Powershell - Network Share Permissions CSV



  • This script will generate a list of all network shares and their permissions. Useful for annual permission auditing.

    <#
    		   .SYNOPSIS 
    		   This script will list all shares on a computer, and list all the share permissions for each share.
    
    		   .DESCRIPTION
    		   The script will take a list all shares on a local or remote computer.
    	
    		   .PARAMETER Computer
    		   Specifies the computer or array of computers to process
    
    		   .INPUTS
    		   Get-SharePermissions accepts pipeline of computer name(s)
    
    		   .OUTPUTS
    		   Produces an array object for each share found.
    
    		   .EXAMPLE
    		   C:\PS> .\Get-SharePermissions # Operates against local computer.
    
    		   .EXAMPLE
    		   C:\PS> 'computerName' | .\Get-SharePermissions
    
    		   .EXAMPLE
    		   C:\PS> Get-Content 'computerlist.txt' | .\Get-SharePermissions | Out-File 'SharePermissions.txt'
    
    		   .EXAMPLE
    		   Get-Help .\Get-SharePermissions -Full
    #>
    
    # Written by BigTeddy November 15, 2011
    # Last updated 9 September 2012 
    # Ver. 2.0 
    # Thanks to Michal Gajda for input with the ACE handling.
     
    [cmdletbinding()]
    
    param([Parameter(ValueFromPipeline=$True,
    	ValueFromPipelineByPropertyName=$True)]$Computer = '.') 
    
    $shares = gwmi -Class win32_share -ComputerName $computer | select -ExpandProperty Name 
     
    foreach ($share in $shares) { 
    	$acl = $null 
    	Write-Host $share -ForegroundColor Green 
    	Write-Host $('-' * $share.Length) -ForegroundColor Green 
    	$objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter "name='$Share'"  -ComputerName $computer
    	try { 
    		$SD = $objShareSec.GetSecurityDescriptor().Descriptor   
    		foreach($ace in $SD.DACL){  
    			$UserName = $ace.Trustee.Name     
    			If ($ace.Trustee.Domain -ne $Null) {$UserName = "$($ace.Trustee.Domain)\$UserName"}   
    			If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }     
    			[Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType) 
    			} #end foreach ACE           
    		} # end try 
    	catch 
    		{ Write-Host "Unable to obtain permissions for $share" } 
    	$ACL 
    	Write-Host $('=' * 50) 
    	} # end foreach $share