Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Again : Enumerate Permission Set on Network Share

35 views
Skip to first unread message

Imhotep

unread,
Jul 12, 2002, 1:41:02 PM7/12/02
to
Hi Again,

Since my previous message, I try to use WMI to Get a list of Share Then to
Get List of Permissions.

I Wrote this sample Code that enumerate the Shares but I cannot continue.
Any Help or Advices or Code will be appreciated.

' Code Start

sDomainName = WScript.Arguments ( 0 )
sComputerName = WScript.Arguments ( 1 )
Set oWbemLocator = CreateObject ( "WbemScripting.SWbemLocator" )
Set oConnection = owbemLocator.ConnectServer ( sComputerName,
"root\cimv2", "Username", "Password", , "NTLMDOMAIN:" & sDomainName )
Set odShares = oConnection.ExecQuery ( "Select * from Win32_Share" )
For Each oShare in odShares
WScript.Echo
WScript.Echo "AccessMask : " & oShare.AccessMask
WScript.Echo "AllowMaximum : " & oShare.AllowMaximum
WScript.Echo "Caption : " & oShare.Caption
WScript.Echo "Description : " & oShare.Description
WScript.Echo "InstallDate : " & oShare.InstallDate
WScript.Echo "MaximumAllowed : " & oShare.MaximumAllowed
WScript.Echo "Name : " & oShare.Name
WScript.Echo "Path : " & oShare.Path
WScript.Echo "Status : " & oShare.Status
WScript.Echo "Type : " & oShare.Type
Next

' Code End

Thanks

\Imhotep


Torgeir Bakken

unread,
Jul 12, 2002, 11:38:38 PM7/12/02
to
Imhotep wrote:

> Hi Again,
>
> Since my previous message, I try to use WMI to Get a list of Share Then to
> Get List of Permissions.
>
> I Wrote this sample Code that enumerate the Shares but I cannot continue.
> Any Help or Advices or Code will be appreciated.

Hi

Here is a script that gets and parses the security descriptor for all local disk
drive shares (does not connect remote).

It is based on this script:

GetSecurityDescriptor Method in Class Win32_LogicalFileSecuritySetting.
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/getsecuritydescriptor_method_in_class_win32_logicalfilesecuritysetting.asp


Set oWMI = GetObject("winmgmts:")

' Get only Disk Drive shares
Set oShares = oWMI.ExecQuery("select Name from Win32_Share where Type=0")

For Each oShare In oShares

' Connect to WMI and get the share security object for the share
Set oShareSecSetting = GetObject( _
"winmgmts:Win32_LogicalShareSecuritySetting.Name='" & oShare.Name & "'")

' Use the Win32_LogicalShareSecuritySetting Caption property to create a
' simple header before dumping the discretionary access control list (DACL)
WScript.Echo oShareSecSetting.Caption

' Call the Win32_LogicalShareSecuritySetting GetSecurityDescriptor
' method to retrieve an instance of the Win32_SecurityDescriptor class
' for the target object. Note that this is achieved by passing an empty
' variable to GetSecurityDescriptor, which GetSecurityDescriptor in turn
' initializes with an instance of the Win32_SecurityDescriptor class
' that corresponds to the security descriptor for the target object.
iRC = oShareSecSetting.GetSecurityDescriptor(oSecurityDescriptor)

If iRC <> 0 Then
Select Case iRC
Case 2
WScript.Echo "You do not have access to the requested information"
Case 8
WScript.Echo "Unknown failure"
Case 9
WScript.Echo "You do not have adequate privileges"
Case 21
WScript.Echo "The specified parameter is invalid"
Case Else
WScript.Echo "Unknown error"
End Select
WScript.Quit
End If

' After the security descriptor is retrieved, you can use the properties
' provided by the Win32_SecurityDescriptor class to dissect the security
' descriptor's access control lists (DACL and SACL) and access
' control entries (ACEs).

' Retrieve the content of Win32_SecurityDescriptor DACL property.
' The DACL is an array of Win32_ACE objects.
aDACL = oSecurityDescriptor.DACL

For Each oAce In aDACL
WScript.Echo
WScript.Echo "Access Mask: " & oAce.AccessMask
WScript.Echo "ACE Type: " & oAce.AceType

' Get Win32_Trustee object from ACE
Set oTrustee = oAce.Trustee
WScript.Echo "Trustee Domain: " & oTrustee.Domain
WScript.Echo "Trustee Name: " & oTrustee.Name

' Get SID as array from Trustee
aSID = oTrustee.SID

For i = 0 To UBound(aSID) - 1
strsid = strsid & aSID(i) & ","
Next
strsid = strsid & aSID(i)
WScript.Echo "Trustee SID: {" & strsid & "}"
Next

--
torgeir


Torgeir Bakken

unread,
Jul 12, 2002, 11:58:45 PM7/12/02
to
Torgeir Bakken wrote:

> WScript.Echo "Trustee SID: {" & strsid & "}"
> Next

Oops. One missing Next at the bottom. This is correct:

WScript.Echo "Trustee SID: {" & strsid & "}"
Next

Next

--
torgeir


Imhotep

unread,
Jul 13, 2002, 5:01:39 AM7/13/02
to
Thanks Torgeir,

I will adapt this code for remote computer

Regards

\Imhotep

"Torgeir Bakken" <Torgeir.B...@hydro.com> a écrit dans le message de
news: 3D2FA0BE...@hydro.com...

0 new messages