Audit Level Listing of Share Permissions

[netsj]

For SOX compliance, auditors are requesting a listing of all shares on all servers and associated user/group permissions. I have ShareEnum and Srvcheck, and throgh this I can develop a list of all shares on a server and associated permissions, but this does not show me administrative share permissions (such as C:\$ and IPC$, etc.). Writing a seperate script I can list all the shares on every server including admin shares, but not permissions. Combining the two is currently beyond my skillset.

In summary, I need a script that lists every share on every server in a domain, including administrative and hidden shares, and their associated group/user permissions.

Thank you in advance!

 

[PHV]

Do a google search for rmtshare

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[netsj]

I have RMTShare - it lists all shares but does not list associated permissions.

 

[PHV]

does not list associated permissions
sure it does ...

 

[netsj]

Ok - I must be missing something - rather than 'sure it does' how about an example of the proper syntax? I see how I can grant and remove permissions, but not list them.

so - rmtshare \\servername ???

Thank you!

 

[PHV]

First you grab the share names (ie you capture the output of rmtshare \\servername) and then for each share you grab the result of rmtshare \\servername\sharename

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[netsj]

Ok - I see what you're seeing now, thanks. Tying this into my other post, do you have a canned wrapper that will do the required nesting? I have the main command that runs this agains every server and gets the shares listed, but haven't figured out how to nest the second step that will pull the rmtshare permissions of each enumerated share.

This is the script I'm using for share enumeration:

'*************************************************************
' Script Witten by Larry Heintz
' March 2006

http://www.windowsadminscripts.com

' This script will reveal all user and hidden shares on a
' computer. It will show you the share name, share comment
' and share path. You will also have the option to run the
' script against a AD Domain or Work Group name. The script
' also saves the shares information into a comma delimited
' file.
'
' Script Usages:
' List Shares on Single PC: cscript shares.vbs /computer:[computername]
' List Shares on AD Domain/Work Group: cscript shares.vbs /adwg:[ad domain or workgroup name]
'*************************************************************
Dim objStdOut,args
Dim computername,adwg
Set args = Wscript.Arguments.Named
computername = args.Item("computer")
adwg = args.Item("adwg")
logpath = getLogPath()

if wscript.arguments.count = 0 then
wscript.echo "Script Usages:"
wscript.echo "List Shares on Single PC: cscript shares.vbs /computer:[computername]"
wscript.echo "List Shares on AD Domain/Work Group: cscript shares.vbs /adwg:[ad domain or workgroup name]"
elseif args.exists("computer") then
Call listShares(computername)
elseif args.exists("adwg") then
Call listSharesADWG(adwg)
end if

Function listShares(computername)
On Error Resume Next
Dim objshares,share
set objshares = GetObject("winmgmts:{impersonationLevel=impersonate}\\" & computername & "\root\cimv2").ExecQuery("SELECT * FROM Win32_Share")
wscript.echo "Shares for " & ucase(computername) & vbcrlf
wscript.echo "Name" & space(11) & "Comment" & space(13) & "Path"
wscript.echo "=====" & space(10) & "========" & space(12) & "====="
for each share in objshares
Call writeLog(computername,share.name,share.caption,share.path)
wscript.echo share.name & space(15-(len(share.name))) & share.caption & space(20-len(share.caption)) & share.path
next
set objshares = nothing
wscript.echo ""
End Function

Function listSharesADWG(adwg)
set container = getobject("WinNT://" & adwg)
container.filter = array("computer")
for each computer in container
listShares(computer.name)
next
set container = nothing
End Function

Function getLogPath()
Dim temp,temp2
temp = split(wscript.scriptfullname,"\")
for i = 0 to ubound(temp) - 1
temp2 = temp2 & temp(i) & "\"
next
getLogPath = temp2
End Function

Function writeLog(computername,sharename,sharecomment,sharepath)
Dim FSO,objFSOwriteline
Set FSO = CreateObject("Scripting.FileSystemObject")
Set objFSOwriteline = FSO.OpenTextFile(getLogPath() & "\shares.log", 8,True)
objFSOwriteline.WriteLine(computername & "," & sharename & "," & sharecomment & "," & sharepath)
objFSOwriteline.close
Set objFSOwriteline = nothing
Set FSO = nothing
End Function

Thanks again!

 

[PHV]

A starting point:
Set sh = CreateObject("WScript.Shell")
For Each share In objshares
sh.Run "rmtshare \\" & computername & "\" & share.name
Next

To grab the output of a command have a look at the WshScriptExec object.

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886