Re: Share Berechtigungen auslesen



asdf schrieb:
Versuche mich mal zu Leoschen.

Da wuerde ich Dir mal raten schnell ne Grundgestzaenederung zu kriegen.


*************************

Wenn's Dich dann vorher erwischte, haetteste Pech gegabt.

******************












"Jens" <Jens@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C11F3624-C62B-4DCD-9722-F6C6FBAD01F3@xxxxxxxxxxxxxxxx
Ich glaube die beiden vorangegangenen Beiträge bieten sich zum Löschen an.

So, ich kriege jetzt die Berechtigungen für alle User angezeigt. Nur noch
nicht für die versteckten. Es scheint aber teils zu funktionieren.
Offenbar
ist das abhängig von der WSH Version. Ich hab sowohl Build 6626 als auch
Build 8827 zur Verfügung. Auf 8827 krieg ich nur die normalen Freigaben,
auf
6626 krieg ich gar keine Ausgabe.

Unter Build 8820 scheint es aber zu gehen. Könnt Ihr das Skript vielleicht
mal unter Euren Maschinen ausprobieren?

' Define constants.
Const FILE_LIST_DIRECTORY = &H1
Const FILE_ADD_FILE = &H2
Const FILE_ADD_SUBDIRECTORY = &H4
Const FILE_READ_EA = &H8
Const FILE_WRITE_EA = &H10
Const FILE_TRAVERSE = &H20
Const FILE_DELETE_CHILD = &H40
Const FILE_READ_ATTRIBUTES = &H80
Const FILE_WRITE_ATTRIBUTES = &H100
Const DELETE = &H10000
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000


Set oWMI = GetObject("winmgmts:")

Set objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate}!\\" & "localhost" & "\root\cimv2")
Set oShares = oWMI.ExecQuery("select Name from Win32_Share where Type=0")

For Each oShare In oShares

' Connect to WMI and get the share security object for the share
Set oShareSecSetting =
GetObject("winmgmts:Win32_LogicalShareSecuritySetting.Name='" &
oShare.Name &
"'")


' Use the Win32_LogicalShareSecuritySetting Caption property to create a
' simple header before dumping the discretionary access control list
(DACL)
WScript.Echo oShareSecSetting.Caption


' Call the Win32_LogicalShareSecuritySetting GetSecurityDescriptor
' method to retrieve an instance of the Win32_SecurityDescriptor class
' for the target object. Note that this is achieved by passing an empty
' variable to GetSecurityDescriptor, which GetSecurityDescriptor in turn
' initializes with an instance of the Win32_SecurityDescriptor class
' that corresponds to the security descriptor for the target object.
iRC = oShareSecSetting.GetSecurityDescriptor(oSecurityDescriptor)


If iRC <> 0 Then
Select Case iRC
Case 2
WScript.Echo "You do not have access to the requested information"
Case 8
WScript.Echo "Unknown failure"
Case 9
WScript.Echo "You do not have adequate privileges"
Case 21
WScript.Echo "The specified parameter is invalid"
Case Else
WScript.Echo "Unknown error"
End Select
WScript.Quit
End If


' After the security descriptor is retrieved, you can use the properties
' provided by the Win32_SecurityDescriptor class to dissect the security
' descriptor's access control lists (DACL and SACL) and access
' control entries (ACEs).


' Retrieve the content of Win32_SecurityDescriptor DACL property.
' The DACL is an array of Win32_ACE objects.
aDACL = oSecurityDescriptor.DACL



For Each oAce In aDACL
WScript.Echo "Access Mask: " & oAce.AccessMask
WScript.Echo "ACE Type: " & oAce.AceType


' Get Win32_Trustee object from ACE
Set oTrustee = oAce.Trustee
WScript.Echo "Trustee Domain: " & oTrustee.Domain
WScript.Echo "Trustee Name: " & oTrustee.Name


' Get SID as array from Trustee
aSID = oTrustee.SID
strsid = ""

For i = 0 To UBound(aSID) - 2
strsid = strsid & aSID(i) & ","
Next

strsid = strsid & aSID(i)


WScript.Echo "Trustee SID: {" & strsid & "}"
WScript.Echo "== NTFS Rights =="
If (oAce.AccessMask And FILE_LIST_DIRECTORY) <> 0 Then
Wscript.Echo "FILE_LIST_DIRECTORY"
End If
If (oAce.AccessMask And FILE_ADD_FILE) <> 0 Then
Wscript.Echo "FILE_ADD_FILE"
End If
If (oAce.AccessMask And FILE_ADD_SUBDIRECTORY) <> 0 Then
Wscript.Echo "FILE_ADD_SUBDIRECTORY"
End If
If (oAce.AccessMask And FILE_READ_EA) <> 0 Then
Wscript.Echo "FILE_READ_EA"
End If
If (oAce.AccessMask And FILE_WRITE_EA) <> 0 Then
Wscript.Echo "FILE_WRITE_EA"
End If
If (oAce.AccessMask And FILE_TRAVERSE) <> 0 Then
Wscript.Echo "FILE_TRAVERSE"
End If
If (oAce.AccessMask And FILE_DELETE_CHILD) <> 0 Then
Wscript.Echo "FILE_DELETE_CHILD"
End If
If (oAce.AccessMask And FILE_READ_ATTRIBUTES) <> 0 Then
Wscript.Echo "FILE_READ_ATTRIBUTES"
End If
If (oAce.AccessMask And FILE_WRITE_ATTRIBUTES) <> 0 Then
Wscript.Echo "FILE_WRITE_ATTRIBUTES"
End If
If (oAce.AccessMask And DELETE) <> 0 Then
Wscript.Echo "DELETE"
End If
If (oAce.AccessMask And READ_CONTROL) <> 0 Then
Wscript.Echo "READ_CONTROL"
End If
If (oAce.AccessMask And WRITE_DAC) <> 0 Then
Wscript.Echo "WRITE_DAC"
End If
If (oAce.AccessMask And WRITE_OWNER) <> 0 Then
Wscript.Echo "WRITE_OWNER"
End If
If (oAce.AccessMask And SYNCHRONIZE) <> 0 Then
Wscript.Echo "SYNCHRONIZE"
End If
wscript.echo
Next
Next

Aujaaaaa



Lasst uns ein "Anti - Troll" Gesetz in's Leben rufen!

G

A
.