1

Тема: List Share and Folder ACL's

'example values for AccessMask: 
' Read: 1179785
' Read/Write: 1180063
' Read/ReadExecute: 1179817
' Read/ReadExecute/Write: 1180095
' Read/ReadExecute/Modify/Write: 1245631
' FullControl: 2032127
 
On Error Resume Next
 
Dim colShares
Dim Folder
Dim Share
Dim DACL
Dim wmiAce
Dim Trustee
Dim wmiShare
Dim wmiShareSecSetting
Dim RetVal
Dim TheShareNameRetVal
Dim TheFolderNameRetVal
 
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Const ForReading = 1
strComputer = "10.123.36.150" 'Replace "Computer" with the name of the computer you want to work with.
 
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutputFile = objFSO.CreateTextFile (strComputer & "_Network_Share_Trustee2.csv", True)
Set objOutputFile2 = objFSO.CreateTextFile (strComputer & "_Network_Folder_Trustee2.csv", True)
Set objOutputFile3 = objFSO.CreateTextFile (strComputer & "_Network_Folder_Trustee-Junk2.csv", True)
 
objOutputFile.WriteLine ("ServerName;ShareName;Domain\Account;AccessMask;AccessType")
objOutputFile2.WriteLine ("ServerName;ShareName;Domain\Account;SharePath;AccessMask;AccessType")
 
' This part gets the Share security
Set wmiShareSecSetting = objWMIService.ExecQuery("Select * from Win32_LogicalShareSecuritySetting" , "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each wmiShare in wmiShareSecSetting
TheShareName = wmiShare.Name
Wscript.Echo "Getting ACL Settings for " & TheShareName
TheShareNameRetVal = wmiShare.GetSecurityDescriptor(TheShareName)
DACL = TheShareName.DACL
For Each wmiAce in DACL
Set Trustee = wmiAce.Trustee
objOutputFile.WriteLine (strComputer & ";" & wmiShare.Name & ";" & Trustee.Domain & "\" & Trustee.Name & ";" & wmiAce.AccessMask & ";" & wmiAce.AceType)
Next
Next
objOutputFile.Close
 
Set colShares = objWMIService.ExecQuery("Select Name,Type,Path from Win32_Share", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
' This part gets the Folder (NTSF) security
For Each Share In colShares
If Share.Type = 0 Then
ShareName = Share.Name
SharePath = Share.Path
Wscript.Echo " Getting Folder Settings : " & ShareName
Set Folder = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_LogicalFileSecuritySetting.path='" & SharePath & "'")
TheFolderNameRetVal = Folder.GetSecurityDescriptor(TheFolderName)
RetVal = Folder.GetSecurityDescriptor(TheFolderName)
DACL = TheFolderName.DACL
For Each wmiAce in DACL
Set Trustee = wmiAce.Trustee
If wmiAce.AccessMask > 0 AND wmiAce.AccessMask < 2032128 Then
objOutputFile2.WriteLine (strComputer & ";" & ShareName & ";" & _
       Trustee.Domain & "\" & Trustee.Name & ";" & SharePath & ";" & wmiAce.AccessMask & ";" & wmiAce.AceType)
Else
objOutputFile3.WriteLine (strComputer & ";" & ShareName & ";" & Trustee.Domain & "\" & Trustee.Name & ";" & SharePath & ";" & wmiAce.AccessMask & ";" & wmiAce.AceType)
End If
Next
End If
Next
 
objOutputFile2.Close
objOutputFile3.Close
 
MsgBox "Done Processing " & strComputer & ":" & (Chr(13)), 64, "Process Complete"