Thursday, May 9, 2013

Powershell: Read servers from AD and search for shares and return ACL permissions

Connects to active directory and pulls a list of all computer objects that are servers and check ACL permissions

Import-Module ActiveDirectory
#Most of the information to do this was from this site.

Function Get-ACLPermissions($Share){

    $acl = Get-Acl -Path $Share

return $ACL


function Get-MyShares

#Function by

     $Shares = Get-WmiObject -Class Win32_Share -ComputerName $Server
     $output = @()
         ForEach ($Share in $Shares)
              $fullpath = “\\{0}\{1}” -f $server, $
              Add-Member -MemberType NoteProperty -InputObject $Share -Name FullPath -Value $fullpath
              $output += $Share
         Return $output

#Path to where the CSV file is written to
$PathtoCSV = "C:\temp\AuditACL.csv"

#Create Header in CSV
"Server;Share;Username;FileSystemRights;AccessControlType;IsInherited;InheritanceFlags" > $PathtoCSV 
#Get all computers that are servers from AD
$Servers = Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Select -Expand Name
$i = 0
foreach ($Server in $Servers)
# update counter and write progress
   Write-Progress -activity "Scanning Machine $Server" -status "Scanned: $i of $($Servers.Count)" -percentComplete (($i / $Servers.Count)  * 100)
# Get all Shares on server
    $Shares = Get-MyShares $Server | Select -ExpandProperty Name 
        foreach ($Share_Current in $Shares){
        #Process all Shares on Server
            $fullpath = "\\$Server\$Share_Current"
            $ShareACL = Get-ACLPermissions $fullpath
            $o = 0
            $ShareACL.Access | ForEach-Object {
            $FileSystemRights = $ShareACL.Access[$o] | Select -ExpandProperty FileSystemRights #Example ReadAndExecute
            $AccessControlType = $ShareACL.Access[$o] | Select -ExpandProperty AccessControlType #Example Allow/Deny
            $IdentityReference = $ShareACL.Access[$o] | Select -ExpandProperty IdentityReference #Example Everyone,Username
            $IsInherited = $ShareACL.Access[$o] | Select -ExpandProperty IsInherited #Are Permissions inherited
            $InheritanceFlags = $ShareACL.Access[$o] | Select -ExpandProperty InheritanceFlags #Type of Inheritance ContainerInherit
            $PropagationFlags = $ShareACL.Access[$o] | Select -ExpandProperty PropagationFlags #PropagationFlags

            switch -wildcard ($FileSystemRights) 
            { #Should be a better way to do this via function
                "268435456*" {$FileSystemRights = "FullControl"} 
                "-536805376*" {$FileSystemRights = "Modify, Synchronize"} 
                "-1610612736*" {$FileSystemRights = "ReadAndExecute, Synchronize"} 
            $Combine = $Server,$fullpath,$IdentityReference,$FileSystemRights,$AccessControlType,$IsInherited,$InheritanceFlags
            Write-Host "$Combine to $PathtoCSV"
            $Combine -join ";" >> $PathtoCSV

No comments:

Post a Comment