Comments on: Reading share security with PowerShell http://www.indented.co.uk/index.php/2009/02/20/reading-share-security-with-powershell/ Thu, 09 Sep 2010 08:18:42 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Justin McAlister http://www.indented.co.uk/index.php/2009/02/20/reading-share-security-with-powershell/comment-page-1/#comment-279 Justin McAlister Mon, 26 Apr 2010 19:37:51 +0000 http://www.highorbit.co.uk/?p=972#comment-279 Got it! Thank you very much. Got it! Thank you very much.

]]> By: Chris http://www.indented.co.uk/index.php/2009/02/20/reading-share-security-with-powershell/comment-page-1/#comment-278 Chris Mon, 26 Apr 2010 19:24:19 +0000 http://www.highorbit.co.uk/?p=972#comment-278 My function cheats a little, passing the values from the ACE into the constructor for Security.AccessControl.FileSystemAccessRule. You're spot on with the access mask value behaviour. To finish it off you need to read the AceType, that'll tell you if it's Allow or Deny. Chris My function cheats a little, passing the values from the ACE into the constructor for Security.AccessControl.FileSystemAccessRule. You’re spot on with the access mask value behaviour. To finish it off you need to read the AceType, that’ll tell you if it’s Allow or Deny.

Chris

]]> By: Justin McAlister http://www.indented.co.uk/index.php/2009/02/20/reading-share-security-with-powershell/comment-page-1/#comment-277 Justin McAlister Mon, 26 Apr 2010 19:13:43 +0000 http://www.highorbit.co.uk/?p=972#comment-277 Hi Chris, I have been trying to do something similar, and was wondering if you came up with the same results. So with share level permissions there are really only 3 levels of access granting Read, Change, and Full Control. So I put this together and it reports against those 3 without any issues: [code lang="ps"] (GWMI Win32_LogicalShareSecuritySetting -Computer SERVERNAME).GetSecurityDescriptor().Descriptor.DACL | Select ` @{N="Account Name";E={ If($_.Trustee.Domain -eq $null){$_.Trustee.Name} Else{$_.Trustee.Domain + "\" + $_.Trustee.Name} }}, ` @{N="Share Permissions";E={ Switch($_.AccessMask){ 2032127 {$strSharePerm = "Full Control"} 1179817 {$strSharePerm = "Read"} 1245631 {$strSharePerm = "Change"} Default {$strSharePerm = "Unknown"} } $strSharePerm }} [/code] Please excuse the ugly formatting, and I am sure there is a far better way to do it, but my issue is with implicitly denied share permissions. The .AccessMask property value for allow full control appears to be the same as deny full control. Same with read and change. Now it's a rare case where I come acrossed deny share permissions, but it's possible. I was wondering if you has the same issue with your function. This is omnipower321 from EE by the way. You have answered a ton of my questions, and I am a fan of your site. Hi Chris,

I have been trying to do something similar, and was wondering if you came up with the same results. So with share level permissions there are really only 3 levels of access granting Read, Change, and Full Control. So I put this together and it reports against those 3 without any issues:

(GWMI Win32_LogicalShareSecuritySetting -Computer SERVERNAME).GetSecurityDescriptor().Descriptor.DACL | Select `
	@{N="Account Name";E={
		If($_.Trustee.Domain -eq $null){$_.Trustee.Name}
		Else{$_.Trustee.Domain + "\" + $_.Trustee.Name}
	}}, `
	@{N="Share Permissions";E={
		Switch($_.AccessMask){
			2032127 {$strSharePerm = "Full Control"}
			1179817 {$strSharePerm = "Read"}
			1245631 {$strSharePerm = "Change"}
			Default {$strSharePerm = "Unknown"}
		}
		$strSharePerm
	}}

Please excuse the ugly formatting, and I am sure there is a far better way to do it, but my issue is with implicitly denied share permissions. The .AccessMask property value for allow full control appears to be the same as deny full control. Same with read and change. Now it’s a rare case where I come acrossed deny share permissions, but it’s possible.

I was wondering if you has the same issue with your function. This is omnipower321 from EE by the way. You have answered a ton of my questions, and I am a fan of your site.

]]> By: Kleine Tipps für Zwischendurch (Teil 13) – Umgang mit UNC-Pfaden « Peter’s PowerShell Blog (German only) http://www.indented.co.uk/index.php/2009/02/20/reading-share-security-with-powershell/comment-page-1/#comment-40 Kleine Tipps für Zwischendurch (Teil 13) – Umgang mit UNC-Pfaden « Peter’s PowerShell Blog (German only) Fri, 22 May 2009 12:28:59 +0000 http://www.highorbit.co.uk/?p=972#comment-40 [...] Wie sich per WMI und der Win32_LogicalShareSecuritySetting-Klasse die Freigabeberechtigungen auslesen lassen, verrät ein interessanter Blog-Eintrag. [...] [...] Wie sich per WMI und der Win32_LogicalShareSecuritySetting-Klasse die Freigabeberechtigungen auslesen lassen, verrät ein interessanter Blog-Eintrag. [...]

]]>