none
VbScript to get Cacls Output with "Everyone" on a share RRS feed

  • Question

  • Team,

    I am trying to get a VB which will check if any open shares on the local machine are open for Everyone. I will use WMI - Select * from Win32_Share to get the list of shares. However in the below script, I just need to echo if the share has Everyone in the output or not.

    I get this working in a way...

    However when I get the output it has a extra line which makes the output as Open Share and then Not Open

    ===========

    Set objShell = CreateObject("WScript.Shell")
    Set objShellExec = CreateObject("WScript.Shell")
    One = "c:\shareplease"
    Two = "| find ""Everyone"""
    StrCommand = "cmd /k cacls" & " " & One & Two


    set objShellExec = ObjShell.Exec(StrCommand)

    Do While Not objShellExec.StdOut.AtEndOfStream
        strText = objShellExec.StdOut.ReadLine()
        If Instr(strText, "Everyone") > 0 Then
            Wscript.Echo "Open Share"
    Else
         Wscript.Echo "Not Open"
            Exit Do
        End If
    Loop


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"


    • Edited by Vik Singh Tuesday, September 8, 2015 9:03 AM
    Tuesday, September 8, 2015 8:58 AM

Answers

  • Hi Vik,

    I had gone through your script in detail.

    How about adding Exit Do after "Open Share" as well, you already know its open, then why keep on looping.

    Wscript.Echo "Open Share" Exit Do

    Else
         Wscript.Echo "Not Open"
            Exit Do


    I would say why do you need the loop at all, the | find is already filtering only valid entires that will definately have "everyone" on first line itself or not have anywhere.



    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Edited by Satyajit321 Tuesday, September 8, 2015 12:20 PM
    • Marked as answer by Vik Singh Wednesday, September 9, 2015 8:55 AM
    Tuesday, September 8, 2015 12:18 PM
  • You can accomplish an inventory with a one time scan using WMI to gather the information.  You should use PowerShell to easily retrieve the remote security descriptors. All of this can be done in one short script.

    If you do not know how to do this then you might want to contact a consultant to work with you.  You can also take the time to learn PowerShell which is aa necessity for all future work with Windows.

    In all cases your original question has been answered so you should mark it. If you still have issues then you will need to open a new question.


    \_(ツ)_/

    • Marked as answer by Vik Singh Wednesday, September 9, 2015 8:54 AM
    Wednesday, September 9, 2015 8:44 AM

All replies

  • Hi Vik,

    Please explain the last line with an example.

    How about PowerShell

    $StrCommand = "cacls.exe c:\temp"
    
    $StrResult = Invoke-Expression  $StrCommand
    
    $Strcount = (Select-String -InputObject $StrResult -Pattern "Everyone").count
    
    if ($Strcount -ge 1)
    {"Open Share"}
    else
    {"Not a Open Share"}


    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Edited by Satyajit321 Tuesday, September 8, 2015 11:31 AM
    Tuesday, September 8, 2015 11:17 AM
  • Hi Vik,

    I had gone through your script in detail.

    How about adding Exit Do after "Open Share" as well, you already know its open, then why keep on looping.

    Wscript.Echo "Open Share" Exit Do

    Else
         Wscript.Echo "Not Open"
            Exit Do


    I would say why do you need the loop at all, the | find is already filtering only valid entires that will definately have "everyone" on first line itself or not have anywhere.



    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Edited by Satyajit321 Tuesday, September 8, 2015 12:20 PM
    • Marked as answer by Vik Singh Wednesday, September 9, 2015 8:55 AM
    Tuesday, September 8, 2015 12:18 PM
  • cacls c:\share | find /i "everyone"

    Returns all lines with "Everyone"


    \_(ツ)_/

    Tuesday, September 8, 2015 3:38 PM
  • Thanks JRV & Satyajit for your responses.

    Here is what I finally did and works, however I don't want cmd window to blink when I execute the VB. I was trying to do a objshell.run instead however never got that working. Any !deas?

    '''''''''''''''====================
    Set objShell = CreateObject("WScript.Shell")
    Set objShellExec = CreateObject("WScript.Shell")
    Set objShellOne = CreateObject("WScript.Shell")

    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

    Set colItems = objWMIService.ExecQuery("Select * from Win32_Share where NOT Name Like 'C$' and NOT Name like 'D$' and NOT Name like 'E$' and NOT Name like 'IPC$' and NOT Name like 'Print$' and NOT Name like 'Admin$'  and NOT Name like '%Driver%'  and NOT Name like '%Printer%'")

    For Each objItem in colItems

    One = objItem.path
    Two = "| find ""Everyone"""
    Three = " /i"
    StrCommand = "cmd /c cacls" & " " & One & Two & Three

    set objShellExec = ObjShell.Exec(StrCommand)


    Do While Not objShellExec.StdOut.AtEndOfStream
        strText = objShellExec.StdOut.ReadLine()
        If Instr(strText, "Everyone") > 0 or Instr(strText, "EVERYONE0") > 0 Then
            Wscript.Echo objitem.name & " is an Open Share"
    Else
    '     Wscript.Echo "Not Open"
            Exit Do
        End If
    Loop

    Next


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, September 9, 2015 4:50 AM
  • Get-WmiObject win32_share -filter 'type=0 and NOT name like "%$"' |
        ForEach-Object{
    		if(Get-Acl $_.Path|?{$_.Access.IdentityReference -match 'Everyone'}){
    			Write-Host "$($_.Name) is OPEN" -Fore green
    		}else{
    			Write-Host "$($_.Name) is NOT OPEN" -Fore blue
    		}
        }


    \_(ツ)_/



    • Edited by jrv Wednesday, September 9, 2015 5:38 AM
    Wednesday, September 9, 2015 5:38 AM
  • Hi Vik,

    Any reason for sticking to VB Script.


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Wednesday, September 9, 2015 7:13 AM
  • See the !dea or the Use Case is to find out all the open shares in an organization which are open for everyone and are rather not restricted to specific users.

    Like a share called MyData with read permissions to everyone. This should be flagged.

    I was planning to have a logon script which will capture the following and put it to a registry
    1. Logged on User
    2. Computer Name
    3. List of open shares.

    Then we query this registry using SCCM and then use Orchestrator to automate mails to the user, that these are open shares.

    With registry, I might get into UAC and no user Auth Issues though. So might move to file writing and then have SCCM gather that data.


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, September 9, 2015 7:30 AM
  • What you are trying to do will not work.

    The problem is one of incorrect deployment of Windows.  Use Group Policy to remedy this soo users cannot share things.  Set up common shares for users to share files on.


    \_(ツ)_/

    Wednesday, September 9, 2015 7:36 AM
  • JVR - GP is not possible as we cannot stop all users now. The impact is high. Shares are already in place. This is for users who have mistakenly created shares.

    Can you elaborate why this will not work?


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, September 9, 2015 8:20 AM
  • You can accomplish an inventory with a one time scan using WMI to gather the information.  You should use PowerShell to easily retrieve the remote security descriptors. All of this can be done in one short script.

    If you do not know how to do this then you might want to contact a consultant to work with you.  You can also take the time to learn PowerShell which is aa necessity for all future work with Windows.

    In all cases your original question has been answered so you should mark it. If you still have issues then you will need to open a new question.


    \_(ツ)_/

    • Marked as answer by Vik Singh Wednesday, September 9, 2015 8:54 AM
    Wednesday, September 9, 2015 8:44 AM
  • Thanks.

    Through SCCM I can query WMI, but then we want to know the user who logged on to the machine as well. Use registry to store information and then govern this etc.

    Powershell is ok, we dont need a consultant for it. However it was bogged down due to restrictions to run powershell in specific segments in our environment.

    I will look for other options as well.

    Thanks for the thoughts though.


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, September 9, 2015 8:58 AM
  • This is a one time thing.  It does not need SCCM.  Just build the script and run it on any workstation that can run PowerShell.  The remote machines do not need PowerShell.  This is why I said you need a consultant.  It is clear you are not up to speed on Windows Management Automation.   A consultant can show you many things in a short time.  Right now you cannot imagine a simple solution because you do not know enough about how WMF and WMI work to see how to build a solution.

    I can build and test your solution in less than an hour.  It can be run and collect all information in a very short period of time and be rerun on demand at any time.  It is just a simple script.

    Using SCCM or logon scripts is overkill and leads to other complication that you don't need to try to solve.


    \_(ツ)_/

    Wednesday, September 9, 2015 9:06 AM
  • The question in the forum is not to quantify and gauge what JRV can do an 1 hr and Vik Singh will take years.

    Suggestions are well taken however Simple is because you have that experience. But not put down folks who post.

    If we dont post, then this forum does not exist.....


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"


    • Edited by Vik Singh Wednesday, September 9, 2015 9:25 AM
    Wednesday, September 9, 2015 9:17 AM
  • No one is putting you down.  It is clear you do not have training in Windows Automation with WMF and WMI.  Without this fundamental knowledge you cannot image how to build this task.  A consultant would help you too move forward and to learn what can be done once you have learned these things.  These things will be an absolute requirement for future Windows administration.  You would do well to use this opportunity to learn automation scripting.

    I noted how long it might take me as a way of demonstrating how learning PowerShell and scripting can save a lot of time.  The hardest part is making the commitment to learn.  Having a consultant to get you started can be a big help as well as a good way to get an important task done.


    \_(ツ)_/

    Wednesday, September 9, 2015 9:41 AM
  • Again - I did not post for someone to tell me what I know and what I dont.

    Especially, helping with my academics...

    Answer is "I Dont know - agreed". I posted the question to get a better logic. Than seeing someone write "I can do this" and "So can a consultant"... but "NOT YOU Vik Singh".

    Other than the above statements, all the other suggestions are well taken and accepted. Thanks!!!


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, September 9, 2015 9:58 AM
  • I am sorry that you misunderstand what I am saying.  Sorry I can't be of any help.


    \_(ツ)_/

    Wednesday, September 9, 2015 10:06 AM
  • NP.        

    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, September 9, 2015 10:16 AM