I am teaching a class this week at Benchmark Learning and had a great student question. “How do I get share permissions AND NTFS permissions” Well, look no further. The Get-SharePermission function was found here: http://social.technet.microsoft.com/Forums/en-ZA/ITCG/thread/64cabd85-7170-4678-96b5-2c516cc3b772
function Get-SharePermission
{
Param($Server = $env:COMPUTERNAME)
$ShareSecurity = Get-WmiObject win32_LogicalShareSecuritySetting -ComputerName $Server
foreach($Share in $ShareSecurity)
{
$sharenames = $Share.Name
$ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
foreach($ACL in $ACLS)
{
$User = $ACL.Trustee.Name
switch ($ACL.AccessMask)
{
2032127 {$Perm = “Full Control”}
1245631 {$Perm = “Change”}
1179817 {$Perm = “Read”}
}
$myObj = “” |Select-Object ShareName,User,Permission, NTFS_User, NTFS_Rights
$myObj.ShareName = $sharenames
$myObj.User = $User
$myObj.Permission = $Perm
$myObj
}
}
}
# Usage
#$servers = “DC1″
#Get-SharePermission -Server $servers
#Get-SharePermission -Server $servers | where {$_.User -eq “everyone”}
#$sharename = foreach ($i in Get-SharePermission -Server $servers | where {$_.User -eq “everyone”}) {$i.sharename}
#foreach ($i in $sharename) {Get-Acl \\$Servers\$i | fl}
#foreach ($i in $sharename) {Get-Acl \\$Servers\$i |fl @{Label=”Path”; Expression={$_.Path.substring(38)}}, owner, group, accesstostring}