ACL scan on NAS shares

Started by mkelly, July 15, 2015, 03:19:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

mkelly

July 15, 2015, 03:19:16 PM
I am trying to find a way for view the folder permissions of our NAS shares and at least two levels deep.  We are using Active Directory permissions. 

I get an error when using these commands.


comment = wntShareInfo("\\myserver", "NT_software", 0, 1)
ret = wntSecurityGet("\\myserver", "NT_software", 300, 9, 0)
ww=wntAccessList("\\myserver","NT_software",300,1)   
ww=wntAccessGet("\\myserver","NT_software",group,300,0)

Error:
WIL Extender Error: 524 Unable to access specified server. 

How can I check permissions on a NAS file system?

DAG_P6

#1
July 15, 2015, 04:02:26 PM
By default, anonymous remote users are entirely denied access to the volume. The ACE for the security principal on whose behalf the request is made must grant  the Read Permissions permission. Garden variety Generic_Read permission omits this permission, since it is not required in order to read data or traverse a directory.
David A. Gray
You are more important than any technology.

mkelly

#2
July 16, 2015, 06:16:52 AM
I m having trouble grasping this!   If I am able to RT-Click -> Properties -> Security on the share then there must be a way for a script to do the same thing.  I'm not understanding why I have access t o view Permissions but not with Winbatch.

td

#3
July 16, 2015, 08:51:46 AM
You didn't indicate which function was giving the error but for one thing, the wntSecurityGet function really likes the full 'UNC specification' in the second parameter as mentioned in the help file.  It is not clear from your example that you are using the full UNC path in parameter two of the function call.

Other thing would be to check the wwwbatch.ini file under the [WWWNT34I] section for any extender related detailed messages.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

mkelly

#4
July 16, 2015, 01:25:21 PM
I was able to find a solution!  This works like a champ!! 

AddExtender("C:\Script\wbDosCapture.dll")
Data1= doscapture ('cmd.exe /c icacls "%SERVER%\%SHARE%"')

td

#5
July 17, 2015, 07:25:16 AM
If you can get the folder permissions with 'icalcs.exe', you  should be able to get the permissions with Network extender.  Both use the same underlying network APIs.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

ChuckC

#6
July 20, 2015, 07:28:30 AM
There is a difference between folder permissions and share permissions.  Given that the function calls shown in the original post are using object type 300, but the O.P. then says that it was share permissions that were desired, I'd have to say that the functions aren't being called correctly.

Please read the help topics for wntAccessGet() and wntAccessList(), and pay attention to the sample code at the end of each topic, as well as the acceptable values for the various parameters based on the object type that is being specified.

td

#7
July 20, 2015, 07:38:59 AM
Good point. Should've mentioned that in my original response.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade
Print
Go Up Pages1
User actions