Auditing Windows Server Shares

Suppose you had about 20 Windows servers to manage. Furthermore, suppose that you’ve lost track of what file shares are on each server — and who has permissions to them.

That’s the situation I’m in. I really need to document the shares and associated permissions for all of my servers. If nothing else, just to get a line in the sand and have something to use as reference when new shares are requested.

Help me find a better way!

Right now I visit each server (via remote desktop) and go to the Computer Management console. Expand “Shared Folders” and click on “Shares”:

Then, for each share listed (at least the non-defaults) I right-click on it, choose Properties and go to Share Permissions to see what’s really going on. I then write that all down on that particular server’s wiki page.

Does that work? Sure. Is it tedious as all heck? Yes. Yes it surely is.

Any good tools or scripts that I can run against my local network segment and get a report?  For somewhat obvious reasons I’m hesitant to just grab any ol’ tool off the Internet and run it. I’d rather have some suggestions first.

Possibly Related posts:

1. Windows Home Server
2. Windows Scheduled Tasks Tricks
3. In Which Regmon Saves the Day
4. Finding Uptime for Windows
5. Windows 2003 Remote Desktop to Console

September 6th, 2008 Tags: security, servers, Windows

6 comments to Auditing Windows Server Shares

• Vox

  September 6th, 2008 at 4:08 pm · Reply

  Ok, this is linux-centric, as usual, but not only because “Linux is the one true option” but because…it *is* the best option in this instance

  From a linux box (your bootable CD would work) I’d do something like:

  for i in listofwindowsservers.txt ; do echo $i >> resultsfile.txt &&smbclient -L -A filewithauth.txt $i >> resultsfile.txt ; done

  That *should* give you a file with the name of the computer followed by the shares it offers, including printers and so on.

  Look at “man smbclient” to get the format of the filewithauth.txt file, which cointains user/password stuff so you don’t have to type it every single time…and so it won’t stay in your history

• Chris

  September 6th, 2008 at 6:26 pm · Reply

  Awesome! That’s over half the battle. Thanks for the nudge towards smbclient.

  The other half of the battle, however… I need to re-read the smbclient man but can it dump the perms on each share? Like, who has access and what perms?

• Vox

  September 8th, 2008 at 3:15 pm · Reply

  Uhm….no clue if that’s possible, never tried/needed that…so…RTFM

• Joseph

  September 11th, 2008 at 10:37 am · Reply

  Dunno if this can go far enough, but it looks promising: http://www.computerperformance.co.uk/powershell/powershell_wmi_shares.htm

• Joseph

  September 11th, 2008 at 10:43 am · Reply

  Also this: (get-acl \\servername\sharename).Access

• Chris

  September 12th, 2008 at 9:04 am · Reply

  Hmm, I might have to get smarter about this powershell stuff…. Thanks for the link, Joseph.

Copyright © 2010 Solo Technology - All Rights Reserved
Solo Technology Blog by Chris Kasten is licensed under a Creative Commons Attribution-Share Alike 3.0 License
Powered by WordPress & the Atahualpa Theme.