Sign in to follow this  
Followers 0
ModemJunki

Hints needed: remove "everyone" from shares, repace with "authenticated users"

4 posts in this topic

Hi all,

I need some hints.

To protect my users from themselves, I need to check systems for any shares with "everyone" having permissions, and replace the "everyone" permission with "authenticated users". If "everyone" isn't part of the share permissions I can leave it be.

So the hint I need is how to check shares to determine the accounts applied to them, either remotely or local? I can puzzle out the rest using psexec or whatever (at least, I will try to puzzle it out.) I have a service account that is an admin on all machines which can be used to run such tasks.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I never tried but you asked for a hint:

_Net_Share_ShareEnum

_Net_Share_ShareSetInfo

edit: Ah sorry it will not work

Edited by dara

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I made this from the help file.

It shows:

Entries read ............: 14

\\MYPC\g has Everyone

\\MYPC\J has Everyone

\\MYPC\shared has Everyone

You can use the same tool to remove permissions with /REMOVE but I ve not implemented on my test.

bonus, you can run that tool remotely, just replace @computername

;you will need to download MS tools RMTSHARE.exe in the same folder as where the script is run
;ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/RMTSHAR.EXE

#include <GuiConstantsEx.au3>
#include <NetShare.au3>
#include <WindowsConstants.au3>
#include <Constants.au3>

Opt('MustDeclareVars', 1)


Global $iMemo

Func checkEveryOne($sharename)
;return 0 if "Everyone" not found on the share
;otherwise return >0

Local $line=""
Local $result = Run("RMTSHARE.EXE " & $sharename, @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)

    While 1
        $line = $line & StdoutRead($result)     
        If @error Then ExitLoop
    Wend
        msgbox(0,$sharename,$line)
     return stringinstr($line,"Everyone")
EndFunc


_Main()

Func _Main()
    Local $hGUI, $iI, $aInfo
    Local Const $sShareName = "AutoIt Share"
    local $currentShare=""

    ; Create GUI
    $hGUI = GUICreate("NetShare", 400, 300)

    ; Create memo control
    $iMemo = GUICtrlCreateEdit("", 2, 2, 396, 296, $WS_VSCROLL)
    GUICtrlSetFont($iMemo, 9, 400, 0, "Courier New")
    GUISetState()



    ; Show information about all local shares
    $aInfo = _Net_Share_ShareEnum (@ComputerName)
    MemoWrite("Entries read ............: " & $aInfo[0][0])
    For $iI = 1 To $aInfo[0][0]     
        $currentShare="\\" & @ComputerName &"\"& $aInfo[$iI][0]     
        if checkEveryOne($currentShare)>0 then MemoWrite($currentShare & " has Everyone")       
    Next


    Do
    Until GUIGetMsg() = $GUI_EVENT_CLOSE
EndFunc   ;==>_Main

; Write message to memo
Func MemoWrite($sMessage = "")
    GUICtrlSetData($iMemo, $sMessage & @CRLF, 1)
EndFunc   ;==>MemoWrite

forgot to add, when you download the tool RMTSHAR.EXE, double click on it one tme and it will decompress RMTSHARE.EXE in the same folder. This is the tool called by the script

Edited by dara

Share this post


Link to post
Share on other sites

Thanks for the hints.

I had to put this aside for now, got some other stuff going, but I will try soon.

Can't seem to download that .exe from the FTP link here at work, I will google for it though.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0