none
List all shares with Everyone having FullControl access RRS feed

  • General discussion

  • Hi guys, i need a way to powershell script the checking of shared folders on my network.
    The script must do a folder ceck and check the share and ntfs permissions so you know if there are evryone and full control permissions on some network folder for all network servers.

    is there a way?

    • Changed type Bill_Stewart Monday, October 2, 2017 9:23 PM
    • Moved by Bill_Stewart Monday, October 2, 2017 9:23 PM This is not "fix/debug/rewrite my script for me" forum
    Thursday, August 17, 2017 9:00 AM

All replies

  • You may have some joy with the bottom one in this thread

    https://social.technet.microsoft.com/Forums/office/en-US/1903cfde-ad34-464e-9419-94d07ed9de88/need-powershell-script-to-get-shared-folder-and-ntfs-permission-from-list-of-servers?forum=winserverpowershell

    Thursday, August 17, 2017 9:32 AM
  • i need only the share with evryone full control. is there a way to modify it?
    Thursday, August 17, 2017 11:54 AM
  • you could put a where clause after the select-object clause (not tested but may work)

    select-object -Property Computer, SName, Folder, User, Control, Access | where User -eq "everyone" -And Access -eq "Fullcontrol" | export-csv $OutFile -force -NoTypeInformation -encoding default -Append

    Thursday, August 17, 2017 12:03 PM
  • Please read this first: This forum is for scripting questions rather than script requests

    Also find scripts here: http://gallery.technet.microsoft.com<o:p></o:p>



    \_(ツ)_/

    Thursday, August 17, 2017 12:14 PM
  • hi  all, i wrote some code in ps, but i new to powershell.

    can you help me?

    this is the code:

    Import-module ActiveDirectory
    $ComputerName = ( Get-ADComputer -Filter { DNSHostName -Like '*' | Select -Expand Name )
    foreach($Computer in $ComputerName)
       $Shares = Get-WmiObject -Class Win32_LogicalShareSecuritySetting ` -ComputerName $Computer  
    foreach($Share in $Shares)
        { $OutputObj = New-Object –TypeName PSObject –Prop (@{ 'ComputerName'=$Computer; 'ShareName' = $Share.Name; 'Status'=$Status; 'EveryOneFullControl'=$false }) $OutputObj.ShareName = $Share.Name $Permissions = $Share.GetSecurityDescriptor()
    foreach($perm in $Permissions.Descriptor.DACL)
    {
        if($Perm.Trustee.Name -eq "EveryOne" -and $Perm.AccessMask -eq "2032127" -and $Perm.AceType -eq 0) { $OutputObj.EveryOneFullControl = $true } else { } } $OutputObj $OutputArray +=$OutputObj } } } end { if($OutputDir) { $File = Join-Path $OutputDir ("SharePermissions {0}.log" -f $(Get-Date -Format("MMddyyyyHHmmss"))) $File $OutputArray | ? {$_.EveryOneFullControl}| % { "\\{0}\{1}" -f $_.ComputerName, $_.ShareName | Out-File -FilePath $File -Force } } }

    with this i try to catch the shares with evryone ad full control, but i have an erorr:

    Missing statement body in foreach loop.
    At D:\users\lorenzo_zilli\Desktop\Networkshare.ps1:4 char:4
    +     <<<< $Shares = Get-WmiObject -Class Win32_LogicalShareSecuritySetting ` -ComputerName $Computer
        + CategoryInfo          : ParserError: (:) [], ParseException
        + FullyQualifiedErrorId : MissingForeachStatement

    where is my error?

    Thank you!

    Monday, August 21, 2017 1:37 PM
  • First when you post code please try and format it correctly so it is easier to read. Having a quick look at your code you are missing {   } on your first foreach loop

    it should be

    foreach($Computer in $ComputerName)
    {

      your code here

    }

    Monday, August 21, 2017 1:55 PM
  • this is my code:

    Import-module ActiveDirectory
    $ComputerName = ( Get-ADComputer -Filter { DNSHostName -Like '*' | Select -Expand Name )
    foreach($Computer in $ComputerName) {
       $Shares = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -ComputerName $Computer}  
    foreach($Share in $Shares)
        { $OutputObj = New-Object –TypeName PSObject –Prop (@{ 'ComputerName'=$Computer; 'ShareName' = $Share.Name; 'Status'=$Status; 'EveryOneFullControl'=$false }) $OutputObj.ShareName = $Share.Name $Permissions = $Share.GetSecurityDescriptor()
    foreach($perm in $Permissions.Descriptor.DACL)
    {
        if($Perm.Trustee.Name -eq "EveryOne" -and $Perm.AccessMask -eq "2032127" -and $Perm.AceType -eq 0) { $OutputObj.EveryOneFullControl = $true } else { } } $OutputObj $OutputArray +=$OutputObj } } } end { if($OutputDir) { $File = Join-Path $OutputDir ("SharePermissions {0}.log" -f $(Get-Date -Format("MMddyyyyHHmmss"))) $File $OutputArray | ? {$_.EveryOneFullControl}| % { "\\{0}\{1}" -f $_.ComputerName, $_.ShareName | Out-File -FilePath $File -Force } } }

    }

    Monday, August 21, 2017 2:01 PM
  • Unexpected token 'OutputArray' in expression or statement.
    At D:\users\lorenzo_zilli\Desktop\Networkshare.ps1:9 char:181
    +     if($Perm.Trustee.Name -eq "EveryOne" -and $Perm.AccessMask -eq "2032127" -and $Perm.AceType -eq 0) { $OutputObj.E
    veryOneFullControl = $true } else { } } $OutputObj $OutputArray <<<<  +=$OutputObj } } } end { if($OutputDir) { $File =
     Join-Path $OutputDir ("SharePermissions {0}.log" -f $(Get-Date -Format("MMddyyyyHHmmss"))) $File $OutputArray | ? {$_.
    EveryOneFullControl}| % { "\\{0}\{1}" -f $_.ComputerName, $_.ShareName | Out-File -FilePath $File -Force } } }
        + CategoryInfo          : ParserError: (OutputArray:String) [], ParseException
        + FullyQualifiedErrorId : UnexpectedToken
    Monday, August 21, 2017 2:01 PM
  • Please read this first:

    This forum is for scripting questions rather than script requests

    One of the bullet points reads as follows:

    • I have posted my 500-line script. Can someone find that elusive bug and fix it for me?

     

    If you didn't write the code, please ask the code's author for assistance.


    -- Bill Stewart [Bill_Stewart]

    Monday, August 21, 2017 2:10 PM