Share Permissions

TheMSsForum.com: The Microsoft Software Forum

Hi,

I am working on a script, which will list all shares on a
given computer and the permissions for each share. I
would then remove the Everyone permissions if there is
one and replace it with something else. My problem is I
cannot figure out how to list the permissions. I can
enumerate computers and list shares, but how to you list
the permissions for each share?

Thanks,

Scott
Top

Re: Share Permissions by Chris

Chris
Fri Aug 22 19:15:25 CDT 2003

I have used the following, however I haven't figured out what the different
values for ACCESSMASK equal.

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from
Win32_LogicalShareSecuritySetting",,48)
For Each objItem in colItems

strShareName = objItem.name

Set wmiFileSecSetting = GetObject
("winmgmts:Win32_LogicalShareSecuritySetting.name='" & strShareName & "'")

RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
If Err <> 0 Then
WScript.Echo "GetSecurityDescriptor failed on " & strShareName & VBCRLF
& Err.Number & VBCRLF & Err.Description
Else
WScript.Echo "GetSecurityDescriptor suceeded for " & strShareName
End If

' Retrieve the DACL array of Win32_ACE objects.
DACL = wmiSecurityDescriptor.DACL

For each wmiAce in DACL

WScript.Echo "-----------------------"
WScript.Echo "Found ACE"
WScript.Echo "-----------------------"
wscript.echo "Access Mask: " & wmiAce.AccessMask
wscript.echo "ACE Type: " & wmiAce.AceType

' Get Win32_Trustee object from ACE
Set Trustee = wmiAce.Trustee
wscript.echo "Trustee Domain: " & Trustee.Domain
wscript.echo "Trustee Name: " & Trustee.Name

' Get SID as array from Trustee
SID = Trustee.SID

For i = 0 To UBound(SID) - 1
strsid = strsid & SID(i) & ","
Next
strsid = strsid & SID(i)
wscript.echo "Trustee SID: {" & strsid & "}"

Next
WScript.Echo
"===========================================================================
"
Next


Chris
"Scott Anderson" <andersos@plk.af.mil> wrote in message
news:043e01c368ee$7944e810$a301280a@phx.gbl...
> Hi,
>
> I am working on a script, which will list all shares on a
> given computer and the permissions for each share. I
> would then remove the Everyone permissions if there is
> one and replace it with something else. My problem is I
> cannot figure out how to list the permissions. I can
> enumerate computers and list shares, but how to you list
> the permissions for each share?
>
> Thanks,
>
> Scott


Top

Re: Share Permissions by Scott

Scott
Tue Aug 26 12:59:34 CDT 2003

Hey Chris,

Thanks for the help, but I am having a little trouble
getting your script to run. It seems to work fine until I
get to this line:

Set wmiFileSecSetting = GetObject
("winmgmts:Win32_LogicalShareSecuritySetting.name='" &
strShareName & "'")

It seems that maybe the format of strShareName is wrong.
I have tired changing the format of strShareName and using
the line without the ".name", but "Get Security
Descriptor" alaways fails. Also if I comment out "On
Error Resume Next" the "Set wmiFileSecSetting..." line
above errors out with the following error.
C:\vb\Production VB\Untitled1.vbs(27, 2) (null): 0x80041002

Any additional help would be appreciated.

Thanks,

Scott

>-----Original Message-----
>I have used the following, however I haven't figured out
what the different
>values for ACCESSMASK equal.
>
>On Error Resume Next
>strComputer = "."
>Set objWMIService = GetObject("winmgmts:\\" & strComputer
& "\root\cimv2")
>Set colItems = objWMIService.ExecQuery("Select * from
>Win32_LogicalShareSecuritySetting",,48)
>For Each objItem in colItems
>
> strShareName = objItem.name
>
> Set wmiFileSecSetting = GetObject
>("winmgmts:Win32_LogicalShareSecuritySetting.name='" &
strShareName & "'")
>
> RetVal = wmiFileSecSetting.GetSecurityDescriptor
(wmiSecurityDescriptor)
> If Err <> 0 Then
> WScript.Echo "GetSecurityDescriptor failed on " &
strShareName & VBCRLF
>& Err.Number & VBCRLF & Err.Description
> Else
> WScript.Echo "GetSecurityDescriptor suceeded for " &
strShareName
> End If
>
> ' Retrieve the DACL array of Win32_ACE objects.
> DACL = wmiSecurityDescriptor.DACL
>
> For each wmiAce in DACL
>
> WScript.Echo "-----------------------"
> WScript.Echo "Found ACE"
> WScript.Echo "-----------------------"
> wscript.echo "Access Mask: " & wmiAce.AccessMask
> wscript.echo "ACE Type: " & wmiAce.AceType
>
> ' Get Win32_Trustee object from ACE
> Set Trustee = wmiAce.Trustee
> wscript.echo "Trustee Domain: " & Trustee.Domain
> wscript.echo "Trustee Name: " & Trustee.Name
>
> ' Get SID as array from Trustee
> SID = Trustee.SID
>
> For i = 0 To UBound(SID) - 1
> strsid = strsid & SID(i) & ","
> Next
> strsid = strsid & SID(i)
> wscript.echo "Trustee SID: {" & strsid & "}"
>
> Next
> WScript.Echo
>"=========================================================
==================
>"
>Next
>
>
>Chris
>"Scott Anderson" <andersos@plk.af.mil> wrote in message
>news:043e01c368ee$7944e810$a301280a@phx.gbl...
>> Hi,
>>
>> I am working on a script, which will list all shares on
a
>> given computer and the permissions for each share. I
>> would then remove the Everyone permissions if there is
>> one and replace it with something else. My problem is I
>> cannot figure out how to list the permissions. I can
>> enumerate computers and list shares, but how to you list
>> the permissions for each share?
>>
>> Thanks,
>>
>> Scott
>
>
>.
>
Top

Re: Share Permissions by John

John
Wed Sep 17 20:43:59 CDT 2003

I did some testing on=20
("winmgmts:Win32_LogicalShareSecuritySetting.name=3D'" &
strShareName & "'")

This will only work on a local share (i.e. C:\MyShare)=20
where strShareName=3D"MyShare". It doesn't work on a=20
Network Share (i.e. \\Dev1\MyShare). I'd love to know of=20
something that does.

John



>-----Original Message-----
>Scott Anderson wrote:
>> Hey Chris,
>>
>> Thanks for the help, but I am having a little trouble
>> getting your script to run. It seems to work fine=20
until I
>> get to this line:
>>
>> Set wmiFileSecSetting =3D GetObject
>> ("winmgmts:Win32_LogicalShareSecuritySetting.name=3D'" &
>> strShareName & "'")
>>
>> It seems that maybe the format of strShareName is=20
wrong.
>> I have tired changing the format of strShareName and=20
using
>> the line without the ".name", but "Get Security
>> Descriptor" alaways fails. Also if I comment out "On
>> Error Resume Next" the "Set wmiFileSecSetting..." line
>> above errors out with the following error.
>> C:\vb\Production VB\Untitled1.vbs(27, 2) (null):=20
0x80041002
>
>You're having a problem with the code wrapping in the=20
post.
>
>Here's a version of the line with the problem using=20
explicit line breaks,
>statement continuation ( _ ) and string concatenation (=20
& ).
>
>Set wmiFileSecSetting =3D _
> GetObject("winmgmts:" _ &
> & "Win32_LogicalShareSecuritySetting.name=3D'" _
> & strShareName & "'")
>
>
>
>--=20
>Michael Harris
>Microsoft.MVP.Scripting
>
>Windows 2000 Scripting Guide
>Microsoft=AE Windows=AE2000 Scripting Guide
>http://www.microsoft.com/technet/scriptcenter/scrguide/sa
gsas_overview.asp
>
>System Administration Scripting Guide - samples scripts
>http://www.microsoft.com/downloads/release.asp?
ReleaseID=3D38942
>
>WSH 5.6 documentation download
>http://www.microsoft.com/downloads/details.aspx?
FamilyId=3D01592C48-207D-4BE1-8A76-
1C4099D7BBB9&displaylang=3Den
>
>
>.
>
Top