Hey all,
I have been trawling through some of the great Tech Ed 2014 sessions that have been online, and watched Case of the Unexplained: Troubleshooting with Mark Russinovich and he said that Powershell v4.0 did not properly enumerate admin shares, where as Accesschk did.
I was curious to know what the good people in here thought about that?
I haven’t yet had a chance to test myself, but it is a task I can see needing a good script to check multiple servers.
I’m not sure what he meant by that, and haven’t watched that particular session yet. What PowerShell commands was he referring to?
Hi Dave,
Thanks for the response. I am now desperately trying to find the part where he said it, and doubting myself!
I watched Mark’s demo on Case of the Unexplained, but I also watched “Malware Hunting with Mark Russinovich and the Sysinternals Tools” http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B368#fbid= as well as Aaron Margosis’ “Sysinternals Primer” http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B340#fbid=
around the same time, so it may have been in one of the other ones.
I will try and have a look tonight and verify.
I have had a look and it is Aaron Margosis’ “Sysinternals Primer” http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B340#fbid=
Around 29 minutes in he starts talking about the new version of AccessChk that can check SMB Admin shares with the -h switch.
He then mentions that the Powershell v4 command Get-SMBShareAccess queries a hardcoded list rather than the registry, so gets it wrong.
Sorry for the confusion.