Share ACLs are defined on the share, not on the folder. icacls
, cacls
and Get-Acl
return permissions on the latter. Use WMI for enumerating share permissions:
$permissions = @{
2032127 = 'F'
1245631 = 'M'
1179817 = 'RX'
}
$type = @{
0 = 'Allow'
1 = 'Deny'
2 = 'Audit'
}
gwmi Win32_Share -Filter 'Type=0' | % {
"{0}:`t{1}" -f $_.Name, $_.Path
gwmi Win32_LogicalShareSecuritySetting -Filter "Name='$($_.Name)'" | % {
$_.GetSecurityDescriptor().Descriptor.DACL | % {
"`t{0} {1} {2}" -f $_.Trustee.Name, $type[[int]$_.AceType],
$permissions[[int]$_.AccessMask]
}
}
}
The filter Type=0
suppresses administratives shares.