PaulDotCom mailing list archives
Re: WMIC guru's - come in!
From: "Pommerening, Jeremy" <jpommerening () SYMBION COM>
Date: Fri, 10 Sep 2010 14:01:51 +0000
Take a look at accessenum and shareenum and see if they'll do what you want. They're part of the sysinternals tool suite. http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx Jeremy Pommerening MGR, Information Security Symbion, Inc. GIAC - GCFA GPEN GAWN GCFW GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of k41zen Me Sent: Friday, September 10, 2010 5:10 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] WMIC guru's - come in! I need to conduct folder permissions audit on folders with specific names and then check to make sure that a specific group is explicitly denied. I produced some powershell code to do that and was fairly happy: Get-Childitem -path S: -recurse -include *classified*,*sensitive*,restricted* -exclude *notsensitive* | where { $_.Attributes -match "d" } | Get-Acl | where { $_.AccessToString -notmatch "DOMAIN\\GROUP" } | select PSPath, AccessToString | export-csv outputfilename.csv This works a treat until I realised that there are 140 remote locations where I don't have powershell installed. Considering the time to get this deployed and the latest Dave Kennedy/Josh Kelly work, this may not be the ideal solution. I do have WMI to hand though. Before I begin to fry my brain with working out how to do this, has anyone done something similar in WMIC? I know some of the commandlinekungfu kings are on this list. Grateful for any help. k41zen _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- WMIC guru's - come in! k41zen Me (Sep 10)
- Re: WMIC guru's - come in! Pommerening, Jeremy (Sep 10)
- Re: WMIC guru's - come in! Bugbear (Sep 10)
- Re: WMIC guru's - come in! Jason Jarvis (Sep 10)
- Re: WMIC guru's - come in! Scott Webster (Sep 10)
- Re: WMIC guru's - come in! Jason Jarvis (Sep 10)
- Re: WMIC guru's - come in! Scott Webster (Sep 10)
- Re: WMIC guru's - come in! Jason Jarvis (Sep 10)
- Re: WMIC guru's - come in! Bugbear (Sep 10)
- Re: WMIC guru's - come in! Pommerening, Jeremy (Sep 10)