PowerShell: "share","ntfs" permissions on shared folders

Ответить
M.K
Новичок
Сообщения: 9
Зарегистрирован: 04 дек 2014 16:52

PowerShell: "share","ntfs" permissions on shared folders

Сообщение M.K »

Код: Выделить всё



$path_report = "C:\Program Files (x86)\Windows_Logs\get_share_folder\report"
$servers_list = "C:\Program Files (x86)\Windows_Logs\servers.txt"
$timestamp2 = Get-Date -UFormat %y%m%d


$share_table_result = @()
$SharePermissions = @()
$SharePermissions = @{Server="";Share_Name="";Path="";User="";SMB_Perm="";NTFS_Perm=""}



$servers = gc $servers_list
$tp2=Test-Path $path_report\$timestamp2\
if ($tp2 -ne $True) { New-Item $path_report\$timestamp2 -type directory }

foreach ( $server in $servers )
{
#  $server = "comp1"
 $Shares_Names = Get-WmiObject -Class Win32_Share  -ComputerName $server | select -ExpandProperty Name
 
         foreach ( $Share_Name in $Shares_Names )
         {
         # $share_name = "R$"
            $path = Get-WmiObject -Class Win32_Share  -ComputerName $server | ? {$_.Name -eq $Share_Name } | select -ExpandProperty Path
            $Share = Get-WmiObject win32_LogicalShareSecuritySetting -Filter "name='$Share_Name'" -ComputerName $server
                if( $Share -ne $null )
                        {
                            $obj = @()
                            $ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
                            
                                        foreach( $ACL in $ACLS )
                                        {
                                            $User = $ACL.Trustee.Name
                                            if(!($user)){$user = $ACL.Trustee.SID}
                                            $Domain = $ACL.Trustee.Domain
                                            switch( $ACL.AccessMask )
                                                {
                                                2032127     {$Perm = "Full Control"}
                                                1245631     {$Perm = "Change"}
                                                1179817     {$Perm = "Read"}
                                                -536805376  {$Perm = "Custom" } #:Modify, Synchronize
                                                -1610612736 {$perm = "Custom" } #ReadAndExecute, Synchronize
                                                -536870846  {$perm = "Custom" }
                                                } #end switch
                                        }#end ( $ACL in $ACLS )
                                             
                              $Share_Table = new-object psobject -Property $SharePermissions  
                                        $share_table.server = "$server"
                                        $share_table.Share_name= "$Share_Name"
                                        $share_table.Path = "$Path"
                                        $share_table.user = "$domain\$user"
                                        $share_table.SMB_Perm = "$Perm"
                                        $share_table.NTFS_Perm =""
                                        
                              $share_table_result += $share_table     
                                               
                            
                        } #end if
                else 
                        {
                         # 
                         $Share_Table = new-object psobject -Property $SharePermissions  
                                        $share_table.server = "$server"
                                        $share_table.Share_name= "$Share_Name"
                                        $share_table.Path = "$Path"
                                        $share_table.user = "Default Admin share"
                                        $share_table.SMB_Perm = ""
                                        $share_table.NTFS_Perm=""
                                        
                               $share_table_result += $share_table  
                        } # end else 
              
                
                
                
                
                
               #   $server
               # $Share_Name =   "ADMIN$"
               # $path = Get-WmiObject -Class Win32_Share  -ComputerName $server | ? {$_.Name -eq $Share_Name } | select -ExpandProperty Path
               # $path
               # $ACL_NTFS.access | Select IdentityReference, FileSystemRights | select -ExpandProperty Value
               if ( $share_name -ne "IPC$" )
               {
                    $net_path = "\\"+$server+"\"+$path.Replace(":","$")
                    
                    if ( (Test-Path $net_path) -ne $false )
                    {
                    
                    $ACL_NTFS = get-acl $net_path
                    $users = $ACL_NTFS.access | Select -ExpandProperty IdentityReference | select -ExpandProperty Value
                
                        foreach ( $user in $users )
                        {
                        # $user ="S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003"
                        $user = $user.split('\')[-1]
                        $NTFS_Perm = $ACL_NTFS.access | where {$_.IdentityReference -match "$user" }  | Select -ExpandProperty FileSystemRights
                        $Share_Table = new-object psobject -Property $SharePermissions  
                                        $share_table.server = "$server"
                                        $share_table.Share_name= "$Share_Name"
                                        $share_table.Path = "$Path"
                                        $share_table.user = "$user"
                                        $share_table.NTFS_Perm = "$NTFS_Perm"
                                        $share_table.SMB_Perm = ""
                                        
                               $share_table_result += $share_table 
                        } # end  ( $user in $users )
                     } # end if test-path
                     else 
                     {
                             if ($path -match 'pr')
                                    {
                                     $Share_Table = new-object psobject -Property $SharePermissions  
                                                $share_table.server = "$server"
                                                $share_table.Share_name= "$Share_Name"
                                                $share_table.Path = "$Path"
                                                $share_table.user = "Printer"
                                                $share_table.NTFS_Perm = ""
                                                $share_table.SMB_Perm = ""
                                                
                                       $share_table_result += $share_table 
                                    } # end ($path -match 'pr')
                             if ( (Test-Path $net_path) -eq $false )
                                    {
                                    $Share_Table = new-object psobject -Property $SharePermissions  
                                                $share_table.server = "$server"
                                                $share_table.Share_name= "$Share_Name"
                                                $share_table.Path = "$Path"
                                                $share_table.user = "Error connect to share"
                                                $share_table.NTFS_Perm = ""
                                                $share_table.SMB_Perm = ""
                                                
                                       $share_table_result += $share_table 
                                    } #end if
                     
                     } #end else test-path
                } # end ( $share_name -ne "IPC$" )
                
         } #end ( $Share_Name in $Shares_Names )
         
  } #end ( $server in $servers  )
  
  
$share_table_result  | Export-Csv $path_report\$timestamp2\Share_ntfs_permissions_$timestamp2.csv -NoTypeInformation -Delimiter ";"


Ответить

Вернуться в «Powershell»