PowerShell – Liste les utilisateurs ayant accès aux shares

Script Powershell qui retournent les utilisateurs qui accèdent aux shares d’un server.

Import-Module ActiveDirectory
$ExportFile=’C:\temp\shareACL.csv’
$ShortDomainName=’TEDDYCORP’

$Res=@()

$lstShares=Get-SmbShare | Where-Object -Property Name -ne ‘IPC$’
$iTrace=1


foreach($share in $lstShares){
Write-Host ‘Share n°: ‘ $iTrace ‘/’ $lstShares.count ‘ share : ‘ $share.Path
Clear-Variable -Name resUsersInACL -Scope Global
$lstACL=@()

#Get NTFS ACL, content only TEDDYCORP and not Admins du domaine
$lstACL=$(Get-Acl -Path $share.Path).Access | Select-Object IdentityReference | Where-Object {$_.IdentityReference -Match $ShortDomainName -and $_.IdentityReference -notmatch ‘Admins du domaine’}


#Foreach ACL, check the type (user vs group) and list all user in groups if needed
foreach($ACL in $lstACL){

#Chech ACL type (group vs user)
[string]$SAM=$($ACL.IdentityReference -replace $ShortDomainName).Replace(‘\’, »)
$objAD=Get-ADObject -Filter ‘sAMAccountName -eq $SAM’


if($objAD.ObjectClass -eq ‘user’){
$resUsersInACL+=$objAD.name + ‘,’
}elseif($objAD.ObjectClass -eq ‘group’){
foreach($name in $(Get-ADGroupMember -identity $objAD.DistinguishedName -Recursive).name){$resUsersInACL+=$name + ‘,’}
}

$DataCollect = New-Object System.object
$DataCollect | Add-Member -name ‘ShareName’ -MemberType NoteProperty -Value $share.Name
$DataCollect | Add-Member -name ‘SharePath’ -MemberType NoteProperty -Value $share.Path
$DataCollect | Add-Member -name ‘UsersInACL’ -MemberType NoteProperty -Value $resUsersInACL
}

$iTrace++
$Res+=$DataCollect
}

$Res | Export-Csv $ExportFile -Delimiter ‘;’ -Encoding UTF8 -NoTypeInformation

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *