group, pull the members.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lone RangerAuthor Commented:
Cheers Chris will do
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.