Windows PowerShell 2-显示每个人都可以完全控制的共享目录
PowerShell版本:2(我了解风险) 以下命令输出“everyone”用户组有权访问的所有共享:Windows PowerShell 2-显示每个人都可以完全控制的共享目录,windows,powershell,command,Windows,Powershell,Command,PowerShell版本:2(我了解风险) 以下命令输出“everyone”用户组有权访问的所有共享: $Found = @() Get-WmiObject win32_logicalsharesecuritysetting | ForEach-Object {$Path = "\\localhost\\" + $_.Name; Get-Acl -Path $Path | Select-Object Path -ExpandProperty Acces
$Found = @()
Get-WmiObject win32_logicalsharesecuritysetting |
ForEach-Object {$Path = "\\localhost\\" + $_.Name; Get-Acl -Path $Path |
Select-Object Path -ExpandProperty Access |
ForEach-Object {If($_.IdentityReference -eq 'Everyone'){$Found += $_.Path}}}
Write-Host "Found: $($Found.Count)"
Write-Host "Share locations:"
$Found | ForEach-Object {Write-Host $_.Replace('Microsoft.PowerShell.Core\FileSystem::\\localhost\','')}
是否可以将上述命令增强为仅显示“everyone”用户组具有“完全控制权”的共享
如果未选择单选按钮,则不在输出中显示任何内容,但是,如果为用户组“everyone”选择了完全控制单选按钮,则显示输出:
因此,在我的程序中,我使用以下代码:
$Shares = Get-WmiObject -Class Win32_LogicalShareSecuritySetting
foreach($Share in $Shares) {
foreach($perm in $Permissions.Descriptor.DACL) {
if($Perm.Trustee.Name -eq "EveryOne" -and $Perm.AccessMask -eq "2032127" -and $Perm.AceType -eq 0) {
#EveryOneFullControl is true so do something
} else {
#EveryOneFullControl is false so do something
}
}
}
它是ACL的一部分,所以只需在
if
语句中添加另一个条件:$.IdentityReference-eq'Everyone'-和$..FileSystemRights-eq'FullControl'
。嗨,亚伯拉罕,我已经按照您的建议修改了if语句:针对每个对象{if($$\IdentityReference-eq'Everyone'-和$.FileSystemRights-eq'FullControl')){$Found+=$\.Path}}而且它似乎工作得很好,谢谢!很高兴听到!(: