none
Share auditing for single server and shares RRS feed

  • Question

  • Powershell Noob. 

    I have a minimal programming experience but enough to understand certain workflows. 

    After a long time of searching the internet for a way to get the user and groups in a share I yet to find the right script for what I need. But along the way I found some that can do what I want I just dont know how to join the scripts and create the final output. Anyone have any advice?

    #ask for server name
    $Server = Read-Host -Prompt "server name"
    
    #this provides a clean list of shares located on the desired server. 
    (net view $Server | Where-Object { $_ -match '\sDisk\s' }) -replace '\s\s+', ',' | ForEach-Object{ ($_ -split ',')[0] }
    
    #I would like to take the outputs from above and have it run with the line below. making the outputs the $ShareName Value. I dont know how to link these 2 commands. 
    
    
    #This gives you the list of accounts that have access to the share. To test replace \\$Server\$ShareName with actual path. 
    ((get-item \\$Server\$ShareName).GetAccessControl('access')).Access |select identityreference
    
    #The output I would like to get is a csv with the following columns Share name, User or Group Access. 
    #Share Name, User Or Group Access
    #Share1,User1
    #Share1,group1
    #Share2,User1
    #Share2,User2
    #share2,Group2
    
    


    • Moved by Bill_Stewart Thursday, December 20, 2018 8:38 PM This is not "debug/fix/rewrite my script for me" forum
    Monday, October 8, 2018 7:54 PM

All replies

  • Start with PowerShell and not very old things found on the Internet.

    help get-smbshare -full

    Get-SmbShare -CimSession PC1

    OR

    Get-WmiObject Win32_Share -ComputerName PC1


    \_(ツ)_/

    Monday, October 8, 2018 8:14 PM
  • Thanks for the reply but neither of those work on a NAS server without performing other tasks. 

    This line does what you suggested.

    (net view $Server | Where-Object { $_ -match '\sDisk\s' }) -replace '\s\s+', ',' | ForEach-Object{ ($_ -split ',')[0] }


    Monday, October 8, 2018 8:23 PM
  • Thanks for the reply but neither of those work on a NAS server without performing other tasks. 


    Did you just make up that rule? A "share" is a "share". It is created by the OS and not by the NAS unless the NAS is emulating the NTFS/SMB server. SMB shares are the same on Windows, Unix and other OSs that support SMB.

    IF "NET VIEW" can see the share then if is either a Windows' share or a compatible SMB share.

    The AccessControl you are getting is not for the share but is for the underlying NTFS folder.  You can always get the with just Get-Acl.


    \_(ツ)_/

    Monday, October 8, 2018 8:28 PM
  • Yep the rule is if it doesnt work with the server name i cant use it. LOL. But this is what I got and the reason I didnt use those to begin with. Net view worked better to get the list of shares on a server or computer. I can do commands all day I cant script to save my life. lol.  

    Pic of the results of the commands - https://ibb.co/kVEiYp

    cant upload pic until account is verified. waiting on verification. .......

    Monday, October 8, 2018 8:45 PM
  • A server name does not have "\\" in it.

    I recommend starting by learning how Windows works and how to use names in PowerShell.  You are adding bad guesses on top of no knowledge of scripting.  Without some basic technical knowledge it will be too hard to help you understand why what you are saying and doing don't make much sense.

    I recommend that you start by learning PowerShell then consider how to ask your question.

    1. Learn PowerShell  
    2. PowerShell Documentation
    3. PowerShell Style Guidelines

    You would also find that learning the Windows file system and NT sharing would be helpful.


    \_(ツ)_/

    Monday, October 8, 2018 8:50 PM
  • Thanks, I will do some reading. But, new update on the script. Now I just need to figure out the ouput portion of it to make it add the name of the share to the line. I only get the name of the user/groups allowed on the shares. 

    #ask for server name
    $Server = Read-Host -Prompt "server name"
    
    #this provides a clean list of shares located on the desired server. 
    $output = (net view $Server | Where-Object { $_ -match '\sDisk\s' }) -replace '\s\s+', ',' | ForEach-Object{ ($_ -split ',')[0] }
    
    #I would like to take the outputs from above and have it run with the line below. making the outputs the $ShareName Value. I dont know how to link these 2 commands. 
    
    
    #This gives you the list of accounts that have access to the share. To test replace \\$Server\$ShareName with actual path. 
    foreach ($O in $Output) {
    ((get-item \\$server\$O).GetAccessControl('access')).Access |select identityreference
    }
    #output looks like this
    #IdentityReference 
    #----------------- 
    #Everyone          
    #DOMAIN\Domain Admins
    #DOMAIN\USER1       
        
    ### Everything works now up to here now. I cant seem to find a way to create the line to add the name of the share. 
    
    #The output I would like to get is a csv with the following columns- Share name, User or Group Access. 
    #Share Name,User Or Group Access
    #Share1,User1
    #Share1,group1
    #Share2,User1
    #Share2,User2
    #share2,Group2


    Monday, October 8, 2018 8:59 PM
  • I repeat.  You code is NOT getting the share permissions.  It is getting the permissions on the file system being shared.

    If you look in the Gallery you will find a number of scripts that get shares and permissions correctly. I suggest starting there.


    \_(ツ)_/

    Monday, October 8, 2018 9:08 PM
  • The following command will get you all information about all shares on any Windows compatible server.

    Get-SmbShare -CimSession alpha | Get-SmbShareAccess | select *


    \_(ツ)_/

    Monday, October 8, 2018 9:16 PM
  • As I stated before Im pretty good with commands not scripting. I have tried all the commands that work and get-smbshare does not work due to the way the authentication and access is configured. get-smbshare works on windows servers but not on linux server in our infrastructure. I inherited the systems and I dont plan on digging around trying to find a solution when I can work around it. Im not being lazy at all. I have spent 3 days researching and testing scripts for what I need and as I stated those are the ones I need to for my auditing. I know what work and what doesnt. Thanks for the info but I really just need help finalizing what I need. 

    This is what I get when I use the commands. 

    https://ibb.co/jLEQyp

    Tuesday, October 9, 2018 2:46 PM
  • I have finalized the script and got it to work with major changes. 
    Tuesday, October 9, 2018 8:34 PM
  • Just out of interest did you end up pulling the share permissions or the NTFS permissions?
    Monday, October 15, 2018 4:50 AM