Windows Shares - Exporting Users

Soldato
Joined
9 Jan 2003
Posts
21,147
Location
Cornwall
Hey guys, I need to export a list of users/groups that have access to a few shares and I don't for the life of my know how/if I can
google fu is failing me too.
I either need effective rights to a folder ie who can do what to
\\server1\share2\subfolder3\
or just who has access to
\\server1\share2\

I can see the list in the properties or in the computer management console but can't copy/paste or see an export this option!

help!
 
Odd, I just wrote a bat file for someone at work to do pretty much the same thing. Don't have it with me here and can't access the forum from work but I'll try and remember to get a copy home and post it if I can.

But basically you gave it a list of servers in a text file which it read in then did...

wmic /node:{server} share list full
looked for 'Name=' and then split it to get the share name.
xcacls \\{server}\{share}
to get the ntfs rights. the guy also wanted first level of sub dirs as well, so did a
dir \\{server}\{share} /ad /b
to get a list of folders, then
xcacls \\{server}\{share}\{folder}
Also used an old NT4 reskit tool to get the share permissions.
rmtshare \\{server}\{share}


That's the basics of it, just wrapped in a couple of FOR loops. If it sounds like what you are after I'll try and get it posted up tomorrow.

The person who wanted this was only really worried about searching the output for the 'Everyone'/'Authenticated users' type groups to make sure no areas where unsecured. So it may be the output of rmtshare and xcacls aren't fit for your purpose. It depends what you ultimately want to do with the information. But they can easily be substituted with a number of other tools.
 
Last edited:
If you have access to Powershell I can probably throw together a small command/script for you. I did something similar not long ago. If you are interested I will dig it out.
 
if you could that would be ace, I'm not sure I've currently got access but I can arrange it i think.
 
Powershell is a free download for XP, Vista and Servers 2003 and 2008. It is pre-installed on Windows 7 and Server 2008 R2.

I have the outlines of a function that can do what you need. Before I spend a lot of time on it, what are the chances you will use PS? If you can get PS and WinRM installed on all your servers, you can run the script against each server from the comfort of your own desk. [Powershell excels at remoting to other machines].

I will probably write this anyway, mostly for my own edification, but if I know you will give it a go I will start sooner rather than later! :p
 
tbh I think the servers are NT4 but the workstations are XP, I can install it on the workstations but I don't think that anythings going to be installed on the servers (unless it already is) but I'll not be able to check till tuesday!
 
NT eh? Not sure Powershell can be installed on NT4 systems. Might have to go with earlier suggestions using batch scripts.

Still, I am half-way through so will post what I have, when it is done, on the off-chance it is useful to you elsewhere or someone else! :)
 
You could also use ShareEnum from Microsoft's SysInternals...

http://technet.microsoft.com/en-us/sysinternals/bb897442

An aspect of Windows NT/2000/XP network security that's often overlooked is file shares. A common security flaw occurs when users define file shares with lax security, allowing unauthorized users to see sensitive files. There are no built-in tools to list shares viewable on a network and their security settings, but ShareEnum fills the void and allows you to lock down file shares in your network.
 
Hi VeNT.

Sorry for the delay, I have been quite busy this last week. I will try and get something posted by tomorrow evening! :)
 
VeNT, I emailed you the script earlier today. Let me know if you have any problems with it. :)

It is quite a chunky email, but tried to keep it as concise as possible! :p
 
Hi VeNT, any news on that script?

Your silence is worrying. At this point I am assuming you ran the script and 3 servers all simultaneously exploded killing the office tea boy and Barbara from Accounts. You were duly dismissed and are now in custody awaiting your trial.
 
hehe rather than bother with a trial they took my round the back of the building and made me dig my own grave...

nah, they couldn't run the script turns out that the server is NT4 not 2k3 as I was told!

the good thing is that it's prompting a project to move all the old NT4 shares across to our SAN or NOVELL based servers.
unless we move over to AD first.....
 
Back
Top Bottom