We have various servers that have many directories shared. It's easy enough to look at the share browser to see what the "top level" shares are, but underneath is a jumbled mess of custom permissions, none of which is documented.
我们有各种服务器,共享许多目录。很容易看到共享浏览器,看看“*”共享是什么,但下面是混乱的自定义权限,没有记录。
I'd like to enumerate all the shares on the domain (definitely all the 'servers', local PCs would be nice) and then recurse down each one and report any deviation from the parent. If the child has the same permissions, no need to report that back.
我想列举域中的所有共享(绝对是所有'服务器',本地PC会很好)然后递减每一个并报告与父项的任何偏差。如果孩子具有相同的权限,则无需向后报告。
I'd prefer a simple script-y solution to writing a big C# app, but any method that works will do (even existing software).
我更喜欢一个简单的脚本解决方案来编写一个大的C#应用程序,但任何有效的方法都可以(甚至现有的软件)。
For example, I'd like to get:
例如,我想得到:
SERVER1\
\-- C: (EVERYONE: Total control, ADMINs, etc. etc.)
\-- (skip anything that is not the same as above)
\-- SuperSecretStuff (Everyone: NO access; Bob: Read access)
SERVER2\
\-- Stuff (some people)
etc.
2 个解决方案
#1
1
I know it isnt scripting, but have you tried ShareEnum? http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx and then export it out? You can also compare to older runs. I don't think there is a cmd line interface (which sucks), but it will get you the info you need
我知道它不是脚本,但你尝试过ShareEnum吗? http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx然后将其导出?您还可以与较旧的运行进行比较。我不认为有一个cmd行接口(很糟糕),但它会为您提供所需的信息
#2
1
This Powershell script accomplishes your goal.
这个Powershell脚本实现了您的目标。
As it is stated:
如上所述:
This little script will enumerate all the shares on a computer, and list the share-level permissions for each share. It uses WMI to retrieve the shares, and to list the permissions.
这个小脚本将枚举计算机上的所有共享,并列出每个共享的共享级权限。它使用WMI检索共享,并列出权限。
Note that this script lists share-level permissions, and not NTFS permissions.
请注意,此脚本列出了共享级权限,而不是NTFS权限。
It accepts a number of computers as its input, a single IP, or running it in the local system:
它接受许多计算机作为输入,单个IP或在本地系统中运行它:
.EXAMPLE
C:\PS> .\Get-SharePermissions # Operates against local computer.
.EXAMPLE
C:\PS> 'computerName' | .\Get-SharePermissions
.EXAMPLE
C:\PS> Get-Content 'computerlist.txt' | .\Get-SharePermissions | Out-File 'SharePermissions.txt'
#1
1
I know it isnt scripting, but have you tried ShareEnum? http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx and then export it out? You can also compare to older runs. I don't think there is a cmd line interface (which sucks), but it will get you the info you need
我知道它不是脚本,但你尝试过ShareEnum吗? http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx然后将其导出?您还可以与较旧的运行进行比较。我不认为有一个cmd行接口(很糟糕),但它会为您提供所需的信息
#2
1
This Powershell script accomplishes your goal.
这个Powershell脚本实现了您的目标。
As it is stated:
如上所述:
This little script will enumerate all the shares on a computer, and list the share-level permissions for each share. It uses WMI to retrieve the shares, and to list the permissions.
这个小脚本将枚举计算机上的所有共享,并列出每个共享的共享级权限。它使用WMI检索共享,并列出权限。
Note that this script lists share-level permissions, and not NTFS permissions.
请注意,此脚本列出了共享级权限,而不是NTFS权限。
It accepts a number of computers as its input, a single IP, or running it in the local system:
它接受许多计算机作为输入,单个IP或在本地系统中运行它:
.EXAMPLE
C:\PS> .\Get-SharePermissions # Operates against local computer.
.EXAMPLE
C:\PS> 'computerName' | .\Get-SharePermissions
.EXAMPLE
C:\PS> Get-Content 'computerlist.txt' | .\Get-SharePermissions | Out-File 'SharePermissions.txt'