从远程共享获取权限(PowerShell)

时间:2015-07-06 19:19:08

标签: windows powershell

我正在编写一个脚本来获取整个网络中共享的权限和其他一些信息,但我无法获得共享权限。我在网上读到可以使用“GetAccessMask”,但我认为它只适用于当前用户。

#loop for each computer in computers file
 ForEach ($computer in $allComputers)
 {
 Write-Host "Checking - $computer"
 If($computer -ne '')
 {
 #check if online, this uses WMI so if you don't have access to the machine it will show as offline
If(Test-Connection -Computername $computer -ErrorAction SilentlyContinue)
 {
 $shares = Get-WmiObject -Class Win32_share -ComputerName $computer -Credential $uCredentials
 ForEach($share in $shares)
 {
 $sName = $share.Name
 $sPath = $share.Path
 $sDesc = $share.Description

 $objShare = New-Object -TypeName PSObject
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Server -NotePropertyValue $computer
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Online -NotePropertyValue $True
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Share -NotePropertyValue $sName
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Path -NotePropertyValue $sPath
 $objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Description -NotePropertyValue $sDesc
 $objShare | Export-CSV -Path $fOutfile -Append -NoClobber -NoTypeInformation
 }
 }
 }
 }

上面是我的脚本片段(整体上它从文件中读取服务器列表,列出共享名称,路径,描述),我想知道是否有人知道如何为所有用户获取给定共享的权限/拥有共享权利的组。 提前谢谢!

1 个答案:

答案 0 :(得分:1)

win32_share类获取共享后,从Win32_LogicalShareSecuritySetting类中获取共享权限,如下所示:

$Shares = Get-WmiObject Win32_Share -ComputerName $computer -Credential $uCredentials | 
? {$_.Type -eq 0} ## to get folder shares only
$Array = @()
$ACL = @()
Foreach ($Share in $Shares)
{
$ShareName = $share.name
$SharePermissions = Get-WmiObject Win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $computer
Foreach ($SP in $SharePermissions)
{
$SecDesc = $SP.GetSecurityDescriptor().Descriptor    
        foreach($ace in $SecDesc.DACL){   
            $UserName = $ace.Trustee.Name      
            If ($ace.Trustee.Domain -ne $Null) {$UserName = "$($ace.Trustee.Domain)\$UserName"}    
            If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }      
            $ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType)  
            }            
} 

$Results = "" | Select Server,Name,Status,Path,Description, ID, Rights
$Results.Server = $Share.__Server
$Results.Name = $Share.Name
$Results.Status = $Share.Status
$Results.Path = $Share.Path
$Results.Description = $Share.Description
$Results.ID = $ACL | % {$_.IdentityReference}
$Results.Rights = $ACL | % {$_.FileSystemRights}
$Results = $Results | ? {$_.id -ne $null}
$Array += $Results
} 

$Array
相关问题
最新问题