Get-Share Permissions

This little script will enumerate all the shares on a computer, and list the share-level permissions for each share.  It uses WMI to retrieve the shares, and to list the permissions.  Thanks to Michal Gadja for his input (via the Library).

 
 
 
 
 
3.8 Star
(27)
35,438 times
Add to favorites
Storage
9/10/2012
E-mail Twitter del.icio.us Digg Facebook
  • Getting an error when running the script
    1 Posts | Last post October 08, 2014
    • Hi Bigteddy, Im a new guy on powershell, and I need to obtain the NTFS permissions for each share on a remote server (sorted by share), I ran the script but Im getting the following error for each share
      
      ----------------------------------
      Get-WmiObject : Invalid query 
      At C:\Temp\Scripts\Get-SharePermissions.ps1:49 char:33
      +     $objShareSec = Get-WMIObject <<<<  -Class Win32_LogicalShareSecuritySetting -Filter "name='$Share'"  -ComputerName $computer
          + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
          + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
      -----------------------------------------------------------------------------
      
      I also tested that specific function for a share on the localhost and I got the same error
      -------------------------------------------------------------------------
      PS C:\> Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter "name='\\localhost\share'"  -ComputerName localhost
      Get-WmiObject : Invalid query
      At line:1 char:14
      + Get-WMIObject <<<<  -Class Win32_LogicalShareSecuritySetting -Filter "name='\\localhost\share'"  -ComputerName localhost
          + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], Managemen
         tException
          + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.C
         ommands.GetWmiObjectCommand 
      ----------------------------------------
      
      Any help will be really appreciated, thank you!
  • Remote Share
    5 Posts | Last post July 16, 2014
    • Hi
      
      How can we use your script when we need share permissions from remote shares
    • I have updated the script to allow querying of remote computers.  This was a fairly easy modification.
      
      Let me know how you go with the new version.
    • where to add the server name and share name in the script?
      How to run it? Just open up Powershell and copy /paste to run it?
    • Awesome, it work exactly as i was looking for.
      
      Thanks you so much Bigteddy.
    • Awesome, it work exactly as i was looking for.
      
      Thanks you so much Bigteddy.
  • Is this script signed?
    1 Posts | Last post March 06, 2014
    • I've downloaded it and tried running it, but PS won't let me run it at all, because it claims the script isn't signed. I've changed changing my execution policy, but that fails as well. I think it's likely that this is set by a GPO somewhere. So, is this script signed and if so, where can I get the certificate, please?
  • Pipe glitch
    1 Posts | Last post December 02, 2013
    • If you pipe the results to a text file, the "headers" for each share do not get sent to the piped text file. Just the permissions.
      I'm not a PS expert. So I'm not even going to try to fix it. :-)
  • Can't get Input file to work
    3 Posts | Last post October 09, 2013
    • Hi,  
      While I get a perfect result with;
      'computer1' | .\Get-SharePermissions.ps1
      Using an input file to deliver computer names fails. Is it format/syntax of input file?
      I have created a file containing just 1 computer name for simplicity but obviously more are intended (syntax? return, comma, semi-colon between items?) but, a file called computernames.txt containing just the text;
      computer1
      or;
      'computer1'
      with no other characters, saved in the same folder as the ps1 file, and using the command
      Get-Content 'computerlist.txt' | .\Get-SharePermissions.ps1
      or
      Get-Content computerlist.txt | .\Get-SharePermissions.ps1
      all permutations fail with the below error;
      PS E:\PowerShell> Get-Content 'computerlist.txt' | .\Get-SharePermissions.ps1
      Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argum
      ent is null or empty. Supply an argument that is not null or empty and then try
       the command again.
      At E:\PowerShell\Get-SharePermissions.ps1:40 char:48
      + $shares = gwmi -Class win32_share -ComputerName <<<<  $computer | select -Exp
      andProperty Name
          + CategoryInfo          : InvalidData: (:) [Get-WmiObject], ParameterBindi
         ngValidationException
          + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Power
         Shell.Commands.GetWmiObjectCommand
      
      Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argum
      ent is null or empty. Supply an argument that is not null or empty and then try
       the command again.
      At E:\PowerShell\Get-SharePermissions.ps1:46 char:113
      +     $objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Fi
      lter "name='$Share'"  -ComputerName <<<<  $computer
          + CategoryInfo          : InvalidData: (:) [Get-WmiObject], ParameterBindi
         ngValidationException
          + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Power
         Shell.Commands.GetWmiObjectCommand
      
      Unable to obtain permissions for
      ==
    • typo in question, file is called computerlist.txt,  NOT computernames.txt.
      That's NOT the problem!!!
      Thanks.
    • Solved by making changes to script to handle input and output files, but makes input file mandatory;
      <# 
      .SYNOPSIS 
      This script will list all shares on a computer, and list all the share permissions for each share. 
      .DESCRIPTION 
      The script will take a list all shares on a local or remote computer. 
      .INPUTS 
      Only works with Input File which should be called computernames.txt
      and contain list of computer names separated by return characters 
      .OUTPUTS 
      Produces an array object for each share found. ALL output goes to default output path.
      .EXAMPLE 
      C:\PS> .\Get-SharePermissions | Out-File 'SharePermissions.txt' 
      .EXAMPLE 
      Get-Help .\Get-SharePermissions -Full 
      #> 
      # Written by BigTeddy November 15, 2011 
      # Last updated 9 September 2012
      # Updated by Ben Sharrock and James Al-Khatib 9 October 2013 to handle input and output files correctly
      # Ver. 2.0 
      # Thanks to Michal Gajda for input with the ACE handling. 
      # [cmdletbinding()] 
      $computers=get-content 'computerlist.txt'
      foreach ($computer in $computers)
      { 
      # param([Parameter(ValueFromPipeline=$True, 
      # ValueFromPipelineByPropertyName=$True)]$Computer = '.') 
      
      $shares = gwmi -Class win32_share -ComputerName $computer | select -ExpandProperty Name 
      
      $(' ')
      $('=' * 20)
      $computer
      $('=' * 20)
      foreach ($share in $shares) { 
       $acl = $null 
       $share 
       $('-' * $share.Length) 
       $objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter "name='$Share'" -ComputerName $computer 
       try { 
       $SD = $objShareSec.GetSecurityDescriptor().Descriptor 
       foreach($ace in $SD.DACL){ 
       $UserName = $ace.Trustee.Name 
       If ($ace.Trustee.Domain -ne $Null) {$UserName = "$($ace.Trustee.Domain)\$UserName"} 
       If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString } 
       [Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType) 
       } #end foreach ACE 
       } # end try 
       catch 
       { "Unable to obtain permissions for $share" } 
       $ACL 
       $('=' * 50) 
       } # end foreach $share
      }
  • Can you fix teh output. It is not very useful as is.
    1 Posts | Last post May 28, 2013
    • jrv
      Grant. Hi - can you fix the output of this script.  It works well but should output usable objects.
      
  • get-share permissions from server with tens of thousands of shares
    1 Posts | Last post March 11, 2013
    • This script works fine on a server with a few hundred shares.  I have one that I must manage that has 22,000 shares.  Getting the information alone takes impossibly long - and I need to change share permissions remotely.  This is quickly done on the server itself, using subinacl.  Is there any way at all to do this remotely in a reasonable time on a server with that many shares?
      
      jj
11 - 17 of 17 Items