forked from nullzeroio/PowerShell
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Get-ShareACL.ps1
147 lines (111 loc) · 3.67 KB
/
Get-ShareACL.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<#
.SYNOPSIS
Returns NTFS and Share permissions for a provided UNC Path
.DESCRIPTION
Returns NTFS and Share permissions for a provided UNC Path
This script/function can be used to report on Share and NTFS permissions for the provided UNC path, multiple UNC paths, or a list of UNC paths.
It requires the proper access to enumerate the shares and read all of the ACL information (typically administrative permissions are required on the remote system hosting the path)
It uses WMI to gather share information, so SMB shares hosted on NON-windows systems will return an error.
.PARAMETER UNCPath
Valid UNC Path
.EXAMPLE
PS C:> .\Get-ShareACL.ps1 -UNCPath \\servera.loc1.company.com\testshare | Format-Table -AutoSize
.EXAMPLE
PS C:> .\Get-ShareACL.ps1 -UNCPath \\servera.loc1.company.com\testshare,\\serverb.loc1.company.com\share1$ | Out-Gridview
.EXAMPLE
PS C:> .\Get-ShareACL.ps1 -UNCPath (Get-Content C:\UNCPathList.txt) | Export-Csv C:\ACLAudit.csv -NoTypeInformation -Force
.INPUTS
System.String
.NOTES
20141017 K. Kirkpatrick [+] Created
TAG:PUBLIC
GitHub: https://github.com/vScripter
Twitter: @vScripter
Email: [email protected]
[-------------------------------------DISCLAIMER-------------------------------------]
All script are provided as-is with no implicit
warranty or support. It's always considered a best practice
to test scripts in a DEV/TEST environment, before running them
in production. In other words, I will not be held accountable
if one of my scripts is responsible for an RGE (Resume Generating Event).
If you have questions or issues, please reach out/report them on
my GitHub page. Thanks for your support!
[-------------------------------------DISCLAIMER-------------------------------------]
#TAG:PUBLIC
#>
[cmdletbinding()]
param (
[parameter(Mandatory = $true, Position = 0)]
[validatescript({ Test-Path $_ -PathType Container })]
[string[]]$UNCPath
)
BEGIN
{
$Results = @()
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop
function Get-SMBACL
{
foreach ($Path in $UNCPath)
{
try
{
$colNTFS = @()
$colSMB = @()
$pathparts = $path.split("\")
$ComputerName = $pathparts[2]
$ShareName = $pathparts[3]
Write-Verbose -Message "Gathering NTFS Permissions..."
$acl = Get-Acl $path
foreach ($accessRule in $acl.Access)
{
$objNTFSAcl = [PSCustomObject] @{
ComputerName = $ComputerName
ACLType = "NTFS"
ShareName = $ShareName
Account = $accessRule.IdentityReference
Permission = $accessRule.FileSystemRights
}
$objNTFSAcl
}# foreach
Write-Verbose -Message "Gathering SMB/Share Permissions..."
$Share = Get-WmiObject win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $ComputerName
if ($Share)
{
$ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
foreach ($ACL in $ACLS)
{
$User = $ACL.Trustee.Name
if (!($user)) { $user = $ACL.Trustee.SID }
$Domain = $ACL.Trustee.Domain
switch ($ACL.AccessMask)
{
2032127 { $Perm = "Full Control" }
1245631 { $Perm = "Change" }
1179817 { $Perm = "Read" }
}# switch
$ntUser = "$Domain\$user"
$objSMB = [PSCustomObject] @{
ComputerName = $ComputerName
ACLType = "SMB"
Account = $ntUser
Permission = $Perm
}
$objSMB
}# foreach
}# if
} catch
{
Write-Warning -Message "Error getting info from $Path"
}# try/catch
}# foreach
Write-Verbose -Message "Gathering Results..."
}# function Get-SMBACL
}# BEGIN
PROCESS
{
Get-SMBACL
}# PROCESS
END
{
# Clean up work goes here
}# END