Код: Выделить всё
$path_report = "C:\Program Files (x86)\Windows_Logs\get_share_folder\report"
$servers_list = "C:\Program Files (x86)\Windows_Logs\servers.txt"
$timestamp2 = Get-Date -UFormat %y%m%d
$share_table_result = @()
$SharePermissions = @()
$SharePermissions = @{Server="";Share_Name="";Path="";User="";SMB_Perm="";NTFS_Perm=""}
$servers = gc $servers_list
$tp2=Test-Path $path_report\$timestamp2\
if ($tp2 -ne $True) { New-Item $path_report\$timestamp2 -type directory }
foreach ( $server in $servers )
{
# $server = "comp1"
$Shares_Names = Get-WmiObject -Class Win32_Share -ComputerName $server | select -ExpandProperty Name
foreach ( $Share_Name in $Shares_Names )
{
# $share_name = "R$"
$path = Get-WmiObject -Class Win32_Share -ComputerName $server | ? {$_.Name -eq $Share_Name } | select -ExpandProperty Path
$Share = Get-WmiObject win32_LogicalShareSecuritySetting -Filter "name='$Share_Name'" -ComputerName $server
if( $Share -ne $null )
{
$obj = @()
$ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
foreach( $ACL in $ACLS )
{
$User = $ACL.Trustee.Name
if(!($user)){$user = $ACL.Trustee.SID}
$Domain = $ACL.Trustee.Domain
switch( $ACL.AccessMask )
{
2032127 {$Perm = "Full Control"}
1245631 {$Perm = "Change"}
1179817 {$Perm = "Read"}
-536805376 {$Perm = "Custom" } #:Modify, Synchronize
-1610612736 {$perm = "Custom" } #ReadAndExecute, Synchronize
-536870846 {$perm = "Custom" }
} #end switch
}#end ( $ACL in $ACLS )
$Share_Table = new-object psobject -Property $SharePermissions
$share_table.server = "$server"
$share_table.Share_name= "$Share_Name"
$share_table.Path = "$Path"
$share_table.user = "$domain\$user"
$share_table.SMB_Perm = "$Perm"
$share_table.NTFS_Perm =""
$share_table_result += $share_table
} #end if
else
{
#
$Share_Table = new-object psobject -Property $SharePermissions
$share_table.server = "$server"
$share_table.Share_name= "$Share_Name"
$share_table.Path = "$Path"
$share_table.user = "Default Admin share"
$share_table.SMB_Perm = ""
$share_table.NTFS_Perm=""
$share_table_result += $share_table
} # end else
# $server
# $Share_Name = "ADMIN$"
# $path = Get-WmiObject -Class Win32_Share -ComputerName $server | ? {$_.Name -eq $Share_Name } | select -ExpandProperty Path
# $path
# $ACL_NTFS.access | Select IdentityReference, FileSystemRights | select -ExpandProperty Value
if ( $share_name -ne "IPC$" )
{
$net_path = "\\"+$server+"\"+$path.Replace(":","$")
if ( (Test-Path $net_path) -ne $false )
{
$ACL_NTFS = get-acl $net_path
$users = $ACL_NTFS.access | Select -ExpandProperty IdentityReference | select -ExpandProperty Value
foreach ( $user in $users )
{
# $user ="S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003"
$user = $user.split('\')[-1]
$NTFS_Perm = $ACL_NTFS.access | where {$_.IdentityReference -match "$user" } | Select -ExpandProperty FileSystemRights
$Share_Table = new-object psobject -Property $SharePermissions
$share_table.server = "$server"
$share_table.Share_name= "$Share_Name"
$share_table.Path = "$Path"
$share_table.user = "$user"
$share_table.NTFS_Perm = "$NTFS_Perm"
$share_table.SMB_Perm = ""
$share_table_result += $share_table
} # end ( $user in $users )
} # end if test-path
else
{
if ($path -match 'pr')
{
$Share_Table = new-object psobject -Property $SharePermissions
$share_table.server = "$server"
$share_table.Share_name= "$Share_Name"
$share_table.Path = "$Path"
$share_table.user = "Printer"
$share_table.NTFS_Perm = ""
$share_table.SMB_Perm = ""
$share_table_result += $share_table
} # end ($path -match 'pr')
if ( (Test-Path $net_path) -eq $false )
{
$Share_Table = new-object psobject -Property $SharePermissions
$share_table.server = "$server"
$share_table.Share_name= "$Share_Name"
$share_table.Path = "$Path"
$share_table.user = "Error connect to share"
$share_table.NTFS_Perm = ""
$share_table.SMB_Perm = ""
$share_table_result += $share_table
} #end if
} #end else test-path
} # end ( $share_name -ne "IPC$" )
} #end ( $Share_Name in $Shares_Names )
} #end ( $server in $servers )
$share_table_result | Export-Csv $path_report\$timestamp2\Share_ntfs_permissions_$timestamp2.csv -NoTypeInformation -Delimiter ";"