The following is a comparison between obtaining a report on permissions the users have on shares in the server with Windows PowerShell and ADManager Plus.
strComputer = "." sParentFolder = InputBox("Please Enter folder to
gather information on", "Parent Folder") SParentFoldern=replace(sParentFolder,"\","") SParentFoldern=replace(sParentFoldern,":","") Set fso = CreateObject("Scripting.FileSystemObject") 'File name Same As Folder Name without
special Caracteres fullfilename=SParentFoldern&".html" 'WScript.echo fullfilename Set fsOut = fso.OpenTextFile
(fullfilename, ForAppending, True) On Error Resume Next fsOut.Writeline ("<html>"&vbCr&"<head>"&vbCr&"<title>File Permission For Folder under &"& SParentFoldern&"</title>"&vbCr&"</head>") strTableHead = "<table border=2 bordercolor='#000010' width='90%' id='Table1'>" fsOut.Writeline strTableHead fsOut.Writeline "<tr><td width='50%'>Folder</td>" & _ "<td width='50%'>User Name</td>"&_ "<td width='50%'>Permission</td></tr>" strTableFoot = "</table>" fsOut.Close ShowSubFolders FSO.GetFolder(sParentFolder),<br>fullfilename OutputFolderInfo sParentFolder, fullfilename <br> Set fsOut = fso.OpenTextFile(fullfilename, ForAppending, True) fsOut.Writeline strTableFoot fsOut.Close MsgBox "Done " WScript.Quit Public Sub OutputFolderInfo(FolderName , sOutfile) Const FullAccessMask = 2032127, <br>ModifyAccessMask = 1245631, <br>WriteAccessMask = 1180095 Const ROAccessMask = 1179817 Const ForReading = 1, <br>ForWriting = 2, ForAppending = 8 strComputer = "." 'Build the path to the <br>folder because it requites 2 backslashes folderpath = Replace(FolderName, "\", "\\") objectpath = <br>"winmgmts:Win32_LogicalFileSecuritySetting<br>.path='" & folderpath & "'" 'Get the security set for the object Set wmiFileSecSetting = GetObject(objectpath) 'verify that the get was successful RetVal = wmiFileSecSetting.GetSecurityDescriptor<br>(wmiSecurityDescriptor) If Err Then MsgBox ("GetSecurityDescriptor failed" & <br>vbCrLf & Err.Number & vbCrLf & Err.Description) Err.Clear End If Set objWMIService = GetObject("winmgmts:" & "<br>{impersonationLevel=impersonate}!\\" & _ strComputer & "\root\cimv2") Set colFolders <br>= objWMIService.ExecQuery<br>("SELECT * FROM Win32_Directory WHERE Name ='" & _ folderpath & "'") For Each objFolder In colFolders ' Retrieve the DACL array of Win32_ACE objects. DACL = wmiSecurityDescriptor.DACL Set fso = <br>CreateObject("Scripting.FileSystemObject") Set fsOut = <br>fso.OpenTextFile(sOutfile, ForAppending, True) For Each wmiAce In DACL ' Get Win32_Trustee object from ACE Set Trustee = wmiAce.Trustee fsOut.Writeline "<tr><td width='50%'>"&objFolder.Name&"</td>" & _ "<td width='50%'>"&Trustee.Domain&"\"&Trustee.Name&"</td>" <br> 'fsOut.Write objFolder.Name & ",<br>" & Trustee.Domain & "\" & Trustee.Name & "," FoundAccessMask = False CustomAccessMask = Flase While Not FoundAccessMask And<br> Not CustomAccessMask If wmiAce.AccessMask = FullAccessMask Then AccessType = "Full Control" FoundAccessMask = True End If If wmiAce.AccessMask = ModifyAccessMask Then AccessType = "Modify" FoundAccessMask = True End If If wmiAce.AccessMask = WriteAccessMask Then AccessType = "Read/Write Control" FoundAccessMask = True End If If wmiAce.AccessMask = ROAccessMask Then AccessType = "Read Only" FoundAccessMask = True Else CustomAccessMask = True End If Wend If FoundAccessMask Then 'fsOut.Writeline AccessType fsOut.Writeline "<td width='50%'>"&AccessType&"</td></tr>" Else fsOut.Writeline "<td width='50%'>Custom</td></tr>" 'fsOut.Writeline "Custom" End If Next Set fsOut = Nothing Set fso = Nothing Next Set fsOut = Nothing Set fso = Nothing end Sub Sub ShowSubFolders (Folder,fname) On Error Resume Next For Each Subfolder in Folder.SubFolders Call OutputFolderInfo(Subfolder.Path,fname) Wscript.Echo Subfolder.Path call ShowSubFolders (Subfolder,fname) Next End Sub
Screenshot
Following are the limitations to obtain report of permissions the users have on shares in the server using native tools like Windows PowerShell:
ADManager Plus provides the option to identify the folders, sub-folders and the corresponding permissions by making use of the permissions for folders in NTFS Permissions section in AD reports.
For AD User Management
For AD User Reporting
For GPO Management
For Password Management
For AD Group Management
For File Access Management
For AD Computer Management
For Office 365 Management
For Exchange Management