Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11

ajouter la fonctionnalité d'export acl de partage à un script

2 réponses
Avatar
Lyes
Bonjour tout le monde,

Dernièrement Gilles LAURENT m'a écrit un script auquel je souhaite apporter
la fonctionnalité d'export des ACL de partage.
Est-ce qu'il y aurait qqun qui saurait ajouter cette fonctionnalité au
script qui est ci dessous:

'Script ecrit par Gilles LAURENT
'
'Syntax cscript.exe dumpacl.vbs >acl.csv

ROOT="D:\"
DEPTH=3
SE_DACL_PRESENT=&h4
ACCESS_ALLOWED_ACE_TYPE=&h0
ACCESS_DENIED_ACE_TYPE=&h1

WScript.Echo "Login\Group Name;Access Allowed\Denied;Permission Assigned"

EnumFolders ROOT, 0

Sub EnumFolders (strFolder, nDepth)
On Error Resume Next
If nDepth<=DEPTH Then
GetAces(strFolder)
Set oFs=CreateObject ("Scripting.FileSystemObject")
Set oFolder = oFs.GetFolder (strFolder)
Set colFolders = oFolder.SubFolders
For Each oSubFolder in colFolders
EnumFolders oFs.BuildPath(strFolder,oSubFolder.name), nDepth+1
Next
End If
On Error Goto 0
End Sub

Sub GetAces (strFolder)

WScript.Echo VBLF & strFolder & VBLF
Set oWmi=GetObject("winmgmts:/root/cimv2")
Set oSs=oWmi.Get("Win32_LogicalFileSecuritySetting='" & strFolder & "'")
nRet=oSs.GetSecurityDescriptor(oSD)

If oSD.ControlFlags AND SE_DACL_PRESENT Then
For Each oACE In oSD.DACL
WScript.StdOut.Write oACE.Trustee.Domain & "\" & oACE.Trustee.Name
If oACE.AceType=ACCESS_ALLOWED_ACE_TYPE Then WScript.StdOut.Write
";Allowed"
If oACE.AceType=ACCESS_DENIED_ACE_TYPE Then WScript.StdOut.Write
";Denied"
WScript.StdOut.Write "(" & oACE.AceType & ");"
Select Case oACE.AccessMask
Case "1245631"
WScript.StdOut.Write "Modify"
Case "1179785"
WScript.StdOut.Write "Read Only"
Case "1179817"
WScript.StdOut.Write "Read & Execute"
Case "2032127"
WScript.StdOut.Write "Full Control"
End Select
WScript.Echo "(" & oACE.AccessMask & ")"
Next
Else
WScript.Echo ";;-"
End If
End Sub

2 réponses

Avatar
Lyes
J'ai trouvé une autre solution qui me convient : ci dessous le script pour
ceux que ça interessent.
L'auteur n'a pas renseigné son nom donc merci à l'anonyme qui l'a rédigé.


On Error Resume Next

if wscript.arguments.count > 0 then

verbose = wscript.Arguments(0) = "-v"

else

verbose = false

end if

set wso = CreateObject("Wscript.Shell")

set aceflags = CreateObject("Scripting.Dictionary")

aceflags(1) = "OBJECT_INHERIT_ACE"

aceflags(2) = "CONTAINER_INHERIT_ACE"

aceflags(4) = "NO_PROPOGATE_INHERIT_ACE"

aceflags(8) = "INHERIT_ONLY_ACE"

aceflags(16) = "INHERITED_ACE"

set acetypes = CreateObject("Scripting.Dictionary")

acetypes(0) = "Access Allowed"

acetypes(1) = "Access Denied"

acetypes(2) = "Audit"

set rights = CreateObject("Scripting.Dictionary")

rights(&h00000001) = "FILE_LIST_DIRECTORY"

rights(&h00000002) = "FILE_ADD_FILE"

rights(&h00000004) = "FILE_ADD_SUBDIRECTORY"

rights(&h00000008) = "FILE_READ_EA"

rights(&h00000010) = "FILE_WRITE_EA"

rights(&h00000020) = "FILE_TRAVERSE"

rights(&h00000040) = "FILE_DELETE_CHILD"

rights(&h00000080) = "FILE_READ_ATTRIBUTES"

rights(&h00000100) = "FILE_WRITE_ATTRIBUTES"

rights(&h00010000) = "DELETE"

rights(&h00020000) = "READ_CONTROL"

rights(&h00040000) = "WRITE_DAC"

rights(&h00080000) = "WRITE_OWNER"

rights(&h00100000) = "SYNCHRONIZE"

set summary = CreateObject("Scripting.Dictionary")

summary(&h1f01ff) = "FULL"

summary(&h1301bf) = "CHANGE"

summary(&h1200a9) = "READ"

set shares = CreateObject("System.Collections.SortedList")

'get a collection of all of the non-administrative (type=0) shares

Set objWMIService = GetObject("winmgmts:.rootcimv2")

Set colShares = objWMIService.ExecQuery("Select * from Win32_Share where
Type = 0",,48)

'build a list of all the share information

For Each item in colShares

share = item.Name

path = item.Path

desc = item.Description

shares.Add share,Array(path,desc)

Next

'dump out the report

title = "Access Lists for " &
wso.ExpandEnvironmentStrings("%COMPUTERNAME%")

wscript.echo title & vbcrlf & String(len(title),"-")

for i = 0 to shares.Count - 1

share = shares.GetKey(i)

value = shares.GetByIndex(i)

path = value(0)

desc = value(1)

wscript.echo vbcrlf & "SHARE: " & share & vbcrlf & " PATH: " &
path,iif(desc<> "",vbcrlf & " DESC: "&desc,"")

DoShare share,verbose

DoFolder path,verbose

next

'

'

' dump the access list entries for a folder

'

'

'

Function DoFolder ( target , verbose )

Set wmi = GetObject("winmgmts:")

Set sec = wmi.Get("Win32_LogicalFileSecuritySetting='" & target & "'")

DumpACL "(F)",sec, verbose

End Function

'

'

' dump the access list entries for a share

'

'

'

Function DoShare ( target , verbose )

Set wmi = GetObject("winmgmts:")

Set sec = wmi.Get("Win32_LogicalShareSecuritySetting='" & target & "'")

DumpACL "(S)",sec, verbose

End Function

'

'

' dump the access list entries

'

'

'

Function DumpACL ( ttype , sec , verbose )

dim sd

dim retval: retval = sec.GetSecurityDescriptor(sd)

dim ace

dim access

dim short

dim mask

dim trustee

dim aceList

dim entry

dim keys

dim key

dim i

dim pad: pad = " " & ttype

'check if a discretionary access control list (DACL) exists

If sd.ControlFlags and 4 Then

set aceList = CreateObject("System.Collections.SortedList")

'display the information from all access list entries (ACE)

For Each ace in sd.DACL

'trustee is a user or group name

trustee = ace.Trustee.Domain: if trustee <> "" then trustee = trustee &
""

trustee = trustee & ace.Trustee.Name

aceflags = iif(ace.AceFlags and 16,"inherited","explicit ")

aceflags = aceflags & " " & ToHex(ace.AceFlags,2)

acetype = acetypes(ace.AceType)

accessmask = iif(summary.Exists(ace.AccessMask),summary(ace.AccessMask),"no
summary")

accessmask = accessmask & " " & ToHex(ace.AccessMask,6)

entry = pad & " Trustee " & trustee & vbcrlf & pad & " AceFlags " &
aceflags & vbcrlf & pad & " AceType " & acetype & vbcrlf & pad & "
AccessMask " & accessmask

'report full details if verbose requested or if simple summary not possible

if verbose then

for each mask in rights.Keys

if mask and ace.AccessMask then

entry = entry & vbcrlf & pad & " " & rights(mask)

end if

next

end if

acelist.Add trustee,entry

Next

for i = 0 to acelist.Count - 1

wscript.echo vbcrlf & aceList.GetByIndex(i)

next

acelist.Clear

End If

End Function

Function ToHex ( num , numdig )

ToHex = "(0x" & Right("0000000000000000" & hex(num),numdig) & ")"

End Function

Function iif ( condition , truevalue , falsevalue )

if condition then

iif = truevalue

else

iif = falsevalue

end if

End Function




"Lyes" wrote:

Bonjour tout le monde,

Dernièrement Gilles LAURENT m'a écrit un script auquel je souhaite apporter
la fonctionnalité d'export des ACL de partage.
Est-ce qu'il y aurait qqun qui saurait ajouter cette fonctionnalité au
script qui est ci dessous:

'Script ecrit par Gilles LAURENT
'
'Syntax cscript.exe dumpacl.vbs >acl.csv

ROOT="D:"
DEPTH=3
SE_DACL_PRESENT=&h4
ACCESS_ALLOWED_ACE_TYPE=&h0
ACCESS_DENIED_ACE_TYPE=&h1

WScript.Echo "LoginGroup Name;Access AllowedDenied;Permission Assigned"

EnumFolders ROOT, 0

Sub EnumFolders (strFolder, nDepth)
On Error Resume Next
If nDepth<ÞPTH Then
GetAces(strFolder)
Set oFs=CreateObject ("Scripting.FileSystemObject")
Set oFolder = oFs.GetFolder (strFolder)
Set colFolders = oFolder.SubFolders
For Each oSubFolder in colFolders
EnumFolders oFs.BuildPath(strFolder,oSubFolder.name), nDepth+1
Next
End If
On Error Goto 0
End Sub

Sub GetAces (strFolder)

WScript.Echo VBLF & strFolder & VBLF
Set oWmi=GetObject("winmgmts:/root/cimv2")
Set oSs=oWmi.Get("Win32_LogicalFileSecuritySetting='" & strFolder & "'")
nRet=oSs.GetSecurityDescriptor(oSD)

If oSD.ControlFlags AND SE_DACL_PRESENT Then
For Each oACE In oSD.DACL
WScript.StdOut.Write oACE.Trustee.Domain & "" & oACE.Trustee.Name
If oACE.AceType¬CESS_ALLOWED_ACE_TYPE Then WScript.StdOut.Write
";Allowed"
If oACE.AceType¬CESS_DENIED_ACE_TYPE Then WScript.StdOut.Write
";Denied"
WScript.StdOut.Write "(" & oACE.AceType & ");"
Select Case oACE.AccessMask
Case "1245631"
WScript.StdOut.Write "Modify"
Case "1179785"
WScript.StdOut.Write "Read Only"
Case "1179817"
WScript.StdOut.Write "Read & Execute"
Case "2032127"
WScript.StdOut.Write "Full Control"
End Select
WScript.Echo "(" & oACE.AccessMask & ")"
Next
Else
WScript.Echo ";;-"
End If
End Sub



Avatar
Gilles LAURENT [MVP]
"Lyes" a écrit dans le message de
news:
| J'ai trouvé une autre solution qui me convient : ci dessous le
| script pour ceux que ça interessent.
| L'auteur n'a pas renseigné son nom donc merci à l'anonyme qui l'a
| rédigé.
[...]

Merci pour ce retour ;-)
A noter que ce script nécessite la présence du Framework .Net

--
Gilles LAURENT
MVP Windows Server - Admin Frameworks
http://glsft.free.fr