I need to meet some business requirement where I need to find all the shared folder with in the comuters and remove “everyone” from all the shares.
So far I can achive to gether all shared folder list and its permission. But I’m stuck to remove “Everyone” from all shared folder. Can anyone help me to edit my script properly to remove everyone
Why Revoke-SmbShareAccess does not support Variable inputs? I need to add multiple share folder to remove one user/group, how could I do that
I tried to combined two command line to work for this Get-SmbShare and Revoke-SmBShareAccess.
But as Revoke-SmbShareAccess is not excepting Variable inputs I’m stuck.
Revoke-SmbShareAccess works fine if I put the Name String. It also accept multiple string on the fly, but does not accept variable inputs
# Get list of servers from file
$servers = Get-Content -Path C:\ServerLists\Servers.txt
# Loop through the list of servers
foreach ($server in $servers)
{
# Connect to the Win32_Share class to get shares on the server
$shares = Get-WmiObject -Namespace root\cimv2 -Class Win32_Share -ComputerName $server
# Get ACE for all shares and return those that has Everyone as account name and is not a hidden share
$shareAccess = $shares | Get-SmbShareAccess | Where-Object -FilterScript {($PSItem.AccountName -like 'Everyone') -and ($PSItem.Name -notlike '*$')}
# Revoke Everyone from the ACE for all shares where it is listed
$shareRevoke = $shareaccess | Revoke-SmbShareAccess -AccountName 'Everyone' -Force
# Write ACE for all shares that is touched
Write-Output $shareRevoke
}
Get-WmiObject returns an object that can be piped into Get-SmbShareAccess,
it is filtered with Where-Object to get only shares with an Everyone ACE,
and piped into Revoke-SmbShareAccess to remove Everyone from the Access Control List.
The power of objects and the pipeline.
$sharerevoke holds all ACE that is left after after Everyone is removed.
Name ScopeName AccountName AccessControlType AccessRight
Share * Access Allow Read
If only Everyone had an ACE then $sharerevoke holds an ACE where Everyone has Deny as AccessControlType.
Name ScopeName AccountName AccessControlType AccessRight
Thanks for your efforts. But I already used that same methods and create my first full version of script just before your post.
Same I uploaded here. Please suggest if any modification required on it. I tried to post same script here, but I don’t know why after submitting the post it did not show up.
Anyways here the link, please guide me if any changes required on it.
Thanks for your nice and powerful script. The best thing in your script is that it works for multiple computers at once. I’ve not try it for multiple computers yet but I’m sure it will work.
By the time I saw your post; I made my first full version of PowerShell Script independently. Being a beginner I was excited about my script and I uploaded same on MS TechNet Script Gallery. Please have a look and suggest if any modification required on it.