-
Detection (Identify Shares with Everyone permissions)
There is a forum post that lists some information about this please reference https://forum.bigfix.com/t/shared-folder-permissions/5193/3?u=jstevThis Relevance will give you a relevance statement that can be used for your Task to so that it will represent a boolean value if a share with a trustee as “everyone” exists.
Exists((names of it whose (exists (account name of trustee of entries of dacls of security descriptors of it) whose (it = "Everyone")) of network shares))
If you would like to create an analysis you can use this to gather information about those shares.
(name of it, (account name of trustee of it, read permissions of it, write permissions of it, execute permissions of it) of entries whose (account name of trustee of it = “Everyone”) of dacls of security descriptors of it) of network shares
- Remediation (Delete Share)
This action will build a batch file with a list of net share commands for each returned shared with everyone as a trustee. Then you can have bigfix execute the batch file to delete the shares.
delete __createfile
createfile until eof
{concatenation "%0d%0a" of ("net share %22" & it & "%22 /delete") of (names of it whose (exists (account name of trustee of entries of dacls of security descriptors of it) whose (it = "Everyone")) of network shares)}
eofdelete deleveryoneshares.cmd
copy __createfile deleveryoneshares.cmd
waithidden deleveryoneshares.cmd