Jump to content
Sign in to follow this  
Crayfish

Check domain users access to sharedrive.

Recommended Posts

Crayfish

I have search all forum to see if there a good way to check if a domain users have access to share drive but no luck.

Can anyone help out.

I have tried mapping but windows will maps the share drive even though users had no access.

I want to trigger ERROR_ACCESS_DENIED and return 1 for true.

Please help.

#include

;Map drives as needed:

DriveMapAdd("K:", "contosoLA")

If @error = 1 Then
MsgBox(16, "", "Undefined / Other error.")
ElseIf @error = 2 Then
MsgBox(16, "", "Access to the remote share was denied")
ElseIf @error = 3 Then
MsgBox(16, "", "The device is already assigned.")
ElseIf @error = 4 Then
MsgBox(16, "", "Invalid device name.")
ElseIf @error = 5 Then
MsgBox(16, "", "Invalid remote share.")
ElseIf @error = 6 Then
MsgBox(16, "", "Invalid password.")
Else
MsgBox(64, "", "Good!", 1)
EndIf

#include <WinAPIex.au3>

If FileExists("contosoLA") Then
MsgBox(4096, "C: Dir ", "Exists")
Else
If @extended Then
MsgBox(64, "Test", _WinAPI_GetErrorMessage(@extended))
EndIf
EndIf

#include <UDFsWinAPIEx.au3>

Global Const $SFGAO_SHARE = 0x00020000
Global Const $SHGFI_ATTRIBUTES = 0x00000800
$sFolder = "contosoLA"
$tSHFILEINFO = DllStructCreate($tagSHFILEINFO)
_WinAPI_ShellGetFileInfo($sFolder, $SHGFI_ATTRIBUTES, 0, $tSHFILEINFO)
$iAttributes = DllStructGetData($tSHFILEINFO, "Attributes")
If BitAND($iAttributes, $SFGAO_SHARE) Then
$memo = ("Attributes = 0x" & Hex($iAttributes) & "; Shared!" & @LF)
Else
$memo = ("Attributes = 0x" & Hex($iAttributes) & "; NOT Shared!" & @LF)
EndIf
Edited by Crayfish

Share this post


Link to post
Share on other sites
Crayfish

I still haven't figure out, can someone lend a hand?

Share this post


Link to post
Share on other sites
jazzyjeff

Is this script for an end user to run, or is it for the Administrator's benefit?

Is the share drive hosted on a Windows machine or another OS platform? If it's a Windows OS, could you not just look at the share permissions on that machine?

Share this post


Link to post
Share on other sites
Crayfish

Script ran by domain users to check if they have access to a share drive under same UO.

Pretty much I'm just looking for a way to tell if user have read/write access or not.

Run script > Current user do not have access to specific share drive.

> Current user have read/write access to specific share drive.

Share this post


Link to post
Share on other sites
Varian

If this script will not harm your security, you can just try "_FileCreate" and "_TempFile" to create a file on the share. If it succeeds, immediately delete the file and continue accordingly. You can read @error for success/failure with _FileCreate

#include <File.au3>
Local $Sharename, $Tempfile
$Sharename = "ServerShare"
If Not FileExists($Sharename) Then Exit MsgBox(262208, 'Error', $Sharename & " does not exist")
$Tempfile = _TempFile($Sharename)

If _FileCreate($Tempfile) Then
  MsgBox(262208, 'Success', $Tempfile & " has been created")
  FileDelete($Tempfile)
Else
  MsgBox(262208, 'Error', $Tempfile & " was not created" & @LF & "Error code was " & @error)
EndIf
Edited by Varian

Share this post


Link to post
Share on other sites
water

If you know which AD security groups can access the shared drive then you could use my Active Directory UDF to get the members of the groups.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
Crayfish

Varian:

It would be my last resource and even then I wouldn't want to implement that way. I am looking of more none intrusive way to check valid of access.

water:

Love all your UDF!

So if I get you correctly, when script ran it fetch the whole list of users with access from AD and compare current user name with the list. If match found, user has access.

If no match, user doesn't have access.

Sound great. I have to read through your AD UDF to see how to go about doing so. I haven't got a clue how to start out other than logic. orz.

Edited by Crayfish

Share this post


Link to post
Share on other sites
water

What I mean is the following:

In AD you create a security group and assign members (user accounts) to this group. All members have the same permissions granted by this group. Unfortunately AD doesn't hold the information on which system which permission is granted.

On the fileserver the admin clicks on a folder, assings one/multiple AD groups to the folder and sets the folder permissions.

To get the whole picture (who can access which folder) you have to query AD and the fileserver.

If you know the foldername and the AD groups assigned to the folder and the permissions then you can go to AD using my AD and get the list of members for this group(s) and combine everything.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×