ajouter la fonctionnalité d'export acl de partage à un script
Le
Lyes
Bonjour tout le monde,
Dernièrement Gilles LAURENT m'a écrit un script auquel je souhaite apporter
la fonctionnalité d'export des ACL de partage.
Est-ce qu'il y aurait qqun qui saurait ajouter cette fonctionnalité au
script qui est ci dessous:
'Script ecrit par Gilles LAURENT
'
'Syntax cscript.exe dumpacl.vbs >acl.csv
ROOT="D:"
DEPTH=3
SE_DACL_PRESENT=&h4
ACCESS_ALLOWED_ACE_TYPE=&h0
ACCESS_DENIED_ACE_TYPE=&h1
WScript.Echo "LoginGroup Name;Access AllowedDenied;Permission Assigned"
EnumFolders ROOT, 0
Sub EnumFolders (strFolder, nDepth)
On Error Resume Next
If nDepth<ÞPTH Then
GetAces(strFolder)
Set oFs=CreateObject ("Scripting.FileSystemObject")
Set oFolder = oFs.GetFolder (strFolder)
Set colFolders = oFolder.SubFolders
For Each oSubFolder in colFolders
EnumFolders oFs.BuildPath(strFolder,oSubFolder.name), nDepth+1
Next
End If
On Error Goto 0
End Sub
Sub GetAces (strFolder)
WScript.Echo VBLF & strFolder & VBLF
Set oWmi=GetObject("winmgmts:/root/cimv2")
Set oSs=oWmi.Get("Win32_LogicalFileSecuritySetting='" & strFolder & "'")
nRet=oSs.GetSecurityDescriptor(oSD)
If oSD.ControlFlags AND SE_DACL_PRESENT Then
For Each oACE In oSD.DACL
WScript.StdOut.Write oACE.Trustee.Domain & "" & oACE.Trustee.Name
If oACE.AceType¬CESS_ALLOWED_ACE_TYPE Then WScript.StdOut.Write
";Allowed"
If oACE.AceType¬CESS_DENIED_ACE_TYPE Then WScript.StdOut.Write
";Denied"
WScript.StdOut.Write "(" & oACE.AceType & ");"
Select Case oACE.AccessMask
Case "1245631"
WScript.StdOut.Write "Modify"
Case "1179785"
WScript.StdOut.Write "Read Only"
Case "1179817"
WScript.StdOut.Write "Read & Execute"
Case "2032127"
WScript.StdOut.Write "Full Control"
End Select
WScript.Echo "(" & oACE.AccessMask & ")"
Next
Else
WScript.Echo ";;-"
End If
End Sub
Dernièrement Gilles LAURENT m'a écrit un script auquel je souhaite apporter
la fonctionnalité d'export des ACL de partage.
Est-ce qu'il y aurait qqun qui saurait ajouter cette fonctionnalité au
script qui est ci dessous:
'Script ecrit par Gilles LAURENT
'
'Syntax cscript.exe dumpacl.vbs >acl.csv
ROOT="D:"
DEPTH=3
SE_DACL_PRESENT=&h4
ACCESS_ALLOWED_ACE_TYPE=&h0
ACCESS_DENIED_ACE_TYPE=&h1
WScript.Echo "LoginGroup Name;Access AllowedDenied;Permission Assigned"
EnumFolders ROOT, 0
Sub EnumFolders (strFolder, nDepth)
On Error Resume Next
If nDepth<ÞPTH Then
GetAces(strFolder)
Set oFs=CreateObject ("Scripting.FileSystemObject")
Set oFolder = oFs.GetFolder (strFolder)
Set colFolders = oFolder.SubFolders
For Each oSubFolder in colFolders
EnumFolders oFs.BuildPath(strFolder,oSubFolder.name), nDepth+1
Next
End If
On Error Goto 0
End Sub
Sub GetAces (strFolder)
WScript.Echo VBLF & strFolder & VBLF
Set oWmi=GetObject("winmgmts:/root/cimv2")
Set oSs=oWmi.Get("Win32_LogicalFileSecuritySetting='" & strFolder & "'")
nRet=oSs.GetSecurityDescriptor(oSD)
If oSD.ControlFlags AND SE_DACL_PRESENT Then
For Each oACE In oSD.DACL
WScript.StdOut.Write oACE.Trustee.Domain & "" & oACE.Trustee.Name
If oACE.AceType¬CESS_ALLOWED_ACE_TYPE Then WScript.StdOut.Write
";Allowed"
If oACE.AceType¬CESS_DENIED_ACE_TYPE Then WScript.StdOut.Write
";Denied"
WScript.StdOut.Write "(" & oACE.AceType & ");"
Select Case oACE.AccessMask
Case "1245631"
WScript.StdOut.Write "Modify"
Case "1179785"
WScript.StdOut.Write "Read Only"
Case "1179817"
WScript.StdOut.Write "Read & Execute"
Case "2032127"
WScript.StdOut.Write "Full Control"
End Select
WScript.Echo "(" & oACE.AccessMask & ")"
Next
Else
WScript.Echo ";;-"
End If
End Sub
ceux que ça interessent.
L'auteur n'a pas renseigné son nom donc merci à l'anonyme qui l'a rédigé.
On Error Resume Next
if wscript.arguments.count > 0 then
verbose = wscript.Arguments(0) = "-v"
else
verbose = false
end if
set wso = CreateObject("Wscript.Shell")
set aceflags = CreateObject("Scripting.Dictionary")
aceflags(1) = "OBJECT_INHERIT_ACE"
aceflags(2) = "CONTAINER_INHERIT_ACE"
aceflags(4) = "NO_PROPOGATE_INHERIT_ACE"
aceflags(8) = "INHERIT_ONLY_ACE"
aceflags(16) = "INHERITED_ACE"
set acetypes = CreateObject("Scripting.Dictionary")
acetypes(0) = "Access Allowed"
acetypes(1) = "Access Denied"
acetypes(2) = "Audit"
set rights = CreateObject("Scripting.Dictionary")
rights(&h00000001) = "FILE_LIST_DIRECTORY"
rights(&h00000002) = "FILE_ADD_FILE"
rights(&h00000004) = "FILE_ADD_SUBDIRECTORY"
rights(&h00000008) = "FILE_READ_EA"
rights(&h00000010) = "FILE_WRITE_EA"
rights(&h00000020) = "FILE_TRAVERSE"
rights(&h00000040) = "FILE_DELETE_CHILD"
rights(&h00000080) = "FILE_READ_ATTRIBUTES"
rights(&h00000100) = "FILE_WRITE_ATTRIBUTES"
rights(&h00010000) = "DELETE"
rights(&h00020000) = "READ_CONTROL"
rights(&h00040000) = "WRITE_DAC"
rights(&h00080000) = "WRITE_OWNER"
rights(&h00100000) = "SYNCHRONIZE"
set summary = CreateObject("Scripting.Dictionary")
summary(&h1f01ff) = "FULL"
summary(&h1301bf) = "CHANGE"
summary(&h1200a9) = "READ"
set shares = CreateObject("System.Collections.SortedList")
'get a collection of all of the non-administrative (type=0) shares
Set objWMIService = GetObject("winmgmts:\.rootcimv2")
Set colShares = objWMIService.ExecQuery("Select * from Win32_Share where
Type = 0",,48)
'build a list of all the share information
For Each item in colShares
share = item.Name
path = item.Path
desc = item.Description
shares.Add share,Array(path,desc)
Next
'dump out the report
title = "Access Lists for \" &
wso.ExpandEnvironmentStrings("%COMPUTERNAME%")
wscript.echo title & vbcrlf & String(len(title),"-")
for i = 0 to shares.Count - 1
share = shares.GetKey(i)
value = shares.GetByIndex(i)
path = value(0)
desc = value(1)
wscript.echo vbcrlf & "SHARE: " & share & vbcrlf & " PATH: " &
path,iif(desc<> "",vbcrlf & " DESC: "&desc,"")
DoShare share,verbose
DoFolder path,verbose
next
'
'
' dump the access list entries for a folder
'
'
'
Function DoFolder ( target , verbose )
Set wmi = GetObject("winmgmts:")
Set sec = wmi.Get("Win32_LogicalFileSecuritySetting='" & target & "'")
DumpACL "(F)",sec, verbose
End Function
'
'
' dump the access list entries for a share
'
'
'
Function DoShare ( target , verbose )
Set wmi = GetObject("winmgmts:")
Set sec = wmi.Get("Win32_LogicalShareSecuritySetting='" & target & "'")
DumpACL "(S)",sec, verbose
End Function
'
'
' dump the access list entries
'
'
'
Function DumpACL ( ttype , sec , verbose )
dim sd
dim retval: retval = sec.GetSecurityDescriptor(sd)
dim ace
dim access
dim short
dim mask
dim trustee
dim aceList
dim entry
dim keys
dim key
dim i
dim pad: pad = " " & ttype
'check if a discretionary access control list (DACL) exists
If sd.ControlFlags and 4 Then
set aceList = CreateObject("System.Collections.SortedList")
'display the information from all access list entries (ACE)
For Each ace in sd.DACL
'trustee is a user or group name
trustee = ace.Trustee.Domain: if trustee <> "" then trustee = trustee &
""
trustee = trustee & ace.Trustee.Name
aceflags = iif(ace.AceFlags and 16,"inherited","explicit ")
aceflags = aceflags & " " & ToHex(ace.AceFlags,2)
acetype = acetypes(ace.AceType)
accessmask = iif(summary.Exists(ace.AccessMask),summary(ace.AccessMask),"no
summary")
accessmask = accessmask & " " & ToHex(ace.AccessMask,6)
entry = pad & " Trustee " & trustee & vbcrlf & pad & " AceFlags " &
aceflags & vbcrlf & pad & " AceType " & acetype & vbcrlf & pad & "
AccessMask " & accessmask
'report full details if verbose requested or if simple summary not possible
if verbose then
for each mask in rights.Keys
if mask and ace.AccessMask then
entry = entry & vbcrlf & pad & " " & rights(mask)
end if
next
end if
acelist.Add trustee,entry
Next
for i = 0 to acelist.Count - 1
wscript.echo vbcrlf & aceList.GetByIndex(i)
next
acelist.Clear
End If
End Function
Function ToHex ( num , numdig )
ToHex = "(0x" & Right("0000000000000000" & hex(num),numdig) & ")"
End Function
Function iif ( condition , truevalue , falsevalue )
if condition then
iif = truevalue
else
iif = falsevalue
end if
End Function
"Lyes" wrote:
| J'ai trouvé une autre solution qui me convient : ci dessous le
| script pour ceux que ça interessent.
| L'auteur n'a pas renseigné son nom donc merci à l'anonyme qui l'a
| rédigé.
[...]
Merci pour ce retour ;-)
A noter que ce script nécessite la présence du Framework .Net
--
Gilles LAURENT
MVP Windows Server - Admin Frameworks
http://glsft.free.fr