/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" powershell (Monad) Home on computerperformance.co.uk "," PowerShell in Action "," PowerShell out-PropertyGrid (MSH view-Object) "," PowerShell AD site Finder "," PowerShell and SMS 2003 "," Upgrading MSH, My first Windows PowerShell Commands "," Some more Windows PowerShell Links and info. "," Windows PowerShell (Monad / MSH) "," Simple port scanning using Monad "," Large AD queries in Monad "," ")
Monday, May 01, 2006
PowerShell Export Shares and Security info to CSV
Inspired by this Newgroup Thread :Security and monad
(b.t.w. you can post your opinions on the new Newsgroup name, in the NG also )
and Going on from those 2 scripts I did before:
Replace Security on existing share using MSH
Get Binary SID in MSH (Share Security Update)
Exept for the small change in the Share example from MshObject to PsObject, those still work.
but this will add the listing of the Security on the share and exporting to CSV and I will also add Creating shares from the CSV file in the Next post.
First the getting of the Security Info on the share, it is not as easy as you might think, you can not get it from the win32_share object as you would expect, you need an other WMI class for this :
Win32_LogicalShareSecuritySetting
Ok, not that bad :
MowPS>gwmi Win32_LogicalShareSecuritySetting | fl [a-z]*
Caption : Security settings of mp3
ControlFlags : 32772
Description : Security settings of mp3
Name : mp3
SettingID :
Caption : Security settings of mp3
ControlFlags : 32772
Description : Security settings of mp3
Name : mp3
SettingID :
But hey, where is the security info ?
hmm, seems we are not there yet, we will need to invoke a method on this class to get to the info we need :
GetSecurityDescriptor()
we need to implement it like this :
$shareSec.invokeMethod('GetSecurityDescriptor',$null,$null)
See also the NewsgroupThread and this entry on MSDN : win32_logicalfilesecuritysetting
but if we look at what we get back :
MowPS>$SD = (gwmi Win32_LogicalShareSecuritySetting -filter "name='MP3'").invokeMethod('GetSecurityDescriptor',$null,$null)
MowPS>$SD | fl [a-z]*
Descriptor : System.Management.ManagementBaseObject
ReturnValue : 0
MowPS>$SD | fl [a-z]*
Descriptor : System.Management.ManagementBaseObject
ReturnValue : 0
Still no security info
but don't worry we are almost there (after the help I got from Jeffrey Snover with this in the NG tread, as I had found the second $null to add in the InvokeMethod, but was tricked in believing I just converted the returncode to a ManagementBaseObject.)
the answer was simple in the end (seeing the rest of the path that is ;-)
We just work our way down the Object from there :
MowPS>$SD.Descriptor | fl [a-z]*
ControlFlags : 32772
DACL : {System.Management.ManagementBaseObject}
Group :
Owner :
SACL :
MowPS>$SD.Descriptor.DACL | fl [a-z]*
AccessMask : 1179817
AceFlags : 0
AceType : 0
GuidInheritedObjectType :
GuidObjectType :
Trustee : System.Management.ManagementBaseObject
MowPS>$SD.Descriptor.DACL.trustee | fl [a-z]*
MowPS>$SD.Descriptor.DACL[0].trustee | fl [a-z]*
Domain : Computer
Name : Mow
SID : {1, 5, 0, 0...}
SidLength : 28
SIDString : S-1-5-xx-xxx-xxx-xxx-xxx
ControlFlags : 32772
DACL : {System.Management.ManagementBaseObject}
Group :
Owner :
SACL :
MowPS>$SD.Descriptor.DACL | fl [a-z]*
AccessMask : 1179817
AceFlags : 0
AceType : 0
GuidInheritedObjectType :
GuidObjectType :
Trustee : System.Management.ManagementBaseObject
MowPS>$SD.Descriptor.DACL.trustee | fl [a-z]*
MowPS>$SD.Descriptor.DACL[0].trustee | fl [a-z]*
Domain : Computer
Name : Mow
SID : {1, 5, 0, 0...}
SidLength : 28
SIDString : S-1-5-xx-xxx-xxx-xxx-xxx
* Note * I need the [0] as there could be more ACES in the DACL.
And now The First script almost the same as posted in the NG :
# ExportShares.ps1
# This script will export the existing Shares
# complete with securityInfo
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
$filename = 'ShareInfo.csv'
# get Shares (Type o is "Normal" shares)
$shares = gwmi Win32_Share -filter 'type=0'
# combine Shares with Security info
$Shareinfo = @()
foreach ($share in $shares) {
$shareSec = gwmi Win32_LogicalShareSecuritySetting -filter "name='$($share.name)'"
if($shareSec) {
$sd = $shareSec.invokeMethod('GetSecurityDescriptor',$null,$null)
$ShareInfo += $sd.Descriptor.DACL |% {
$_ | select @{e={$share.name};n='Name'},
@{e={$share.Path};n='Path'},
@{e={$share.Description};n='Description'},
AccessMask,
AceFlags,
AceType,
@{e={$_.trustee.Name};n='User'},
@{e={$_.trustee.Domain};n='Domain'},
@{e={$_.trustee.SIDString};n='SID'}
}
}Else{
$ShareInfo += $share | select Name,Path,Description
}
}
# Export them to CSV
$ShareInfo | select Name,Path,Description,User,Domain,SID,
AccessMask,AceFlags,AceType | export-csv -noType $filename
# This script will export the existing Shares
# complete with securityInfo
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
$filename = 'ShareInfo.csv'
# get Shares (Type o is "Normal" shares)
$shares = gwmi Win32_Share -filter 'type=0'
# combine Shares with Security info
$Shareinfo = @()
foreach ($share in $shares) {
$shareSec = gwmi Win32_LogicalShareSecuritySetting -filter "name='$($share.name)'"
if($shareSec) {
$sd = $shareSec.invokeMethod('GetSecurityDescriptor',$null,$null)
$ShareInfo += $sd.Descriptor.DACL |% {
$_ | select @{e={$share.name};n='Name'},
@{e={$share.Path};n='Path'},
@{e={$share.Description};n='Description'},
AccessMask,
AceFlags,
AceType,
@{e={$_.trustee.Name};n='User'},
@{e={$_.trustee.Domain};n='Domain'},
@{e={$_.trustee.SIDString};n='SID'}
}
}Else{
$ShareInfo += $share | select Name,Path,Description
}
}
# Export them to CSV
$ShareInfo | select Name,Path,Description,User,Domain,SID,
AccessMask,AceFlags,AceType | export-csv -noType $filename
First thing to note is the shares are filtered on type=) that will leave out the special shares like $IPC and C$ etc.
$shares = gwmi Win32_Share -filter 'type=0'
as you will not get back security info from those and I want to recreate the shares again later from the CSV export in next post I will filter them out.
(I still left an Else Case to export them also if the filter is removed)
then I first loop through the shares
next is the foreach loop trough the $SD collection to generate an PSObject with all the properties needed.
I also put the share info on each line to be able to put all lines in one file.
I use a select statement to combine the information, and to rename some properties.
I export only the Text version of the SID as it is easy to convert back to the binary from from PowerShell anyway when needed (see next post or "Get Binary SID in MSH" post mentioned before.
*Note that I can use the $share as I explicitly named it it the first foreach, in the second foreach I use the pipeline input ($_)
note also the explicit naming all properties in the last line, needed for the special shares as they do not have all properties and this can "confuse" the select statement (See also JS's entry on the PowerShell team Blog)
In the next post I will use the CSV file created to recreate the shares from the CSV file and then recreate the shares again .
Enjoy,
Greetings /\/\o\/\/
Tags : Monad msh PowerShell
