View a Share Permission

Recently, I am being asked to come out with a script to read a share permissions and this can be achieved thru scripting with WMI…..:D

Below is a sample code to read permissions from a share folder named “Share$” from a computer called “ABC-D-1234”.
Dim strComputer
Dim strShareName

strComputer = “ABC-D-1234”
strShareName = “Share$”
ViewSharePermission strComputer, strShareName

Sub ViewSharePermission(vComputer, vShareName)
    Dim objWMIService  
    Dim objFolderSecSetting
    Dim objSecDescriptor
    Dim intRetVal
    Dim arrDACL
    Dim objACE
    Dim objTrustee
    On Error Resume Next

    ‘// Get Security Descriptor  
    Set objWMIService = GetObject(“winmgmts:\\” & vComputer & “\root\cimv2”)
    If Err <> 0 Then
        Wscript.Echo “Connect to ” & vComputer & ” failed.”
        Exit Sub
    End If

    Set objFolderSecSetting = objWMIService.Get(”Win32_LogicalShareSecuritySetting.Name=’” & vShareName & “‘”)
    intRetVal = objFolderSecSetting.GetSecurityDescriptor(objSecDescriptor)

    If IsNull(objSecDescriptor.DACL) Then
        ‘// Note: A NULL DACL gives full access to everyone, which is a serious security risk
        CreateReport “Share Permission,” & vShareName & “,” & “Everyone” & “,” & “Full Control”
        arrDACL = objSecDescriptor.DACL ‘// Get DACL (an array of Win32_ACE objects)
        For Each objACE In arrDACL
     Set objTrustee = objACE.Trustee
            Wscript.Echo objTrustee.Name & “: ” & GetShareAccessMaskStr(objACE.AccessMask)
    End If

    Set objFolderSecSetting = Nothing
    Set objWMIService = Nothing
End Sub

Function GetShareAccessMaskStr(vAccessMaskVal)
    Dim strTemp

    Select Case vAccessMaskVal
        Case 2032127:  strTemp = “Full Control”
        Case 1245631:  strTemp = “Change”
        Case 1179817:  strTemp = “Read”   
        Case Else: strTemp = “Access Mask ” & vAccessMaskVal
    End Select 
    GetShareAccessMaskStr = strTemp
End Function


About this entry