(imported topic written by arwhite91)
I have been trying to put together some relevance to return the security permissions of shared folders. I found tools to get the share permissions, but that doesn’t help in my environment since share permissions are just set to authenticated users. I need the actual security permissions on the folder being shared. The way I see this working with BigFix is to pull the paths of all shared folders, then to list the permissions on each of those paths. I can do either of those separately, but it gets tricky when I start putting it all together.
Using this:
(account name of trustee of it & " - " & (if (generic read permission of it OR read permission of it) then “R” else “”) & (if (generic write permission of it OR write permission of it) then “W” else “”) & (if (generic execute permission of it OR execute permission of it) then “E” else “”)) of entries of dacls of security descriptors of folder “c:\windows”
results in:
Administrators - RWE
CREATOR OWNER - RWE
Power Users - RWE
SYSTEM - RWE
Users - RE
So, that gives me each user or group and the RWE permissions for a single folder. Half way there.
Independently of that I can do this:
(dacls of security descriptors of folders (paths of it), names of it) of network shares
that results in:
D:PAI(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;0x1301bf;;;PU)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU), ADMIN$
D:(A;ID;FA;;;S-1-5-21-1487696351-1840529824-1159422225-14078)(A;OICIIOID;GA;;;S-1-5-21-1487696351-1840529824-1159422225-14078)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA), C$
So, that lists the dacl of the shared folder and the name of each share (admin$ and c$). When I put these two pieces together is where my issue comes in.
((account name of trustee of it & " - " & (if (generic read permission of it OR read permission of it) then “R” else “”) & (if (generic write permission of it OR write permission of it) then “W” else “”) & (if (generic execute permission of it OR execute permission of it) then “E” else “”)) of entries of dacls of security descriptors of folders (paths of it), names of it) of network shares
returns only the following:
Administrators - RWE, ADMIN$
CREATOR OWNER - RWE, ADMIN$
Power Users - RWE, ADMIN$
SYSTEM - RWE, ADMIN$
Users - RE, ADMIN$
The format of the output is exactly what I need, but it stops after the first shared folder. As you can see, I only get Admin$ and not C$. Is there something I’m doing wrong to cause this to only list one share? Since listing only the dacls returns all shares, I assumed that would be the case when I pieced it with the rest of the relevance, but that is apparently not the case.