Asked by:
Need Powershell Script to get shared folder and NTFS permission from list of servers

Question
-
Hi Friends,
I need powershell script to dump all the shared folder and thier permission from serverlist.txt. the below code just giving me the shares but not the permissions.
$strComputer = gc C:\ps-test\serverlist.txt
foreach ($computer in $strComputer) {
$colItems = get-wmiobject -class "Win32_Share" -namespace "root\CIMV2" -computername $computer
foreach ($colItem in $colItems) {
$sharename = $colItem.Name
$share = "\\" + $computer + "\" + $sharename | Out-File C:\ps-test\result.txt -NoClobber -Append
$share
}
}Wednesday, July 13, 2011 6:26 PM
All replies
-
Function Get-NtfsRights($name,$path,$comp) { $path = [regex]::Escape($path) $share = "\\$comp\$name" $wmi = gwmi Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName $comp $wmi.GetSecurityDescriptor().Descriptor.DACL | where {$_.AccessMask -as [Security.AccessControl.FileSystemRights]} |select ` @{name="Principal";Expression={"{0}\{1}" -f $_.Trustee.Domain,$_.Trustee.name}}, @{name="Rights";Expression={[Security.AccessControl.FileSystemRights] $_.AccessMask }}, @{name="AceFlags";Expression={[Security.AccessControl.AceFlags] $_.AceFlags }}, @{name="AceType";Expression={[Security.AccessControl.AceType] $_.AceType }}, @{name="ShareName";Expression={$share}} } gc serverlist.txt | foreach { if ($shares = Get-WmiObject Win32_Share -ComputerName $_ | Where {$_.Path}) { $shares | Foreach { Write-Progress -Status "Get share information on $($_.__Server)" $_.Name Get-NtfsRights $_.Name $_.Path $_.__Server} } else {"Failed to get share information from {0}." -f $($_.ToUpper())} } | ft Principal,Rights,AceFlags,AceType -GroupBy ShareName -Wrap | Out-File result.txt
- Edited by Kazun Thursday, March 29, 2012 2:02 PM __Server
- Proposed as answer by ErfanTaheri Monday, December 22, 2014 12:06 PM
Wednesday, July 13, 2011 9:51 PM -
Hello Kazun,
Thanks for your reply and for script. I tried to run the script which you have given but I am getting below errors.
Could you please guide me on this?
The term 'Get-NtfsRights' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At H:\Scripts\Get-SharedFolder\Get-NtfsRights.ps1:5 char:18
+ Get-NtfsRights <<<< $_.Name $_.Path $server}
+ CategoryInfo : ObjectNotFound: (Get-NtfsRights:String) [], Comm
andNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionThursday, July 14, 2011 6:12 PM -
Hi Kazun, this worked ok for me :)
One request however could you get the output to a csv/xls file instead?
so that each server and it shares and permissions could be shown nicely?
Friday, October 21, 2011 1:59 PM -
Hi Kazun, this worked ok for me :)
One request however could you get the output to a csv/xls file instead?
so that each server and it shares and permissions could be shown nicely?
- Proposed as answer by Heckter Friday, November 25, 2011 12:12 PM
Friday, October 21, 2011 2:07 PM -
Please, suggest me why I have an error running this script ?!?
Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argum
ent is null or empty. Supply an argument that is not null or empty and then try
the command again.In serverlist.txt is written one, correct servername.
I checked command: Get-WmiObject Win32_Share -ComputerName My_Servername
and worked fine. Listed shares.Wednesday, March 28, 2012 6:24 PM -
Below whole first error message:
Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again
.
At C:\scripts\shares.ps1:5 char:83
+ $wmi = gwmi Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName <<<< $comp
+ CategoryInfo : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommandWednesday, March 28, 2012 7:07 PM -
Kazun,
I also was getting the same error as pavko_x and noticed that the $server variable in the line below wasn't defined anywhere:
$shares | Foreach { Write-Progress -Status "Get share information on $($_.__Server)" $_.Name
Get-NtfsRights $_.Name $_.Path $server}Changing $server to $_.__Server resolved the issue.
Joe
Wednesday, March 28, 2012 8:23 PM -
Thx Joe.
- Proposed as answer by mag8990 Saturday, October 5, 2013 8:32 PM
Thursday, March 29, 2012 10:59 AM -
Can you tell me why there is double underline befor Server >> __Server in $_.__Server ?Thursday, March 29, 2012 1:50 PM
-
Can you tell me why there is double underline befor Server >> __Server in $_.__Server ?
PS > Get-WmiObject Win32_Share | fl __* __GENUS : 2 __CLASS : Win32_Share __SUPERCLASS : CIM_LogicalElement __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Share.Name="ADMIN$" __PROPERTY_COUNT : 10 __DERIVATION : {CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : WINPC __NAMESPACE : root\cimv2 __PATH : \\WINPC\root\cimv2:Win32_Share.Name="ADMIN$"
Thursday, March 29, 2012 2:02 PM -
thxThursday, March 29, 2012 6:52 PM
-
The script Worked like a charm but , how do I import the same permission and create share using PS command .
Anand Shankar
Thursday, November 1, 2012 8:36 AM -
Hi I am looking for a script to pull share folder information mentioned below.
folder shared in all the servers
last modified date and created date
size of the share folder if disk quote in place
permissions for each user on that shared directory
Please help, we need to finish it asap.
Wednesday, December 5, 2012 3:34 PM -
Hi Kazun
Thx for the script, works great :)
I have one down side to it tho, it does not list network shares that have a space in them.
I get the following error message when the script gets to a share with a space in the name:
Get-WmiObject : Invalid query
At line:5 char:13
+ $wmi = gwmi <<<< Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName $comp
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
You cannot call a method on a null-valued expression.
At line:6 char:28
+ $wmi.GetSecurityDescriptor <<<< ().Descriptor.DACL | where {$_.AccessMask -as [Security.AccessControl.FileSystemRights]} |select `
+ CategoryInfo : InvalidOperation: (GetSecurityDescriptor:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNullDo you think there is a solution for Share that have spaces in them?
- Edited by Rumz79 Thursday, June 20, 2013 11:26 AM Added Error Message
Thursday, June 20, 2013 11:10 AM -
Hi Kazun,
This script didn't work with hidden shared folder on Windows Server 2008. Is there a way to get NTFS permissions on hidden shared folders?
Thanks
Tuesday, February 11, 2014 11:38 AM -
This script works perfectly for me.... but I need to list the folder size and the folder path also... Would you please help me a little on this one?Monday, December 22, 2014 12:08 PM
-
Perfect! Ran like a champ. Thanks!!!Thursday, June 4, 2015 1:26 PM
-
Hello Kazun,
I am getting bellow error: Please help me
You cannot call a method on a null-valued expression.
At C:\temp\DFSDataCollection\CollectSharesPermissionF.ps1:6 char:2
+ $wmi.GetSecurityDescriptor().Descriptor.DACL | where {$_.AccessMask -as [Securi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Thank you
Abul Hasnat
- Edited by Abul Hasnat Thursday, July 9, 2015 10:44 PM
Thursday, July 9, 2015 6:00 PM -
Hi All,
I am new to powershell scripting, recently i got the task to get the shared folder details from list of servers, like(Share folder, Directory details of the path, NTFS permissions and Share permissions). i tried to use Below code which Kazun has posted but i did not get the full output which i wanted. Below is the code which i got it from one of my colleagues friend, so i though of posting here for whom it may require.
Please no questions on the below code, as i already told i am new to Powershell, use it and modify according to your requirement, and excuse me if code is not really so good.
Thanks
*****************************************************
$computer=Get-Content .\serverlist.txt
$sharepermissions=@()
$Secutiypermissions=@()
$printline="**********************************************************************************************************************************"
foreach ($comp in $computer){
$shares=Get-WmiObject -Class win32_share -ComputerName $comp
$sharenames=$shares|select -ExpandProperty Name
$paths=$shares|Select path,Name
foreach($path in $paths) {
$fpath = $path.path.Replace('\','\\')
$SName = $path.name
$NTFSPER = Get-WmiObject -Class Win32_LogicalFileSecuritySetting -Filter "path='$fpath'" -ComputerName $comp -ErrorAction SilentlyContinue
$Shareper = Get-WmiObject -Class win32_Logicalsharesecuritysetting -Filter "name='$SName'" -ComputerName $comp -ErrorAction SilentlyContinue
if ($NTFSPER -eq $null){write-host "$fpath is not accessible "}
else{
$sharedetail = "SharePath:\\$comp\$SName DirPath= $fpath"
$NTFS=$NTFSPER.GetSecurityDescriptor()
ForEach ($DACL in $NTFS.Descriptor.DACL)
{
#$myObj = "" | Select computer,path,name,Domain, ID, AccessMask,ShareaccessID, Shareacessper
$myObj = "" | Select NTFSpermissions,Rights
$myObj.NTFSpermissions = $DACL.Trustee.Domain + "\" + $DACL.Trustee.Name
Switch ($DACL.AccessMask)
{
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
1 {$AccessMask = "List_Directory)"}
2 {$AccessMask = "Write"}
4 {$AccessMask = "append"}
default {$AccessMask = $DACL.AccessMask}
}
$myObj.Rights = $AccessMask
Clear-Variable AccessMask -ErrorAction SilentlyContinue
$Secutiypermissions += $myObj
}
$sharedetail
$Secutiypermissions |ft -AutoSize
$sharedetail |Out-File AllShareServers.txt -Append
$Secutiypermissions |Out-File AllShareServers.txt -Append
}
if ($Shareper -eq $null){write-host "$SName is not accessible "}
else {
$shareperm=$Shareper.GetSecurityDescriptor()
ForEach ($DACL2 in $shareperm.Descriptor.DACL)
{
$myObj1 = "" | Select Sharepermissions,Rights
$myObj1.Sharepermissions = $DACL2.Trustee.Domain + "\" + $DACL2.Trustee.Name
Switch ($DACL2.AccessMask)
{
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
default {$AccessMask = $DACL2.AccessMask}
}
$myObj1.Rights = $AccessMask
Clear-Variable AccessMask -ErrorAction SilentlyContinue
$sharepermissions += $myObj1
}
$sharepermissions |ft -AutoSize
$sharepermissions |Out-File AllShareServers.txt -Append
}
$Secutiypermissions =@()
$sharepermissions=@()
$printline
$printline |Out-File AllShareServers.txt -Append
}
}
*************************************************************************
Output would be in this format.
****************************************************************************
\\ServerName\Share folder Name C:\\FTPMain\\Share folder Name
NTFSpermissions Rights
--------------- ------
BUILTIN\Administrators FullControl
\CREATOR OWNER FullControl
\ ReadAndExecute
NT AUTHORITY\SYSTEM FullControl
Sharepermissions Rights
---------------- ------
Domain\Domain Admins FullControl
Domain\Programmers ReadAndExecute, Modify, Write
**********************************************************************************************************************************Tuesday, July 5, 2016 2:51 PM -
hi Friends~Share one of my powershell, hope you will like it, for powershell 5.0
*************************
xxx.ps1
*************************$computer=Get-Content .\serverlist.txt $OutFile = ".\CCC.csv" foreach ($comp in $computer){ $shares=Get-WmiObject -Class win32_share -ComputerName $comp | Where-Object {(@('Remote Admin','Default share','Remote IPC','預設共用','遠端 IPC','遠端管理') -notcontains $_.Description)} $paths=$shares | Select path,Name foreach($path in $paths) { $fpath = $path.path.Replace(':\','$\') $SName = $path.name $RootPath = "\\" + $comp + "\" + $fpath Get-childitem $RootPath -Recurse -Depth 2| where{$_.psiscontainer} | Get-Acl | % { $path = $_.Path $_.Access | % { New-Object PSObject -Property @{ Folder = $path.Replace("Microsoft.PowerShell.Core\FileSystem::","") Access = $_.FileSystemRights User = $_.IdentityReference Control = $_.AccessControlType Computer = $comp SName = $SName } } } | select-object -Property Computer, SName, Folder, User, Control, Access | export-csv $OutFile -force -NoTypeInformation -encoding default -Append } }
*************************
Output ccc.csv
*************************"Computer","SName","Folder","User","Control","Access" "Server1","A","\\Server1\D$\ABC\1","BUILTIN\Administrators","Allow","FullControl" "Server1","A","\\Server1\D$\ABC\1","NT AUTHORITY\SYSTEM","Allow","FullControl" "Server1","A","\\Server1\D$\ABC\1","CREATOR OWNER","Allow","268435456" "Server1","A","\\Server1\D$\ABC\1","BUILTIN\Users","Allow","ReadAndExecute, Synchronize" "Server1","A","\\Server1\D$\ABC\1","BUILTIN\Users","Allow","AppendData" "Server1","A","\\Server1\D$\ABC\1","BUILTIN\Users","Allow","CreateFiles" "Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Administrators","Allow","FullControl" "Server1","A","\\Server1\D$\ABC\1\2","NT AUTHORITY\SYSTEM","Allow","FullControl" "Server1","A","\\Server1\D$\ABC\1\2","CREATOR OWNER","Allow","268435456" "Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Users","Allow","ReadAndExecute, Synchronize" "Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Users","Allow","AppendData" "Server1","A","\\Server1\D$\ABC\1\2","BUILTIN\Users","Allow","CreateFiles"
- Edited by kith Thursday, January 26, 2017 2:26 AM
Thursday, January 26, 2017 2:17 AM -
hi, i need only the permission with evryone and full control, is there a way to modify the code?
tnx
Thursday, August 17, 2017 10:03 AM -
Hi, I can recommend NTFS Permissions Auditor (https://albusbit.com/NTFSPermissionsAuditor.php) to help you get the results you need.
It's a lot simpler if you have a problem with PowerShell scripts.
Thursday, February 15, 2018 10:23 AM -
Hello,
Thank you for posting this script. I had the same question, whether this can output results in CSV instead. When I edited the script as posted, I'm getting this error:
Out-File : Cannot validate argument on parameter 'Encoding'. The argument "result.csv" does not belong to the set "unicode,utf7,utf8,utf32,ascii,bigendianunicode,default,oem" specified by the ValidateSet attribute. Supply an argu ment that is in the set and then try the command again. At line:21 char:77 + } | ft Principal,Rights,AceFlags,AceType -GroupBy ShareName -Wrap | Out-File <<<< Export-CSV result.csv + CategoryInfo : InvalidData: (:) [Out-File], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.OutFileCommand
Any idea what could cause this and could you point me in the right direction?
Thanks!
- Edited by NeluC Thursday, November 1, 2018 9:06 PM
Thursday, November 1, 2018 9:03 PM