I've been using the script below, found in many places on the web, to retrieve a list of permissions set on shares.
The problem with it is that it seems to not return all permission that i can see when using windows explorer to view the permissions on the share.
The contents of the $SecurityDescriptor.Descriptor.DACL seems to contain no more than 2 items, one being BUILTIN\Administrators and the other Everyone, despite as aforementioned more items being visible when using Explorer.
Can anyone help me out here, i just want to see an accurate list of permissions set on any share and not just half of them! Essentially it just seems that the contents of the DACL array after calling the GetSecurityDescriptor method on a particular share does not retrieve all that there is to retrieve.
Thanks
(this code is ripped out of a function that i wrote for it)
$ShareSec = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -ComputerName $computername
ForEach ($ShareS in ($ShareSec | Where {$_.Name -eq $sharename}))
{
$SecurityDescriptor = $ShareS.GetSecurityDescriptor()
$myCol = @()
ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL)
{
$myObj = "" | Select @{n="ShareName";e={$sharename}}, Domain, ID, AccessMask, AceType
$myObj.ShareName = $sharename
$myObj.Domain = $DACL.Trustee.Domain
$myObj.ID = $DACL.Trustee.Name
Switch ($DACL.AccessMask)
{
2032127 {$AccessMask = "FullControl"}
1179785 {$AccessMask = "Read"}
1180063 {$AccessMask = "Read, Write"}
1179817 {$AccessMask = "ReadAndExecute"}
-1610612736 {$AccessMask = "ReadAndExecuteExtended"}
1245631 {$AccessMask = "ReadAndExecute, Modify, Write"}
1180095 {$AccessMask = "ReadAndExecute, Write"}
268435456 {$AccessMask = "FullControl (Sub Only)"}
default {$AccessMask = $DACL.AccessMask}
}
$myObj.AccessMask = $AccessMask
Switch ($DACL.AceType)
{
0 {$AceType = "Allow"}
1 {$AceType = "Deny"}
2 {$AceType = "Audit"}
}
$myObj.AceType = $AceType
Clear-Variable AccessMask -ErrorAction SilentlyContinue
Clear-Variable AceType -ErrorAction SilentlyContinue
$myCol += $myObj
}
}
Return $myCol