Windows Shares - Exporting Users

VeNT · 6 Feb 2011 at 19:17

Hey guys, I need to export a list of users/groups that have access to a few shares and I don't for the life of my know how/if I can
google fu is failing me too.
I either need effective rights to a folder ie who can do what to
\\server1\share2\subfolder3\
or just who has access to
\\server1\share2\

I can see the list in the properties or in the computer management console but can't copy/paste or see an export this option!

help!

ns400r · 6 Feb 2011 at 21:22

This sort of thing?
http://support.microsoft.com/kb/125996

chaosophy · 6 Feb 2011 at 21:44

Odd, I just wrote a bat file for someone at work to do pretty much the same thing. Don't have it with me here and can't access the forum from work but I'll try and remember to get a copy home and post it if I can.

But basically you gave it a list of servers in a text file which it read in then did...

wmic /node:{server} share list full
looked for 'Name=' and then split it to get the share name.
xcacls \\{server}\{share}
to get the ntfs rights. the guy also wanted first level of sub dirs as well, so did a
dir \\{server}\{share} /ad /b
to get a list of folders, then
xcacls \\{server}\{share}\{folder}
Also used an old NT4 reskit tool to get the share permissions.
rmtshare \\{server}\{share}

That's the basics of it, just wrapped in a couple of FOR loops. If it sounds like what you are after I'll try and get it posted up tomorrow.

The person who wanted this was only really worried about searching the output for the 'Everyone'/'Authenticated users' type groups to make sure no areas where unsecured. So it may be the output of rmtshare and xcacls aren't fit for your purpose. It depends what you ultimately want to do with the information. But they can easily be substituted with a number of other tools.

SiriusB · 6 Feb 2011 at 21:49

If you have access to Powershell I can probably throw together a small command/script for you. I did something similar not long ago. If you are interested I will dig it out.

VeNT · 6 Feb 2011 at 23:49

if you could that would be ace, I'm not sure I've currently got access but I can arrange it i think.

SiriusB · 7 Feb 2011 at 15:41

Powershell is a free download for XP, Vista and Servers 2003 and 2008. It is pre-installed on Windows 7 and Server 2008 R2.

I have the outlines of a function that can do what you need. Before I spend a lot of time on it, what are the chances you will use PS? If you can get PS and WinRM installed on all your servers, you can run the script against each server from the comfort of your own desk. [Powershell excels at remoting to other machines].

I will probably write this anyway, mostly for my own edification, but if I know you will give it a go I will start sooner rather than later!

Nanobot · 7 Feb 2011 at 20:26

Back in the NT days, you could use a command utility called RMTShare from the Resource Kit. I not sure what OS you are using but its worth a try.

VeNT · 7 Feb 2011 at 21:54

tbh I think the servers are NT4 but the workstations are XP, I can install it on the workstations but I don't think that anythings going to be installed on the servers (unless it already is) but I'll not be able to check till tuesday!

SiriusB · 7 Feb 2011 at 23:45

NT eh? Not sure Powershell can be installed on NT4 systems. Might have to go with earlier suggestions using batch scripts.

Still, I am half-way through so will post what I have, when it is done, on the off-chance it is useful to you elsewhere or someone else!

Nanobot · 8 Feb 2011 at 00:19

Yeah, you can run rmtshare from your workstation if you have admin rights to the server.

korbk · 8 Feb 2011 at 23:18

You could also use ShareEnum from Microsoft's SysInternals...

http://technet.microsoft.com/en-us/sysinternals/bb897442

An aspect of Windows NT/2000/XP network security that's often overlooked is file shares. A common security flaw occurs when users define file shares with lax security, allowing unauthorized users to see sensitive files. There are no built-in tools to list shares viewable on a network and their security settings, but ShareEnum fills the void and allows you to lock down file shares in your network.

VeNT · 9 Feb 2011 at 09:22

ok turns out this is ONE of the few 2k3 servers so Yes we have powershell!
WOOT!

VeNT · 14 Feb 2011 at 19:29

any luck?

SiriusB · 14 Feb 2011 at 20:16

Hi VeNT.

Sorry for the delay, I have been quite busy this last week. I will try and get something posted by tomorrow evening!

VeNT · 16 Feb 2011 at 14:26

ta dude, no rush
if u wanna email it then it's in trust!

VeNT · 10 Mar 2011 at 12:06

any luck with this dude?

SiriusB · 10 Mar 2011 at 13:07

I replied to your email mate. Will do my best to get you something today!

SiriusB · 12 Mar 2011 at 16:15

VeNT, I emailed you the script earlier today. Let me know if you have any problems with it.

It is quite a chunky email, but tried to keep it as concise as possible!

SiriusB · 9 Apr 2011 at 08:54

Hi VeNT, any news on that script?

Your silence is worrying. At this point I am assuming you ran the script and 3 servers all simultaneously exploded killing the office tea boy and Barbara from Accounts. You were duly dismissed and are now in custody awaiting your trial.

VeNT · 9 Apr 2011 at 10:19

hehe rather than bother with a trial they took my round the back of the building and made me dig my own grave...

nah, they couldn't run the script turns out that the server is NT4 not 2k3 as I was told!

the good thing is that it's prompting a project to move all the old NT4 shares across to our SAN or NOVELL based servers.
unless we move over to AD first.....