Script Powershell qui retournent les utilisateurs qui accèdent aux shares d’un server.
Import-Module ActiveDirectory
$ExportFile=’C:\temp\shareACL.csv’
$ShortDomainName=’TEDDYCORP’
$Res=@()
$lstShares=Get-SmbShare | Where-Object -Property Name -ne ‘IPC$’
$iTrace=1
foreach($share in $lstShares){
Write-Host ‘Share n°: ‘ $iTrace ‘/’ $lstShares.count ‘ share : ‘ $share.Path
Clear-Variable -Name resUsersInACL -Scope Global
$lstACL=@()
#Get NTFS ACL, content only TEDDYCORP and not Admins du domaine
$lstACL=$(Get-Acl -Path $share.Path).Access | Select-Object IdentityReference | Where-Object {$_.IdentityReference -Match $ShortDomainName -and $_.IdentityReference -notmatch ‘Admins du domaine’}
#Foreach ACL, check the type (user vs group) and list all user in groups if needed
foreach($ACL in $lstACL){
#Chech ACL type (group vs user)
[string]$SAM=$($ACL.IdentityReference -replace $ShortDomainName).Replace(‘\’,”)
$objAD=Get-ADObject -Filter ‘sAMAccountName -eq $SAM’
if($objAD.ObjectClass -eq ‘user’){
$resUsersInACL+=$objAD.name + ‘,’
}elseif($objAD.ObjectClass -eq ‘group’){
foreach($name in $(Get-ADGroupMember -identity $objAD.DistinguishedName -Recursive).name){$resUsersInACL+=$name + ‘,’}
}
$DataCollect = New-Object System.object
$DataCollect | Add-Member -name ‘ShareName’ -MemberType NoteProperty -Value $share.Name
$DataCollect | Add-Member -name ‘SharePath’ -MemberType NoteProperty -Value $share.Path
$DataCollect | Add-Member -name ‘UsersInACL’ -MemberType NoteProperty -Value $resUsersInACL
}
$iTrace++
$Res+=$DataCollect
}
$Res | Export-Csv $ExportFile -Delimiter ‘;’ -Encoding UTF8 -NoTypeInformation