Auditing Windows Server Shares
Posted on September 6, 2008
6 Comments
Suppose you had about 20 Windows servers to manage. Furthermore, suppose that you’ve lost track of what file shares are on each server — and who has permissions to them.
That’s the situation I’m in. I really need to document the shares and associated permissions for all of my servers. If nothing else, just to get a line in the sand and have something to use as reference when new shares are requested.
Help me find a better way!
Right now I visit each server (via remote desktop) and go to the Computer Management console. Expand “Shared Folders” and click on “Shares”:
Then, for each share listed (at least the non-defaults) I right-click on it, choose Properties and go to Share Permissions to see what’s really going on. I then write that all down on that particular server’s wiki page.
Does that work? Sure. Is it tedious as all heck? Yes. Yes it surely is.
Any good tools or scripts that I can run against my local network segment and get a report? For somewhat obvious reasons I’m hesitant to just grab any ol’ tool off the Internet and run it. I’d rather have some suggestions first.
Tags: 
Possibly Related Posts
Comments
6 Responses to “Auditing Windows Server Shares”
Leave a Reply
Please read the "Comments" section on the Disclaimer page. Don't use SEO terms instead of a name. That drives me nuts.
Oh, and contrary to what you might have read on some SEO forum, this is not a "Do Follow" blog.
I do think that GChOS will be a niche...
Ok, this is linux-centric, as usual, but not only because “Linux is the one true option” but because…it *is* the best option in this instance
From a linux box (your bootable CD would work) I’d do something like:
for i in listofwindowsservers.txt ; do echo $i >> resultsfile.txt &&smbclient -L -A filewithauth.txt $i >> resultsfile.txt ; done
That *should* give you a file with the name of the computer followed by the shares it offers, including printers and so on.
Look at “man smbclient” to get the format of the filewithauth.txt file, which cointains user/password stuff so you don’t have to type it every single time…and so it won’t stay in your history
Awesome! That’s over half the battle. Thanks for the nudge towards smbclient.
The other half of the battle, however… I need to re-read the smbclient man but can it dump the perms on each share? Like, who has access and what perms?
Uhm….no clue if that’s possible, never tried/needed that…so…RTFM
Dunno if this can go far enough, but it looks promising: http://www.computerperformance.co.uk/powershell/powershell_wmi_shares.htm
Also this: (get-acl \\servername\sharename).Access
Hmm, I might have to get smarter about this powershell stuff…. Thanks for the link, Joseph.