ACL scan on NAS shares

Started by mkelly, July 15, 2015, 03:19:16 PM

Previous topic - Next topic

mkelly

I am trying to find a way for view the folder permissions of our NAS shares and at least two levels deep.  We are using Active Directory permissions. 

I get an error when using these commands.


comment = wntShareInfo("\\myserver", "NT_software", 0, 1)
ret = wntSecurityGet("\\myserver", "NT_software", 300, 9, 0)
ww=wntAccessList("\\myserver","NT_software",300,1)   
ww=wntAccessGet("\\myserver","NT_software",group,300,0)

Error:
WIL Extender Error: 524 Unable to access specified server. 

How can I check permissions on a NAS file system?

DAG_P6

By default, anonymous remote users are entirely denied access to the volume. The ACE for the security principal on whose behalf the request is made must grant  the Read Permissions permission. Garden variety Generic_Read permission omits this permission, since it is not required in order to read data or traverse a directory.
David A. Gray
You are more important than any technology.

mkelly

I m having trouble grasping this!   If I am able to RT-Click -> Properties -> Security on the share then there must be a way for a script to do the same thing.  I'm not understanding why I have access t o view Permissions but not with Winbatch.

td

You didn't indicate which function was giving the error but for one thing, the wntSecurityGet function really likes the full 'UNC specification' in the second parameter as mentioned in the help file.  It is not clear from your example that you are using the full UNC path in parameter two of the function call.

Other thing would be to check the wwwbatch.ini file under the [WWWNT34I] section for any extender related detailed messages.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

mkelly

I was able to find a solution!  This works like a champ!! 

AddExtender("C:\Script\wbDosCapture.dll")
Data1= doscapture ('cmd.exe /c icacls "%SERVER%\%SHARE%"')

td

If you can get the folder permissions with 'icalcs.exe', you  should be able to get the permissions with Network extender.  Both use the same underlying network APIs.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

ChuckC

There is a difference between folder permissions and share permissions.  Given that the function calls shown in the original post are using object type 300, but the O.P. then says that it was share permissions that were desired, I'd have to say that the functions aren't being called correctly.

Please read the help topics for wntAccessGet() and wntAccessList(), and pay attention to the sample code at the end of each topic, as well as the acceptable values for the various parameters based on the object type that is being specified.

td

Good point. Should've mentioned that in my original response.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade