Microsoft Virtualization Discussions

Query CIFS Shares & NTFS Permissions for publishing

steven_doan
5,744 Views

I am trying to leverage the PowerShell Toolkit to enable me to query all visible shares on the NetApp filer and their associated NTFS permissions to display on a web page.

 

Is the PowerShell tool the correct thing to do this, or is there a better / native Microsoft tool which can pull the same data Share+NTFS permissions directly from the NetApp so that they can be published as a report to a website?

2 REPLIES 2

JGPSHNTAP
5,714 Views

You can try to muck around with fsecurity,  but we do this with a combination of custom scripts that grab the shares, put the share permissions and then grab the AD groups associated at a folder level.

 

We have a pretty standard naming convention, so if it's a read group, it's _R and if Change it's _C.

 

I recommend you look at the open source ntfssecurity module in the technet site for anything to do with NTFS perms.

TMADOCTHOMAS
5,687 Views

@steven_doan, we actually do this in a nightly script on a VM that replicates to DR. We export the details to CSV files which we would use in a true DR scenario to restore the shares. Here's an edited version of the script:

 

# Get all share data for all SVMs
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver1> | select ShareName,Path,Comment | Export-Csv <vserver1>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver2> | select ShareName,Path,Comment | Export-Csv <vserver2>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver3> | select ShareName,Path,Comment | Export-Csv <vserver3>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver4> | select ShareName,Path,Comment | Export-Csv <vserver4>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver5> | select ShareName,Path,Comment | Export-Csv <vserver5>_shares.csv

# Get all share ACLs for all SVMs
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext cithqnadbbak01p | select Share,UserOrGroup,Permission | Export-Csv <vserver1>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext cithqnadbbak02p | select Share,UserOrGroup,Permission | Export-Csv <vserver2>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext isshqvfexapp01p | select Share,UserOrGroup,Permission | Export-Csv <vserver3>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext isshqvfinapp01p | select Share,UserOrGroup,Permission | Export-Csv <vserver4>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext isshqvfinusr01p | select Share,UserOrGroup,Permission | Export-Csv <vserver5>_acls.csv

 

Here's the ReadMe file we put next to the PowerShell script results:

 

-------------------------------------------------------

<vserver>_shares

Enter the following formula in column M, row 3 of the shares spreadsheet, replacing <vserver> with the SVM (use the DR SVM name if restoring in DR). Copy the formula down.

="vserver cifs share create -vserver <vserver> -share-name "&A3&" -path "&B3&" -comment """&C3&""""

NOTES
If comments are blank, remove the -comment <comment> part of the command line.
Remove lines for the $C, $ADMIN, and $IPC shares as they will automatically be re-created.

-------------------------------------------------------

<vserver>_acls

Enter the following formula in column M, row 3 of the acls spreadsheet, replacing <vserver> with the SVM name. Copy the formula down.

="vserver cifs share access-control create -vserver <vserver> -share "&A3&" -user-or-group """&B3&""" -permission "&C3

-------------------------------------------------------

Public