Getting permissions of a remote SMB/CIFS share without remote powershell or WMI
I'm looking for a way to export the ACL of a SMB / CIFS share (not to be confused with the NTFS ACL) from a Windows machine connected to the share. So far, I can see the permissions in the advanced security properties of the share, but no way to export or parse them short of an AutoIT monstrosity.
I want to obtain this information in a format that I can parse, be it CSV, JSON, XML, etc.
I have checked this question which recommends using Powershell's Get-SmbShareAccess: Retrieving Remote File Share 'Share Permissions' Using Powershell and this TechNet question which uses Get-WmiObject: Get-wmiobject Win32_Share does not show Sharing Permissions but both assume we can get Powershell code executed on the server hosting the share: this isn't the case for me as the share is not hosted on windows and I don't have shell access to the machine.
I'm open to any language but would prefer Powershell if given the choice.
Windows explorer uses RPC via the win32 API method NetShareGetInfo(), but it's not easy to call it directly from Powershell.
FileShareUtils is a fantastic gallery module that does all of this for you, and the best option that I could find:
$share = Get-NetShare -Name 'MyShare' -Server 'MyFileServer01'
Server : MyServer01
Name : MyShare
Path : E:\Folder\Path
Description :
ABE : Enabled
CachingMode : Manual
ShareACLText : BUILTIN\Administrators|FullControl,Everyone|FullControl
CurrentUses : 4
ConcurrentUserLimit : -1
BranchCache : Disabled
Flags : 2051
Type : Disk Drive
ShareSDDL : D:(A;;FA;;;WD)(A;;FA;;;BA)
ShareACL : System.Security.AccessControl.DirectorySecurity
$share.ShareACL.Access
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : Everyone
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
I was not able to test whether the whole Get-NetShare works as a non-admin user, but if you can see the "Share" permissions in file explorer, then this should work for you. If do you still get access-denied messages, then you may be able to work your way through the module code and see where/why.
- Is there a way to add the Developer Powershell for VS 2019 as an integrated terminal in VSCode?
- How can I mute/unmute my sound from PowerShell
- PowerShell code returning correct value. However, looking to enhance program by capturing the ID tag listed above the desired value
- PSCommandNotFoundSuggestion message shows without suggestions (PowerShell 7.5)
- Scheduled powershell script not running dot sourced scripts
- How to load the classes in PowerShell module globally?
- PowerShell - Password Generator - How to always include number in string?
- Problem using PowerShell Class contained in module when running Pester test for a different module that utilizes the Class module
- Automated Deployment to an F5 Load Balanced Environment
- [System.Collections.Generic.List[string]] as return value
- How to exclude folders from a recursive list of path\name with Get-ChildItem in Powershell 2.0 (similar to dir /s /b /a-d in DOS)?
- Powershell get case sensitive path as displayed in windows
- A PowerShell Script to install fonts on Windows 11
- Why does a space at the end of a pwsh command launch it as a separate window/process?
- exchange online Get-DistributionGroupMember command not getting Initials
- Suppress receive-job console output when the job uses write-host
- Granting SeServiceLogonRight to a user from PowerShell
- Where to put PowerShell scripts?
- Forcing specific SPN for URL in .Net
- Code to check for Administrator privileges not working on some servers
- Rename-item: Cannot rename because item at ... does not exist
- `Invoke-Conda` cannot catch any arguments after powershell 7.5.0 update
- Toast Notification - Open a web page with specific character on the link
- Fabric-Rest API: why updateFromGit is returning invalid git hash or missing options?
- Does anyone know how to calculate Authenticode File hash in PowerShell?
- WDAC policy doesnt disable
- PowerShell Invoke-WebRequest throws WebCmdletResponseException
- How to restart or shutdown a remote computer with comment from powershell
- how to get a string of a mutable array?
- Powershell Foreach-Object -Parallel how to change the value of a variable outside the loop (track progress)