PowerShell – Liste les utilisateurs ayant accès aux shares

Script Powershell qui retournent les utilisateurs qui accèdent aux shares d’un server.

Import-Module ActiveDirectory


$lstShares=Get-SmbShare | Where-Object -Property Name -ne ‘IPC$’

foreach($share in $lstShares){
Write-Host ‘Share n°: ‘ $iTrace ‘/’ $lstShares.count ‘ share : ‘ $share.Path
Clear-Variable -Name resUsersInACL -Scope Global

#Get NTFS ACL, content only TEDDYCORP and not Admins du domaine
$lstACL=$(Get-Acl -Path $share.Path).Access | Select-Object IdentityReference | Where-Object {$_.IdentityReference -Match $ShortDomainName -and $_.IdentityReference -notmatch ‘Admins du domaine’}

#Foreach ACL, check the type (user vs group) and list all user in groups if needed
foreach($ACL in $lstACL){

#Chech ACL type (group vs user)
[string]$SAM=$($ACL.IdentityReference -replace $ShortDomainName).Replace(‘\’,”)
$objAD=Get-ADObject -Filter ‘sAMAccountName -eq $SAM’

if($objAD.ObjectClass -eq ‘user’){
$resUsersInACL+=$objAD.name + ‘,’
}elseif($objAD.ObjectClass -eq ‘group’){
foreach($name in $(Get-ADGroupMember -identity $objAD.DistinguishedName -Recursive).name){$resUsersInACL+=$name + ‘,’}

$DataCollect = New-Object System.object
$DataCollect | Add-Member -name ‘ShareName’ -MemberType NoteProperty -Value $share.Name
$DataCollect | Add-Member -name ‘SharePath’ -MemberType NoteProperty -Value $share.Path
$DataCollect | Add-Member -name ‘UsersInACL’ -MemberType NoteProperty -Value $resUsersInACL


$Res | Export-Csv $ExportFile -Delimiter ‘;’ -Encoding UTF8 -NoTypeInformation

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *