/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" powershell (Monad) Home on computerperformance.co.uk "," PowerShell in Action "," PowerShell out-PropertyGrid (MSH view-Object) "," PowerShell AD site Finder "," PowerShell and SMS 2003 "," Upgrading MSH, My first Windows PowerShell Commands "," Some more Windows PowerShell Links and info. "," Windows PowerShell (Monad / MSH) "," Simple port scanning using Monad "," Large AD queries in Monad "," ")

Monday, May 01, 2006

 


PowerShell Export Shares and Security info to CSV



Inspired by this Newgroup Thread :Security and monad
(b.t.w. you can post your opinions on the new Newsgroup name, in the NG also )

and Going on from those 2 scripts I did before:

Replace Security on existing share using MSH
Get Binary SID in MSH (Share Security Update)

Exept for the small change in the Share example from MshObject to PsObject, those still work.
but this will add the listing of the Security on the share and exporting to CSV and I will also add Creating shares from the CSV file in the Next post.

First the getting of the Security Info on the share, it is not as easy as you might think, you can not get it from the win32_share object as you would expect, you need an other WMI class for this :

Win32_LogicalShareSecuritySetting

Ok, not that bad :

MowPS>gwmi Win32_LogicalShareSecuritySetting | fl [a-z]*


Caption      : Security settings of mp3
ControlFlags : 32772
Description  : Security settings of mp3
Name         : mp3
SettingID    :


But hey, where is the security info ?
hmm, seems we are not there yet, we will need to invoke a method on this class to get to the info we need :

GetSecurityDescriptor()

we need to implement it like this :

$shareSec.invokeMethod('GetSecurityDescriptor',$null,$null)

See also the NewsgroupThread and this entry on MSDN : win32_logicalfilesecuritysetting

but if we look at what we get back :

MowPS>$SD = (gwmi Win32_LogicalShareSecuritySetting -filter "name='MP3'").invokeMethod('GetSecurityDescriptor',$null,$null)
MowPS>$SD | fl [a-z]*


Descriptor  : System.Management.ManagementBaseObject
ReturnValue : 0


Still no security info

but don't worry we are almost there (after the help I got from Jeffrey Snover with this in the NG tread, as I had found the second $null to add in the InvokeMethod, but was tricked in believing I just converted the returncode to a ManagementBaseObject.)

the answer was simple in the end (seeing the rest of the path that is ;-)

We just work our way down the Object from there :

MowPS>$SD.Descriptor | fl [a-z]*


ControlFlags : 32772
DACL         : {System.Management.ManagementBaseObject}
Group        :
Owner        :
SACL         :



MowPS>$SD.Descriptor.DACL | fl [a-z]*


AccessMask              : 1179817
AceFlags                : 0
AceType                 : 0
GuidInheritedObjectType :
GuidObjectType          :
Trustee                 : System.Management.ManagementBaseObject



MowPS>$SD.Descriptor.DACL.trustee | fl [a-z]*
MowPS>$SD.Descriptor.DACL[0].trustee | fl [a-z]*


Domain    : Computer
Name      : Mow
SID       : {1500...}
SidLength : 28
SIDString : S-1-5-xx-xxx-xxx-xxx-xxx


* Note * I need the [0] as there could be more ACES in the DACL.

And now The First script almost the same as posted in the NG :

# ExportShares.ps1
# This script will export the existing Shares 
# complete with securityInfo

# /\/\o\/\/ 2006    
# http://mow001.blogspot.com 

$filename = 'ShareInfo.csv'

# get Shares (Type o is "Normal" shares)

$shares = gwmi Win32_Share -filter 'type=0'

# combine Shares with Security info

$Shareinfo = @()
foreach ($share in $shares) {
  $shareSec = gwmi Win32_LogicalShareSecuritySetting  -filter "name='$($share.name)'"
  if($shareSec) {
    $sd = $shareSec.invokeMethod('GetSecurityDescriptor',$null,$null)
    $ShareInfo += $sd.Descriptor.DACL |% {
      $_ | select @{e={$share.name};n='Name'},
        @{e={$share.Path};n='Path'},
        @{e={$share.Description};n='Description'},
        AccessMask,
        AceFlags,
        AceType,
        @{e={$_.trustee.Name};n='User'},
        @{e={$_.trustee.Domain};n='Domain'},
        @{e={$_.trustee.SIDString};n='SID'}
    }
  }Else{
    $ShareInfo += $share | select Name,Path,Description
  }


# Export them to CSV

$ShareInfo | select Name,Path,Description,User,Domain,SID,
  AccessMask,AceFlags,AceType | export-csv -noType $filename


First thing to note is the shares are filtered on type=) that will leave out the special shares like $IPC and C$ etc.

$shares = gwmi Win32_Share -filter 'type=0'

as you will not get back security info from those and I want to recreate the shares again later from the CSV export in next post I will filter them out.

(I still left an Else Case to export them also if the filter is removed)

then I first loop through the shares
next is the foreach loop trough the $SD collection to generate an PSObject with all the properties needed.
I also put the share info on each line to be able to put all lines in one file.

I use a select statement to combine the information, and to rename some properties.
I export only the Text version of the SID as it is easy to convert back to the binary from from PowerShell anyway when needed (see next post or "Get Binary SID in MSH" post mentioned before.

*Note that I can use the $share as I explicitly named it it the first foreach, in the second foreach I use the pipeline input ($_)

note also the explicit naming all properties in the last line, needed for the special shares as they do not have all properties and this can "confuse" the select statement (See also JS's entry on the PowerShell team Blog)

In the next post I will use the CSV file created to recreate the shares from the CSV file and then recreate the shares again .

Enjoy,

Greetings /\/\o\/\/
Tags :


Comments: Post a Comment



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?