Skip to main content

Powershell: Read servers from AD and search for shares and return ACL permissions


Purpose:
Connects to active directory and pulls a list of all computer objects that are servers and check ACL permissions

  
Import-Module ActiveDirectory
#Most of the information to do this was from this site.
#http://blogs.technet.com/b/heyscriptingguy/archive/2009/09/14/hey-scripting-guy-september-14-2009.aspx

Function Get-ACLPermissions($Share){

    $acl = Get-Acl -Path $Share

return $ACL

}


function Get-MyShares

{
#Function by
#http://www.peetersonline.nl/2008/11/finding-shares-with-powershell/

     param([string]$Server)
     $Shares = Get-WmiObject -Class Win32_Share -ComputerName $Server
     $output = @()
         ForEach ($Share in $Shares)
         {
              $fullpath = “\\{0}\{1}” -f $server, $share.name
              Add-Member -MemberType NoteProperty -InputObject $Share -Name FullPath -Value $fullpath
              $output += $Share
         }
         Return $output
}

#Path to where the CSV file is written to
$PathtoCSV = "C:\temp\AuditACL.csv"

#Create Header in CSV
"Server;Share;Username;FileSystemRights;AccessControlType;IsInherited;InheritanceFlags" > $PathtoCSV 
#Get all computers that are servers from AD
$Servers = Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Select -Expand Name
$i = 0
foreach ($Server in $Servers)
# update counter and write progress
{
   $i++
   Write-Progress -activity "Scanning Machine $Server" -status "Scanned: $i of $($Servers.Count)" -percentComplete (($i / $Servers.Count)  * 100)
   
# Get all Shares on server
    $Shares = Get-MyShares $Server | Select -ExpandProperty Name 
        foreach ($Share_Current in $Shares){
        #Process all Shares on Server
            $fullpath = "\\$Server\$Share_Current"
            $ShareACL = Get-ACLPermissions $fullpath
            $o = 0
            $ShareACL.Access | ForEach-Object {
            $FileSystemRights = $ShareACL.Access[$o] | Select -ExpandProperty FileSystemRights #Example ReadAndExecute
            $AccessControlType = $ShareACL.Access[$o] | Select -ExpandProperty AccessControlType #Example Allow/Deny
            $IdentityReference = $ShareACL.Access[$o] | Select -ExpandProperty IdentityReference #Example Everyone,Username
            $IsInherited = $ShareACL.Access[$o] | Select -ExpandProperty IsInherited #Are Permissions inherited
            $InheritanceFlags = $ShareACL.Access[$o] | Select -ExpandProperty InheritanceFlags #Type of Inheritance ContainerInherit
            $PropagationFlags = $ShareACL.Access[$o] | Select -ExpandProperty PropagationFlags #PropagationFlags
            $o++

            switch -wildcard ($FileSystemRights) 
            { #Should be a better way to do this via function
                "268435456*" {$FileSystemRights = "FullControl"} 
                "-536805376*" {$FileSystemRights = "Modify, Synchronize"} 
                "-1610612736*" {$FileSystemRights = "ReadAndExecute, Synchronize"} 
            }
            $Combine = $Server,$fullpath,$IdentityReference,$FileSystemRights,$AccessControlType,$IsInherited,$InheritanceFlags
            Write-Host "$Combine to $PathtoCSV"
            $Combine -join ";" >> $PathtoCSV
        } 
}
}





Comments

Popular posts from this blog

Excel document for pinging list of computers VBA

Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools that can be used such as angry ip scanner  http://www.angryip.org/w/Home . I just wrote this as an example Requirements: Tested with Office 2010 Download: Download

Powershell - Com+ Application Recycle

Needed a script to recycle a com+ application nightly and this is what i came up with. This script will write each recycle it does to the event log under application. Run locally or via a scheduled task. #Recycle COM+ Application and write to the event log the status # 1.0 Release # Run script locally # Write to the event log ######################################## #Configurable ######################################## #Com+ ApplicationName $ComPlusLikeAppName = "Put the name of Com+ Application here a like statement is used to eval so you can get away with putting part of it" #EventLog to write to. $eventlog = "Application" #Source for eventlog. $source = "RecycleComObject" #Successful Event ID $SEventID = 0 #Error Event ID $EEventID = 666 #Process that COM+ runs under $process = "dllhost.exe". ######################################## #Clear $CurrentMemory = $null $PRocessID = $null $Commandline = $null $GUID = $null $AppID = $null $Messag

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query. $Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $Sp