PowerShell for Windows Admins

Mar 7 2010   5:23AM GMT

Shares: Understanding the Access Mask



Posted by: Richard Siddaway
Tags:
PowerShell v2
Shares
WMI

 

We saw earlier that the access mask was returned as a number.  We need to understand what that number means.

NOTE – BEFORE RUNNING THE SCRIPT ENSURE LINE 16 AND 17 ARE COMBINED.  THEY ARE SPLIT HERE TO FIT THE LISTING INTO THE DISPLAY WIDTH.  THE LINE SHOULD BE CONTINUOUS AND READ

1048576 =  Synchronizes access, allows a process to wait for an object to enter the signaled state.

 

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
$acmsk = DATA {
ConvertFrom-StringData -StringData @’
1 = Read/List
2 = Write/Create File
4 = Append/Create Subdirectory
8 = Read extended attributes.
16 = Write extended attributes.
32 = Execute file/Traverse directory
64 = Delete directory
128 = Read file attributes.
256 = Change file attributes.
65536 = Delete
131072 = Read access to the security descriptor and owner.
262144 = Write access to the discretionary access control list (DACL).
524288 = Assigns the write owner.
1048576 = Synchronizes access, allows a process to wait
for an object to enter the signaled state.
‘@

}

$flags = @(1,2,4,8,16,32,64,128,256,65536,131072,262144,524288,1048576)

$share = Get-WmiObject -Class Win32_Share -Filter "Name=’Test’"
$mask = Invoke-WmiMethod -InputObject $share -Name GetAccessMask

foreach ($flag in $flags){

    if ($mask.ReturnValue -band $flag) {
        Write-Host $acmsk["$($flag)"]
    }

}

 

The Access Mask is a bit mask that is used to determine which permissions have been granted. The various flags are defined in hash table, In this example I decided to used Get-WmiObject to retrieve the share and then use Invoke-WmiMethod to run the getAccessMask method. In PowerShell v1 we could have run

$mask = $share.GetAccessMask()

Once we have the mask we do a bitwise AND against the mask to determine if each permission has been granted.

Technorati Tags: ,,

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: