Using PowerShell to get Share and NTFS permissions

I am teaching a class this week at Benchmark Learning and had a great student question. “How do I get share permissions AND NTFS permissions” Well, look no further. The Get-SharePermission function was found here: http://social.technet.microsoft.com/Forums/en-ZA/ITCG/thread/64cabd85-7170-4678-96b5-2c516cc3b772

function Get-SharePermission
	{
  Param($Server = $env:COMPUTERNAME)
  $ShareSecurity = Get-WmiObject win32_LogicalShareSecuritySetting -ComputerName $Server   
  foreach($Share in $ShareSecurity)
  	{
   	$sharenames = $Share.Name
   	$ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
   	foreach($ACL in $ACLS)
    	{
    	$User = $ACL.Trustee.Name
    	switch ($ACL.AccessMask)
     		{
     		2032127   {$Perm = “Full Control”}
     		1245631   {$Perm = “Change”}
     		1179817   {$Perm = “Read”}
     		}
    	$myObj = “” |Select-Object ShareName,User,Permission, NTFS_User, NTFS_Rights
    	$myObj.ShareName = $sharenames
    	$myObj.User = $User
    	$myObj.Permission = $Perm
    	$myObj     
    	}
   	}
 }
 
 # Usage
 #$servers = “DC1″
 #Get-SharePermission -Server $servers
 #Get-SharePermission -Server $servers | where {$_.User -eq “everyone”}
 #$sharename = foreach ($i in Get-SharePermission -Server $servers | where {$_.User -eq “everyone”}) {$i.sharename}
 #foreach ($i in $sharename) {Get-Acl \\$Servers\$i | fl}
 #foreach ($i in $sharename) {Get-Acl \\$Servers\$i |fl @{Label=”Path”; Expression={$_.Path.substring(38)}}, owner, group, accesstostring}

Leave a Reply

Your email address will not be published. Required fields are marked *