Data Infrastructure Management Software Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Infrastructure Management Software Discussions

Start a New Post

Creating a report of NTFS permissions based on a CIFS Share

TBknowledge
‎2019-02-02 06:41 AM

I want to make a report which will get all DACL *Specific permission based on root CIFS shares.

* Specific permissions: Take Ownership and Change Permissions

 

I'm using NetApp Powershell module.

1. So, first step is to get all CIFS Shares:

Get-NcCifsShare -InformationVariable ShareName | Select Sharename

 

2. For each CIFS Share we need to check if there is a Group/User with DACL Permissions to Take Ownership and Change Permissions

 

Example:

With this NetApp CLI command I can get all DACL permissions:

vserver security file-directory show -vserver svm_server1 -path /TEST_DATA -expand-mask true

 

It will return very long output, but the part which I'm interesting to is:

So here we can see "Everyone" and they have: Write Owner and  Write DAC permissions.

Write Owner = Change Permissions (In Windows NTFS) 

DAC permissions = Write DAC(In Windows NTFS)

*************************************************************************

DACL - ACEs
ALLOW-Everyone-0x1f01ff-OI|CI
0... .... .... .... .... .... .... .... = Generic Read
.0.. .... .... .... .... .... .... .... = Generic Write
..0. .... .... .... .... .... .... .... = Generic Execute
...0 .... .... .... .... .... .... .... = Generic All
.... ...0 .... .... .... .... .... .... = System Security
.... .... ...1 .... .... .... .... .... = Synchronize
.... .... .... 1... .... .... .... .... = Write Owner
.... .... .... .1.. .... .... .... .... = Write DAC
.... .... .... ..1. .... .... .... .... = Read Control
.... .... .... ...1 .... .... .... .... = Delete
.... .... .... .... .... ...1 .... .... = Write Attributes
.... .... .... .... .... .... 1... .... = Read Attributes
.... .... .... .... .... .... .1.. .... = Delete Child
.... .... .... .... .... .... ..1. .... = Execute
.... .... .... .... .... .... ...1 .... = Write EA
.... .... .... .... .... .... .... 1... = Read EA
.... .... .... .... .... .... .... .1.. = Append
.... .... .... .... .... .... .... ..1. = Write
.... .... .... .... .... .... .... ...1 = Read

*************************************************************************

 

 

I'm not able to find a way to complete this. I do not see a way with PS NetApp toolkit to generate this.

 

Can you help me?

 

Thanks in advance!

0 Likes
4 Replies
Reply
4 REPLIES 4

Re: Creating a report of NTFS permissions based on a CIFS Share

GidonMarcus
‎2019-02-04 01:58 AM

sorry, the question is not clear to me. to complete what ? i see both Write Owner and Write DAC.

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
0 Likes
4 Replies
Reply

Re: Creating a report of NTFS permissions based on a CIFS Share

TBknowledge
‎2019-02-04 02:12 AM

Hello Gidon,

thanks for the reply.

 

Imagine you have 100 root CIFS Shares. Each one of them have different NTFS Permissions applied on Group and/or User level.

I want to built a report, which will display specific advanced permissions applied on Group and/or User level for each root CIFS share.

 

Specific advanced permissions are: "WriteOwner", "FullAccess"

 

I was able to generate this with Powershell from Windows side, but not able to find a way to perform this from NetApp PS Tool Kit.

Two folders in the example test: TEST1 and TEST2. 

 

Example of the output: 

<<<<<<<<<<<<< Permissions for C:\TEST1 >>>>>>>>>>>>>>>>
BUILTIN\Administrators

FullAccess
WriteOwner
--------------------------------------------------
NT AUTHORITY\SYSTEM
WriteOwner


<<<<<<<<<<<<< Permissions for C:\TEST2 >>>>>>>>>>>>>>>>
BUILTIN\Users
FullAccess
WriteOwner
--------------------------------------------------

 

Thanks!

0 Likes
4 Replies
Reply

Re: Creating a report of NTFS permissions based on a CIFS Share

GidonMarcus
‎2019-02-04 03:42 AM

Oh.

Sorry i missed that the output was CLI and not PS. in PS you can use the following:

$MyAcl = Get-NcCifsShare -ShareName SecurityAudit* -Controller $MyArray | select path,Vserver,NcController| Get-NcFileDirectorySecurity -ExpandMask | select -ExpandProperty acls

Had to use the select on the middle as without it the pipe appends the volume name to the path twice ....

the sad thing is that you still going to just have it as a string rather properly formatted array... so need to work on parsing the string

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

View solution in original post

4 Replies
Reply

Re: Creating a report of NTFS permissions based on a CIFS Share

TBknowledge
‎2019-02-04 12:08 PM

Thanks so much for the help Gidon!

Output is the same as security from CLI. Only need to format data as you mentioned.

 

Thanks again!

0 Likes
4 Replies
Reply
Cloud Volumes ONTAP
Review Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public