Powershell 脚本 - 远程枚举所有 SMB 共享及其权限

问题描述 投票:0回答:1

我试图枚举所有开放共享及其权限,但在尝试在开放共享上使用“Get-SmbShareAccess”时出现“访问被拒绝”错误。到目前为止我可以尝试下面的脚本。

$ComputersNames = Get-ADComputer -Filter * | select Name

$FileShares = [System.Collections.Generic.List[pscustomobject]]::new()

foreach ($ComputerName in $ComputersNames)
{ 
    $newRow = New-Object -TypeName psobject
    $newRow | Add-Member -NotePropertyName 'Computer_Name' -NotePropertyValue $ComputerName
    try 
    {
         $connected = (Test-Connection -BufferSize 32 -Count 1 -ComputerName $ComputerName -Quiet -ErrorAction Ignore)
       
        if ($connected) 
        {
            $Shares = net view \\$ComputerName /all 2>&1 | select-object -Skip 7 |  ? { $_ -match 'disk*' } | % { $_ -match '^(.+?)\s+Disk*' | out-null; $matches[1] }

            foreach ($Share in $Shares) {
                $Access = Invoke-Command -ComputerName $ComputerName -ScriptBlock { Get-SmbShareAccess }                                      
                $newRow | Add-Member -NotePropertyName 'Share_Name' -NotePropertyValue $Share -Force
                $newRow | Add-Member -NotePropertyName 'Access' -NotePropertyValue $Access -Force
            }   
        }
    }
    catch {
        Write-Host $_.Exception.Message
        Write-Host $_.Exception
    }
    $FileShares.Add($newRow)  | Out-Null
}

首先,是否有任何解决方法可以获取远程计算机的 smb 共享上的用户权限,而不会出现访问被拒绝错误

其次,即使计算机有超过 1 个开放共享,但 $newRow 的输出仅打印最后一个共享

第三,我需要以正确的格式将脚本的输出导出到 txt 文件或 csv ,就像每个打开的共享都针对其计算机名称授予权限

感谢提前

powershell acl smb
1个回答
0
投票

您是否尝试过将管理员凭据添加到

Invoke-Command
,在远程计算机上运行脚本块以获取共享的访问权限?
就我个人而言,我会在远程计算机上的同一脚本块内运行 
Get-SmbShare
Get-SmbShareAccess
,然后选择您想要返回的属性并将所有这些属性收集到变量中。

$credential   = Get-Credential -Message 'Please enter admin credentials'
$allComputers = (Get-ADComputer -Filter *).Name    # just their names

# loop through the list of computers and capture the output from the loop
$result = foreach ($computer in $allComputers) { 
    $connected = (Test-Connection -BufferSize 32 -Count 1 -ComputerName $computer -Quiet -ErrorAction SilentlyContinue)
    if ($connected) {
        try {
            Invoke-Command -ComputerName $computer -Credential $credential -ScriptBlock {
                $shares = Get-SmbShare | Where-Object {$_.ShareType -eq 'FileSystemDirectory'}
                # if you also want to exclude all sharesnames ending in '$', do
                # $shares = Get-SmbShare | Where-Object {$_.ShareType -eq 'FileSystemDirectory' -and !($_.Name.Endswith('$'))}
                foreach($share in $shares) {
                    Get-SmbShareAccess -Name $share.Name | 
                        Select-Object @{Name = 'Computer_Name'; Expression = {$using:computer}},
                                      @{Name = 'Share_Name'; Expression = {$_.Name}},
                                      AccountName, AccessControlType, AccessRight
                    }
                }
        }
        catch {
            Write-Warning $_.Exception.Message
        }
    }
    else {
        Write-Warning "Computer $($computer.Name) is unreachable"
    }
}

# remove the extra properties Invoke-Command added and write to CSV file
$result | Select-Object * -ExcludeProperty PS*, RunSpaceId |
          Export-Csv -Path 'C:\SomePath\FileShareInformation.csv' -NoTypeInformation -UseCulture
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.