PowerShell for Windows Admins

Apr 14 2010   7:08AM GMT

Shares: Access mask

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The access mask controls what you can do i.e. what rights you have. We can use the GetAccessMask method to find the access mask but all we get back is a number we need unravel it. The number id a bit mask with the following values assigned

$mask = DATA {
ConvertFrom-StringData -StringData @’
1 = Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.
2 = Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.
4 = Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.
8 = Grants the right to read extended attributes.
16 = Grants the right to write extended attributes.
32 = Grants the right to execute a file. For a directory, the directory can be traversed.
64 = Grants the right to delete a directory and all of the files it contains (its children), even if the files are read-only.
128 = Grants the right to read file attributes.
256 = Grants the right to change file attributes.
65536 = Grants delete access.
131072 = Grants read access to the security descriptor and owner.
262144 = Grants write access to the discretionary access control list (DACL).
524288 = Assigns the write owner.
1048576 = Synchronizes access and allows a process to wait for an object to enter the signaled state.
‘@
}

We can use the mask like this

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
function Get-ShareAccessMask {
[CmdletBinding(SupportsShouldProcess=$True)]
param (
    [string]$name
)   
    $share = Get-WmiObject -Class Win32_Share -Filter "Name=’$name’" 
$ret = (Invoke-WmiMethod -InputObject $share -Name GetAccessMask).ReturnValue
   
    ## now we need to unravel the rights
    $mask.GetEnumerator()| sort Key | foreach {
       if ($ret -band $_.key){
            "$($mask[$($_.key)])"
        }
   
    }
}   

 

We use invoke-wmimethod to get the mask and then compare the keys of our hash table against the access mask.

This returns the mask for the person running the script not the whole mask.

Technorati Tags: ,,,

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: