Lists all the shared folder permissions or NTFS permissions (PowerShell)

This PowerShell script illustrates how to list all the shared folder permissions and NTFS permissions.

 
 
 
 
 
3.9 Star
(50)
64,659 times
Add to favorites
Security
1/14/2014
E-mail Twitter del.icio.us Digg Facebook
  • Getting ComputerName from a CSV list
    2 Posts | Last post February 15, 2018
    • How can I have the script use a CSV list to iterate through to get computer names from it?
    • Use the command Export-Csv.
      Example:
      c:\Script\ListAllSharedFolderPermission.ps1 -ComputerName "IL-LBD-WSUS" | Export-Csv -Path "data.csv"
  • Running this script
    1 Posts | Last post December 08, 2016
    • To List directory NTFS permissions
      .\ListAllSharedFolderPermission.ps1 -computername <computername> -NTFSPermission 
      To List Share NTFS permissions
      .\ListAllSharedFolderPermission.ps1 -computername <computername>
  • Misreporting Share Perms
    5 Posts | Last post December 06, 2016
    • I run this against a specific server on my network, and here is a snippet of the output:
      
      ComputerName      : abc
      ConnectionStatus  : Success
      SharedFolderName  : MiscApps
      SecurityPrincipal : Domain1\G_DSV-Apps-Admin
      FileSystemRights  : FullControl
      AccessControlType : AccessAllowed
      
      ComputerName      : abc
      ConnectionStatus  : Success
      SharedFolderName  : MiscApps
      SecurityPrincipal : Domain1\G_DSV-Apps-Admin
      FileSystemRights  : FullControl
      AccessControlType : AccessAllowed
      
      Notice that the same Principal is repeated twice.  What it should be:
      
      ComputerName      : abc
      ConnectionStatus  : Success
      SharedFolderName  : MiscApps
      SecurityPrincipal : Domain1\G_DSV-Apps-Admin
      FileSystemRights  : FullControl
      AccessControlType : AccessAllowed
      
      ComputerName      : abc
      ConnectionStatus  : Success
      SharedFolderName  : MiscApps
      SecurityPrincipal : Domain2\Apps-Admin
      FileSystemRights  : FullControl
      AccessControlType : AccessAllowed
      
      Similar, but not identical, group names from different domains.  I have double-checked the share permissions, and those list as 'should be' above are correct.
    • More info - this appears to be an issue with Windows 2012.  I modified the script to display the SID of the group, and the SID correctly indicates that the group is in Domain2, but still shows the SecurityPrincipal as Domain1\<different group name>.
      
      I created a new share and only added my ID, which is in Domain1, another group which is in Domain2, and the problem group from Domain2.  My ID and the other Domain2 group are properly identified; the problem group from Domain2 is still tagged as being from Domain1.  Doesn't matter whether I run the script locally or remotely.
      
      I have an older 2003 server with similar setup, and the script correctly reports the share ACLs on it.
    • I have the same problem in multiple servers. Did you already solve this question ?
    • If using 2012 or higher the built in cmdlets get-SMBShare and Get-SMBAccess should be used
    • Get-SmbShareAccess
  • I have got the following error
    4 Posts | Last post December 06, 2016
    • I have got the following error after ran this command PS C:\ListAllSharedFolderPermission> .\ListAllSharedFolderPermission.ps1 Get-OSCFolderPermission -ComputerName "file
      srv resource name" -Credential $cre
      
      C:\ListAllSharedFolderPermission\ListAllSharedFolderPermission.ps1 : A positional parameter cannot be found that
      accepts argument 'Get-OSCFolderPermission'.
      At line:1 char:1
      + .\ListAllSharedFolderPermission.ps1 Get-OSCFolderPermission -Computer ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [ListAllSharedFolderPermission.ps1], ParameterBindingException
          + FullyQualifiedErrorId : PositionalParameterNotFound,ListAllSharedFolderPermission.ps1
    • You need to load the module first, then call the function you want.
      
      PS C:> Import-Module <pathToFile>\ListAllSharedFolderPermission.psm1
      PS C:> Get-Command -Module ListAllSharedFolderPermission
      
      CommandType Name                           ModuleName
      ----------- ----                           ----------
      Function    Get-OSCSharedFolderPermission  ListAllSharedFolderPermission
      Function    Get-SharedFolderNTFSPermission ListAllSharedFolderPermission
      Function    Get-SharedFolderPermission     ListAllSharedFolderPermission
      
      PS C:> Get-OSCSharedFolderPermission -ComputerName MyComputer
      
    • Where can you download the ListAllSharedFolderPermssion.psm1? It is not in the download file and I can't google the .psm1???
    • To List directory NTFS permissions
      .\ListAllSharedFolderPermission.ps1 -computername <computername> -NTFSPermission 
      To List Share NTFS permissions
      .\ListAllSharedFolderPermission.ps1 -computername <computername>
      
      
  • License
    1 Posts | Last post September 05, 2016
    • Is it possible to have this available under a more permissive license (MIT or Apache 2 perhaps), so other could contribute to this? Missing a GroupBy format.ps1xml, would make things really nice. :) As it is now, I can't add this and share it. 
  • Can't get OSCFolderPermission module to work
    1 Posts | Last post August 21, 2015
    • Hey All,  for some reason I can't get the OSCFolderPermission module to work....  Forgive my ignorance as I am a newbie at powershell.  The error I get is as follows:  Get-OSCFolderPermission : The term 'Get-OSCFolderPermission' is not recognized as the name of a 
      cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was 
      included, verify that the path is correct and try again.
      At line:1 char:1
      + Get-OSCFolderPermission -NTFSPermission
      + ~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (Get-OSCFolderPermission:String) [], CommandNotFoundEx 
         ception
          + FullyQualifiedErrorId : CommandNotFoundException
      
      Also, if I run the entire script, it gives me the expected output except for the fact that it doesn't show any of the shared folder names.  Example below:
      
      ComputerName      : GOVS015WEBDEV
      ConnectionStatus  : Success
      SharedFolderName  : 
      SecurityPrincipal : BUILTIN\Administrators
      FileSystemRights  : FullControl
      AccessControlType : AccessAllowed
      
      Thanks in advance for the help
      Jeff
  • Minor Spelling Error
    1 Posts | Last post April 22, 2015
    • Line 208
      'AccessControlFalgs' = "Not Available"}
      
      Should be 'AccessControlFlags'
      
      Other than that great script, planning on using some of the functions to build a share/NTFS permissions HTML report. Thanks!
  • $ in path
    1 Posts | Last post February 24, 2015
    • I find that if the path contains a $ it fails getting the NTFS permissions
      
      If I replace the line,
      $SharedFolderPath = [regex]::Escape($SharedFolder.Path)
      
      with
      $SharedFolderPath = $SharedFolder.Path -Replace "\\", "\\"
      
      It seems to fix it.  The original line changes D:\apps$ to D:\\apps\$ which fails on the $SharedNTFSSecs = Get-WmiObject line but D:\\apps$ works
  • Group name is not getting
    2 Posts | Last post February 24, 2015
    • Will this script give group name if AD Group has permission on shared folder 
    • Yes
  • Doesn't list all shares
    1 Posts | Last post March 11, 2014
    • I ran it and it appeared to work...even with piping the output to Format-table (ah, the beauty of PowerShell)...but then I realised it wasn't listing all the shares.
      
      If I take a share that isn't being listed by this script and make a change to that share's Share permissions, and then I run the script again the share then gets listed in the script's output.
      
      What prompted me to find this script was that I suspected some share permissions were corrupted...but it seems that if said permissions are corrupt then it's not listing the share at all.
1 - 10 of 16 Items