Enumerate Windows network shares and all custom permissions on or within

Question

We have various servers that have many directories shared. It's easy enough to look at the share browser to see what the "top level" shares are, but underneath is a jumbled mess of custom permissions, none of which is documented.

I'd like to enumerate all the shares on the domain (definitely all the 'servers', local PCs would be nice) and then recurse down each one and report any deviation from the parent. If the child has the same permissions, no need to report that back.

I'd prefer a simple script-y solution to writing a big C# app, but any method that works will do (even existing software).

For example, I'd like to get:

SERVER1\
 \-- C: (EVERYONE: Total control, ADMINs, etc. etc.)
   \-- (skip anything that is not the same as above)
   \-- SuperSecretStuff (Everyone: NO access; Bob: Read access)
SERVER2\ 
 \-- Stuff (some people)

etc.

Answer 1

I know it isnt scripting, but have you tried ShareEnum? http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx and then export it out? You can also compare to older runs. I don't think there is a cmd line interface (which sucks), but it will get you the info you need

Answer 2

This Powershell script accomplishes your goal.

As it is stated:

This little script will enumerate all the shares on a computer, and list the share-level permissions for each share. It uses WMI to retrieve the shares, and to list the permissions.

Note that this script lists share-level permissions, and not NTFS permissions.

It accepts a number of computers as its input, a single IP, or running it in the local system:

       .EXAMPLE 
       C:\PS> .\Get-SharePermissions # Operates against local computer. 

       .EXAMPLE 
       C:\PS> 'computerName' | .\Get-SharePermissions 

       .EXAMPLE 
       C:\PS> Get-Content 'computerlist.txt' | .\Get-SharePermissions | Out-File 'SharePermissions.txt'