Need Powershell Script to get shared folder and NTFS permission from list of servers

Sign in to vote

Function Get-NtfsRights($name,$path,$comp)
{
	$path = [regex]::Escape($path)
	$share = "\\$comp\$name"
	$wmi = gwmi Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName $comp
	$wmi.GetSecurityDescriptor().Descriptor.DACL | where {$_.AccessMask -as [Security.AccessControl.FileSystemRights]} |select `
				@{name="Principal";Expression={"{0}\{1}" -f $_.Trustee.Domain,$_.Trustee.name}},
				@{name="Rights";Expression={[Security.AccessControl.FileSystemRights] $_.AccessMask }},
				@{name="AceFlags";Expression={[Security.AccessControl.AceFlags] $_.AceFlags }},
				@{name="AceType";Expression={[Security.AccessControl.AceType] $_.AceType }},
				@{name="ShareName";Expression={$share}}
}



gc serverlist.txt | foreach {
	if ($shares = Get-WmiObject Win32_Share -ComputerName $_ | Where {$_.Path})
	{
		$shares | Foreach { Write-Progress -Status "Get share information on $($_.__Server)" $_.Name
			Get-NtfsRights $_.Name $_.Path $_.__Server}
	}
	else {"Failed to get share information from {0}." -f $($_.ToUpper())}
} | ft Principal,Rights,AceFlags,AceType -GroupBy ShareName -Wrap | Out-File result.txt

Edited by Kazun Thursday, March 29, 2012 2:02 PM __Server
Proposed as answer by ErfanTaheri Monday, December 22, 2014 12:06 PM

Wednesday, July 13, 2011 9:51 PM

0

Sign in to vote

Hello Kazun,

Thanks for your reply and for script. I tried to run the script which you have given but I am getting below errors.

Could you please guide me on this?

The term 'Get-NtfsRights' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At H:\Scripts\Get-SharedFolder\Get-NtfsRights.ps1:5 char:18
+             Get-NtfsRights <<<< $_.Name $_.Path $server}
    + CategoryInfo          : ObjectNotFound: (Get-NtfsRights:String) [], Comm
   andNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Thursday, July 14, 2011 6:12 PM

0

Sign in to vote

Hi Kazun, this worked ok for me :)

One request however could you get the output to a csv/xls file instead?

so that each server and it shares and permissions could be shown nicely?

Friday, October 21, 2011 1:59 PM

2

Sign in to vote

Hi Kazun, this worked ok for me :)

One request however could you get the output to a csv/xls file instead?

so that each server and it shares and permissions could be shown nicely?

Replace - ft Principal,Rights,AceFlags,AceType -GroupBy ShareName -Wrap | Out-File result.txt to Export-CSV result.csv

Proposed as answer by Heckter Friday, November 25, 2011 12:12 PM

Friday, October 21, 2011 2:07 PM

0

Sign in to vote

Please, suggest me why I have an error running this script ?!?

Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argum
ent is null or empty. Supply an argument that is not null or empty and then try
the command again.

In serverlist.txt is written one, correct servername.
I checked command: Get-WmiObject Win32_Share -ComputerName My_Servername
and worked fine. Listed shares.

Wednesday, March 28, 2012 6:24 PM

0

Sign in to vote

Below whole first error message:

Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again
.
At C:\scripts\shares.ps1:5 char:83
+     $wmi = gwmi Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName <<<< $comp
    + CategoryInfo          : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Wednesday, March 28, 2012 7:07 PM

2

Sign in to vote

Kazun,

I also was getting the same error as pavko_x and noticed that the $server variable in the line below wasn't defined anywhere:

$shares | Foreach { Write-Progress -Status "Get share information on $($_.__Server)" $_.Name
Get-NtfsRights $_.Name $_.Path $server}

Changing $server to $_.__Server resolved the issue.

Joe

Wednesday, March 28, 2012 8:23 PM

0

Sign in to vote

Thx Joe.

Proposed as answer by mag8990 Saturday, October 5, 2013 8:32 PM

Thursday, March 29, 2012 10:59 AM

0

Sign in to vote

Can you tell me why there is double underline befor Server >> __Server in $_.__Server ?

Thursday, March 29, 2012 1:50 PM

1

Sign in to vote

Can you tell me why there is double underline befor Server >> __Server in $_.__Server ?

PS >  Get-WmiObject Win32_Share | fl __*


__GENUS          : 2
__CLASS          : Win32_Share
__SUPERCLASS     : CIM_LogicalElement
__DYNASTY        : CIM_ManagedSystemElement
__RELPATH        : Win32_Share.Name="ADMIN$"
__PROPERTY_COUNT : 10
__DERIVATION     : {CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER         : WINPC
__NAMESPACE      : root\cimv2
__PATH           : \\WINPC\root\cimv2:Win32_Share.Name="ADMIN$"

Thursday, March 29, 2012 2:02 PM

0

Sign in to vote

thx

Thursday, March 29, 2012 6:52 PM

0

Sign in to vote

The script Worked like a charm but , how do I import the same permission and create share using PS command .

Anand Shankar

Thursday, November 1, 2012 8:36 AM

0

Sign in to vote

Hi I am looking for a script to pull share folder information mentioned below.

folder shared in all the servers

last modified date and created date

size of the share folder if disk quote in place

permissions for each user on that shared directory

Please help, we need to finish it asap.

Wednesday, December 5, 2012 3:34 PM

0

Sign in to vote

Hi Kazun

Thx for the script, works great :)

I have one down side to it tho, it does not list network shares that have a space in them.

I get the following error message when the script gets to a share with a space in the name:

Get-WmiObject : Invalid query
At line:5 char:13
+     $wmi = gwmi <<<< Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName $comp
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

You cannot call a method on a null-valued expression.
At line:6 char:28
+     $wmi.GetSecurityDescriptor <<<< ().Descriptor.DACL | where {$_.AccessMask -as [Security.AccessControl.FileSystemRights]} |select `
    + CategoryInfo          : InvalidOperation: (GetSecurityDescriptor:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Do you think there is a solution for Share that have spaces in them?

Edited by Rumz79 Thursday, June 20, 2013 11:26 AM Added Error Message

Thursday, June 20, 2013 11:10 AM

0

Sign in to vote

Hi Kazun,

This script didn't work with hidden shared folder on Windows Server 2008. Is there a way to get NTFS permissions on hidden shared folders?

Thanks

Tuesday, February 11, 2014 11:38 AM

0

Sign in to vote

This script works perfectly for me.... but I need to list the folder size and the folder path also... Would you please help me a little on this one?

Monday, December 22, 2014 12:08 PM

0

Sign in to vote

Perfect! Ran like a champ. Thanks!!!

Thursday, June 4, 2015 1:26 PM

0

Sign in to vote

Hello Kazun,

I am getting bellow error: Please help me

You cannot call a method on a null-valued expression.

At C:\temp\DFSDataCollection\CollectSharesPermissionF.ps1:6 char:2

+ $wmi.GetSecurityDescriptor().Descriptor.DACL | where {$_.AccessMask -as [Securi ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [], RuntimeException

+ FullyQualifiedErrorId : InvokeMethodOnNull

Thank you

Abul Hasnat

Edited by Abul Hasnat Thursday, July 9, 2015 10:44 PM

Thursday, July 9, 2015 6:00 PM

0

Sign in to vote

Hi All,

I am new to powershell scripting, recently i got the task to get the shared folder details from list of servers, like(Share folder, Directory details of the path, NTFS permissions and Share permissions). i tried to use Below code which Kazun has posted but i did not get the full output which i wanted. Below is the code which i got it from one of my colleagues friend, so i though of posting here for whom it may require.

Please no questions on the below code, as i already told i am new to Powershell, use it and modify according to your requirement, and excuse me if code is not really so good.

Thanks

*****************************************************

$computer=Get-Content .\serverlist.txt
$sharepermissions=@()
$Secutiypermissions=@()
$printline="**********************************************************************************************************************************"
foreach ($comp in $computer){

$shares=Get-WmiObject -Class win32_share -ComputerName $comp
$sharenames=$shares|select -ExpandProperty Name
$paths=$shares|Select path,Name

foreach($path in $paths) {

$fpath = $path.path.Replace('\','\\')
$SName = $path.name

$NTFSPER = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "path='$fpath'" -ComputerName $comp -ErrorAction SilentlyContinue

$Shareper = Get-WmiObject -Class win32_Logicalsharesecuritysetting -Filter "name='$SName'" -ComputerName $comp -ErrorAction SilentlyContinue

if ($NTFSPER -eq $null){write-host "$fpath is not accessible "}
else{

$sharedetail = "SharePath:\\$comp\$SName DirPath= $fpath"

$NTFS=$NTFSPER.GetSecurityDescriptor()

ForEach ($DACL in $NTFS.Descriptor.DACL)
{

#$myObj = "" | Select computer,path,name,Domain, ID, AccessMask,ShareaccessID, Shareacessper
$myObj = "" | Select NTFSpermissions,Rights

$myObj.NTFSpermissions = $DACL.Trustee.Domain + "\" + $DACL.Trustee.Name
Switch ($DACL.AccessMask)
{
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
1 {$AccessMask = "List_Directory)"}
2 {$AccessMask = "Write"}
4 {$AccessMask = "append"}
default {$AccessMask = $DACL.AccessMask}
}
$myObj.Rights = $AccessMask
Clear-Variable AccessMask -ErrorAction SilentlyContinue
$Secutiypermissions += $myObj
}
$sharedetail
$Secutiypermissions |ft -AutoSize
$sharedetail |Out-File AllShareServers.txt -Append
$Secutiypermissions |Out-File AllShareServers.txt -Append
}





if ($Shareper -eq $null){write-host "$SName is not accessible "}

else {

$shareperm=$Shareper.GetSecurityDescriptor()

ForEach ($DACL2 in $shareperm.Descriptor.DACL)
{

$myObj1 = "" | Select Sharepermissions,Rights

$myObj1.Sharepermissions = $DACL2.Trustee.Domain + "\" + $DACL2.Trustee.Name

Switch ($DACL2.AccessMask)
{
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
default {$AccessMask = $DACL2.AccessMask}
}
$myObj1.Rights = $AccessMask
Clear-Variable AccessMask -ErrorAction SilentlyContinue
$sharepermissions += $myObj1

}

$sharepermissions |ft -AutoSize

$sharepermissions |Out-File AllShareServers.txt -Append


}

$Secutiypermissions =@()
$sharepermissions=@()
$printline
$printline |Out-File AllShareServers.txt -Append
}

}

*************************************************************************

Output would be in this format.

****************************************************************************

\\ServerName\Share folder Name C:\\FTPMain\\Share folder Name

NTFSpermissions Rights
--------------- ------
BUILTIN\Administrators FullControl
\CREATOR OWNER FullControl
\ ReadAndExecute
NT AUTHORITY\SYSTEM FullControl

Sharepermissions Rights
---------------- ------
Domain\Domain Admins FullControl
Domain\Programmers ReadAndExecute, Modify, Write

**********************************************************************************************************************************

Tuesday, July 5, 2016 2:51 PM

0

Sign in to vote

hi Friends~

Share one of my powershell, hope you will like it, for powershell 5.0

*************************
xxx.ps1
*************************

$computer=Get-Content .\serverlist.txt
$OutFile = ".\CCC.csv"

 foreach ($comp in $computer){
 $shares=Get-WmiObject -Class win32_share -ComputerName $comp | Where-Object {(@('Remote Admin','Default share','Remote IPC','預設共用','遠端 IPC','遠端管理') -notcontains $_.Description)}
 $paths=$shares | Select path,Name

 foreach($path in $paths) {
    $fpath = $path.path.Replace(':\','$\')
    $SName = $path.name
    $RootPath = "\\" + $comp + "\" +  $fpath

Get-childitem $RootPath -Recurse -Depth 2| where{$_.psiscontainer} |
Get-Acl | % {
    $path = $_.Path
    $_.Access | % {
        New-Object PSObject -Property @{
            Folder = $path.Replace("Microsoft.PowerShell.Core\FileSystem::","")
            Access = $_.FileSystemRights
            User = $_.IdentityReference
            Control = $_.AccessControlType
            Computer = $comp
            SName = $SName
            }
        } 
    } | select-object -Property Computer, SName, Folder, User, Control, Access | export-csv $OutFile -force -NoTypeInformation -encoding default -Append
    } 
    }

*************************
Output ccc.csv
*************************

"Computer","SName","Folder","User","Control","Access"
"Server1","A","\\Server1\D$\ABC\1","BUILTIN\Administrators","Allow","FullControl"
"Server1","A","\\Server1\D$\ABC\1","NT AUTHORITY\SYSTEM","Allow","FullControl"
"Server1","A","\\Server1\D$\ABC\1","CREATOR OWNER","Allow","268435456"
"Server1","A","\\Server1\D$\ABC\1","BUILTIN\Users","Allow","ReadAndExecute, Synchronize"
"Server1","A","\\Server1\D$\ABC\1","BUILTIN\Users","Allow","AppendData"
"Server1","A","\\Server1\D$\ABC\1","BUILTIN\Users","Allow","CreateFiles"
"Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Administrators","Allow","FullControl"
"Server1","A","\\Server1\D$\ABC\1\2","NT AUTHORITY\SYSTEM","Allow","FullControl"
"Server1","A","\\Server1\D$\ABC\1\2","CREATOR OWNER","Allow","268435456"
"Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Users","Allow","ReadAndExecute, Synchronize"
"Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Users","Allow","AppendData"
"Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Users","Allow","CreateFiles"

Edited by kith Thursday, January 26, 2017 2:26 AM

Thursday, January 26, 2017 2:17 AM

0

Sign in to vote

hi, i need only the permission with evryone and full control, is there a way to modify the code?

tnx

Thursday, August 17, 2017 10:03 AM

1

Sign in to vote

Hi, I can recommend NTFS Permissions Auditor (https://albusbit.com/NTFSPermissionsAuditor.php) to help you get the results you need.

It's a lot simpler if you have a problem with PowerShell scripts.

Thursday, February 15, 2018 10:23 AM

0

Sign in to vote

Hello,

Thank you for posting this script. I had the same question, whether this can output results in CSV instead. When I edited the script as posted, I'm getting this error:

Out-File : Cannot validate argument on parameter 'Encoding'. The argument "result.csv" does not belong to the set "unicode,utf7,utf8,utf32,ascii,bigendianunicode,default,oem" specified by the ValidateSet attribute. Supply an argu
ment that is in the set and then try the command again.
At line:21 char:77
+ } | ft Principal,Rights,AceFlags,AceType -GroupBy ShareName -Wrap | Out-File <<<<  Export-CSV result.csv
    + CategoryInfo          : InvalidData: (:) [Out-File], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand

Any idea what could cause this and could you point me in the right direction?

Thanks!

Edited by NeluC Thursday, November 1, 2018 9:06 PM

Thursday, November 1, 2018 9:03 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Need Powershell Script to get shared folder and NTFS permission from list of servers

Question

All replies