RE: VBScript to audit shares and share permissions

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 09/23/04

  • Next message: Thor: "Re: Restrict Anonymous" 
    Date: Thu, 23 Sep 2004 03:58:37 -0700 (PDT)
To: focus-ms@securityfocus.com

    Brian,

    > Wes, in looking over the Perl Script, unless I am
    > missing it, the code
    > doesn't appear to list Share and Directory
    > permissions for each share, which
    > is really the thing that I'm after. If I missed the
    > line(s) of code, I apologize in advance.

    You didn't miss anything. I am the author of the
    script that Wes mentioned...and it doesn't list
    permissions. I think it's simply another case of
    someone not really reading what the original author's
    request was.

    I did point you to a script that does do this...
    http://patriot.net/~carvdawg/perl.html
    You want the share.pl script.

    > I need a good way to automate the process of
    > checking a list of hosts for
    > shares that allow Everyone access at the share level
    > and Everyone access at
    > file system level (and maybe some other
    > permissions). I can get this info
    > from Dumpsec, but one host at a time, and it's a
    > manual process.

    My book, "Windows Forensics and Incident Recovery",
    discusses how to do this. I include a Perl script w/
    the book for dumping system names, and then parsing
    through that list to automate the process of checking
    just about anything.

    > I am also trying to avoid writing this myself, since
    > I don't have, what's it called? Free time? :)
    >
    > I hope I can find a script or a package that will do
    > this already (I've
    > tried picking through various Nessus plugins and
    > such).

    I'm sure your free time is limited, which is why I've
    pointed you to scripts that have already been created,
    and can run with little to no modification.

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Thor: "Re: Restrict Anonymous"

    Relevant Pages

    • Re: cant get access to disk share when connecting from a remote s
      ... The systems are DUTs. ... for each of the drives within the system. ... Everything in the scripts work except the file permissions below the shares ... the shares on the DUTs manually, after they run my rename script, but I would ...
      (microsoft.public.windows.server.scripting)
    • Re: VBA Script to Read WMP 11 Database
      ... The script failed on the desktop when I downloaded WMP11, ... Just reviewing the bidding -- WMP 11 responds properly to commands in a VBS ... That's why the computer wouldn't let me manually change the permissions. ... Digital Media MVP: 2004-2007 ...
      (microsoft.public.windowsmedia)
    • Re: VBA Script to Read WMP 11 Database
      ... The script failed on the desktop when I downloaded WMP11, ... Just reviewing the bidding -- WMP 11 responds properly to commands in a VBS ... That's why the computer wouldn't let me manually change the permissions. ... The CREATOR OWNER is likely on windows to be one of the admin accounts ...
      (microsoft.public.windowsmedia)
    • Re: how to restrict users to search in their own Organizational Unit
      ... will be given the necessary permissions. ... Who would you DENY? ... decided a script can make it possible to accomplish, ... If I need to create a security group per OU and then add all users ...
      (microsoft.public.windows.server.active_directory)
    • Re: VBScript to audit shares and share permissions
      ... You can also use SRVCHECK tool included in Windows Server Resources Kit. ... A simple script will allow you to scan all your network. ... see all shares. ... VBScript to audit shares and share permissions ...
      (Focus-Microsoft)