You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Enumerating Local Shares
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#35839 - 2003-01-29 07:29 PM Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
I've been asked if I can look into using Kix to enumerate all shares from a local drive and then to report any that are "open", meaning that they have given the "Everyone" group access (in some manner) to that share. How can I do this with Kix at login? Will it require ADSI or WMI interfacing? Will I be able to do this on both NT4 and Win2K clients? Any help would be greatly appreciated! - Dave
_________________________
silence is golden, but duct tape is silver

Top
#35840 - 2003-01-29 07:38 PM Re: Enumerating Local Shares
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Forget KiX... use DumpSec.

http://www.systemtools.com/somarsoft/
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#35841 - 2003-01-29 07:56 PM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
Ok, this looks pretty cool. But if I need to dump all open shares of all computers on our domain (about 2000 right now), I assume I would need to call this using command line options from the Kix login, and then collect the log files to provide a final report. Is that correct?
_________________________
silence is golden, but duct tape is silver

Top
#35842 - 2003-01-29 10:25 PM Re: Enumerating Local Shares
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
Hey Dave...

I believe you are correct. There is an included 'dumpsec.hlp' file that has a page full of command prompt parameters that can be passed to it.
Top
#35843 - 2003-01-30 12:11 AM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
THanks! Here is the script code that I have working well (so far)...
code:
$OutputFile = "c:\data\shares.csv"
$RunFile = @scriptdir+"\dumpsec.exe"
If Exist($RunFile)=1
	$RunCmd = $RunFile+" /showdirsonly /rpt=allsharedirs /outfile="+$OutputFile+" /saveas=csv /noheader"
	AT (16,44) "Running Scan of Shares..."
	Shell $RunCmd
	If Exist($OutputFile)=1
		AT (16,44) "Reading Scan Report..."
		If Open(1, $OutputFile,2)=0
			$x = ReadLine(1)
			While @error = 0
				$line = Trim($x)
				If InStr($line,",")<>0
					$parse = Split($line, ",")
					If VarType($parse)>0
						$path = Trim($parse[0])
						$perm = Trim($parse[1])
						If $perm="Everyone"
							$found = 1
							EndIf
					EndIf
				EndIf
				$x = ReadLine(1)
			Loop
			Close(1)
			Del($OutputFile)
		EndIf
	Else
		AT (16,44) "Failed to Create Report..."
	EndIf
	If $found=1
		$LogFile=@lserver+"\data\OpenShares-"+@userid+".INI"
		If Open(2,$LogFile,5)=0
			WriteLine(2, ";; Kix Logon Inventory Report" + @crlf + @crlf)
			WriteLine(2, "[OPENSHARES]" + @crlf)
			WriteLine(2, "Machine="+@wksta+@crlf)
			WriteLine(2, "UserName="+@userid+@crlf)
			WriteLine(2, "RunDate="+@date+@crlf)
			Close(2)
		EndIf
		;MessageBox("Open Shares Found!", "Open Share Audit",0)
	EndIf
Else
	MessageBox("Unable to Locate DumpSec!","Open Share Audit",0)
EndIf
_________________________
silence is golden, but duct tape is silver

Top
#35844 - 2003-01-31 07:47 PM Re: Enumerating Local Shares
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4402
Loc: New Jersey
There is a tool called EXPORTER - a freeware command-line tool from the folks that make the Hyena(sic?) management tool.

Just configure the ini file to only dump what you want, then run it, specifying the domain name you want to search. It will find and query all systems on the domain, writing to a tab-separated file.

I haven't used that specific function in some time, but I believe that it will also return the permissions (in a different file). I used this about 2 years ago to help a client lock down their network prior to going to A-D.

It would be pretty easy for Kix to parse the files, and then make changes using something like CACLS.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#35845 - 2003-01-31 08:31 PM Re: Enumerating Local Shares
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
DumpSec is also from the same people that make Hyena.

[ 31. January 2003, 20:32: Message edited by: CitrixMan ]
Top
#35846 - 2003-02-06 02:12 AM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
I'm using DUMPSEC right now. Instead of writing a log file and then having to collect them all to produce a report, I found it much easier to simply concatenate an in-line parameter and pass it as a URL to IE via the Run function. That opens the browser with a message to the user, and uses the parameters to prep and send an email to our help desk. So far it's working very well and takes care of itself essentially. No logs to collect. If I want, I can easily mod the ASP page to dump the hits into a SQL table for reporting, but that's not required (yet).
_________________________
silence is golden, but duct tape is silver

Top
#35847 - 2003-02-10 05:56 PM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
Uh oh. Not so fast. I uncovered a bug in DUMPSEC that SystemTools says is as-is due to the fact they bought the product from an acquisition and are not planning to update it anytime soon.

The problem is that it combines inherited NTFS rights with explicit share rights with producing the report for a given share. This is totally incorrect. They referred me to SmallWonders software to see if their (similar) products do better at producing an accurate share-permissions report.
_________________________
silence is golden, but duct tape is silver

Top
#35848 - 2003-02-10 07:30 PM Re: Enumerating Local Shares
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
What is your timeframe for having to complete your share enumeration?

If you are interested, I could provide this functionality in either my ShareMaint.exe utility (60% built) or add the functionality into Win32Admin.DLL.

Let me know...
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#35849 - 2003-02-10 09:37 PM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
Well, according to my employer it was last week. But since what I have in place now is reporting too much (getting all non-admin shares and looking for anything with "Everyone" using DUMPSEC), I can wait for your offering. It's better that what I have in place is doing too much than not enough, even though it is irritating a few users (our job in IT, right?)

How long do you think it will be before you might have something available? Will it cost or be freeware? That would affect my plans as well. I appreciate your offer. I'll be glad to test it out regardless.
_________________________
silence is golden, but duct tape is silver

Top
#35850 - 2003-02-10 09:56 PM Re: Enumerating Local Shares
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
It will be free. If you send me sufficient funds for a case of beer you may get it sooner [Big Grin] or maybe not if I drink it too fast. [Wink]

Are you only looking for Admin shares?

Would you prefer to use Win32Admin.DLL or a standalone EXE?

[ 10. February 2003, 21:58: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#35851 - 2003-02-10 11:09 PM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
What state do you live in? I'll FedEx the beer, as long as the goods pass the test. [Wink]

EXE is fine as long as it doesn't require an installation on every logon server. In other words, if it's a portable EXE. A DLL might be alright as well, but I'd have to REGSVR it on the logon servers I expect.

The net result is the ability to:
(A) enumerate all shares or...
(B) only admin shares or...
(C) only non-admin shares
(D) show groups that have explicit or direct inherited permissions on the share and what permissions (R/W/D/etc.)

If I have a share that is "FolderA" for C:\FolderA and have removed "Everyone" from the DACL shares permissions collection and added "Domain Users" only, the report should show:

Share=FolderA
Path=C:\FolderA
Groups:
Domain Users, R/W/D

Just a suggested format, not required format or structure. Hopefully this makes sense?
_________________________
silence is golden, but duct tape is silver

Top
#35852 - 2003-02-10 11:43 PM Re: Enumerating Local Shares
kholm Offline
Korg Regular
*****

Registered: 2000-06-19
Posts: 714
Loc: Randers, Denmark
If you have NTFS installed on all systems:

Have you given any thought to:
  • Administrary shares are special: C$ D$ etc.. only access for admins.
  • Default share access is everyone full control (BUT!!!)
  • NTFS permissions defaults to everyone read and admins full control (only read access for users)
So if you use NTFS on all systems, you shouldn't have any open shares by default.

-Erik
{Edit}
Sorry [Roll Eyes]
Reread your post:
I missed the access (In some manner)
{-Edit}

[ 10. February 2003, 23:57: Message edited by: kholm ]
Top
#35853 - 2003-02-11 03:52 AM Re: Enumerating Local Shares
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
You should implement the report as a .INI file. This way you can analyze it easier in a scriptable manner:
code:
[\\server\share]
Path=C:\FolderA
Domain Users=C
Domain Admins=F
[\\server\share2]
Path=c:\folderB
Domain Admins=F
I believe Change = Read/Write/Delete

[ 11. February 2003, 03:53: Message edited by: sealeopard ]
_________________________
There are two types of vessels, submarines and targets.

Top
#35854 - 2003-02-11 02:04 PM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
KHolm: Thanks for the advice. I'm not that ignorant actually. The environment existed this way before I came aboard. Hence the reason I'm trying to find and lock down things in an orderly fashion with limited tools to work with. My last employer gave me wonderful things to use like MS-SMS, but that's only a pilot here (which I'm doing myself, no help at the moment). In the current economic environment, we sometimes have to make do with little and keep our mouths shut with a happy smile on the front of them. :-)

Sealeopard: I like INI, I use that format most, even with all the pressures to "Go XML" these days. I like your signature too, since I work in the shipbuilding industry (U.S. Navy anyway), but I would modify it as follows:

There are two types of vessels: Funded and Unfunded. ;-)

[ 11. February 2003, 14:15: Message edited by: DaveS ]
_________________________
silence is golden, but duct tape is silver

Top
#35855 - 2003-02-12 04:00 AM Re: Enumerating Local Shares
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
Actually, you forgot about the 'underfunded' ones [Big Grin] BTW, I once worked on a shipyard (HDW in Germany) for a couple of months.

[ 12. February 2003, 04:01: Message edited by: sealeopard ]
_________________________
There are two types of vessels, submarines and targets.

Top
#35856 - 2003-02-16 05:11 AM Re: Enumerating Local Shares
Skatterbrainz Offline
Starting to like KiXtart

Registered: 2002-10-17
Posts: 172
Loc: Virginia, USA
Ah yes, German shipbuilding. That's what most sophisticated American "yard-dogs" would call "furin shipbuilders" (that's a joke). Sorry, not to go off the subject.

Howard has been working on some cool stuff that looks like it will do what I'm trying to accomplish. Thanks Howard! In any case, I have to say that of all the forums I hang out in (about five now), this is THE most responsive and informative of them all. Everytime I come to this place I learn a ton of new ideas and tricks that help me at work every day. No paid endorsements either! [Razz]
_________________________
silence is golden, but duct tape is silver

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 1183 anonymous users online.
details
Newest Members
batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.109 seconds in which 0.064 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org