Hello All. I recently posted details on how to enumerate Windows NTFS permissions. I mentioned that the post did not refer to Windows share permission enumeration, but specifically NTFS. So I wanted to provide some information on enumerating Windows share permissions in this post.

I am assuming you are enumerating these share permissions on the source file server – enumerating shares remotely is not as simple given access rights to enumerate the shares. Assuming when you are enumerating on the source server, you are running scripts, etc. as an administrator.

This PowerShell script will enumerate the shares on the target server:

[cmdletbinding()]

param([Parameter(ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True)]$Computer = ‘.’)

$shares = gwmi -Class win32_share -ComputerName $computer | select -ExpandProperty Name

foreach ($share in $shares) {
$acl = $null
Write-Host $share -ForegroundColor Green
Write-Host $(‘-‘ * $share.Length) -ForegroundColor Green
$objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter “name=’$Share'” -ComputerName $computer
try {
$SD = $objShareSec.GetSecurityDescriptor().Descriptor
foreach($ace in $SD.DACL){
$UserName = $ace.Trustee.Name
If ($ace.Trustee.Domain -ne $Null) {$UserName = “$($ace.Trustee.Domain)\$UserName”}
If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }
[Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType)
} #end foreach ACE
} # end try
catch
{ Write-Host “Unable to obtain permissions for $share” }
$ACL
Write-Host $(‘=’ * 50)
} # end foreach $share

This will produce an output like this: