Microsoft Virtualization Discussions

Lookig to get the NTFS permissions on CIFS share using the powershell toolkit

HarshitG
8,411 Views

Hello All,

 

I am looking for a way to find all the CIFS shares within NetApp with NTFS permission setup from AD levelin our environmnt in 1 go.

We couldn't find the permission 1 by1  for each share as we have n numbers of shares in the environment.

Any suggesstions or help on how could we do it from Netapp cluster mode CLI or if we could do it via Netapp powershell toolkit without impacting the busniess and cauing any latency to the environment ?

 

Any help is really appreciated.

 

 

1 ACCEPTED SOLUTION

donny_lang
8,307 Views

If you run the command, it will show you the NTFS permissions for all volumes with an NTFS security style across all SVMs in whichever cluster you are connected to (via the Connect-NcController cmdlet) when you run the command. You don't need to specify any parameters from your environment, other than the cluster name when you are connecting to it. However, you can modify the "Get-NcCifsShare" portion of the command if, for example, you wanted to limit the output to a specific SVM in your environment. 

 

Let me see if I can break it down a little more clearly: 

 

(Get-NcCifsShare | select Vserver,Path) | where path -notlike "/"this part of the command collects the path and which SVM they reside on for all of the CIFS shares that you have defined on your cluster for all SVMs, omitting the root shares.

 

% {Get-NcFileDirectorySecurity -Path $_.Path -VserverContext $_.Vserver | where SecurityStyle -eq "ntfs"} - This part of the command uses "%", which is an alias for the cmdlet "ForEach-Object". ForEach-Object allows you to loop through multiple entries in a given variable - in our case it is a list of CIFS share paths and their SVMs output from the Get-NcCifsShare command that is to the left of the pipe. With that list, the Get-NcFileDirectorySecurity cmdlet collects the NTFS ACLs for each item in the list and displays the output as shown in my earlier message, but limits the output to only NTFS security style volumes (UNIX security style volumes won't have NTFS ACLs, so I filtered it out with the final "where" command). 

 

View solution in original post

9 REPLIES 9

tahmad
8,374 Views

::> volume show -security-style ntfs

 

This command will list all volumes with NTFS security style.

 

For more information:

Volume Show Command 

HarshitG
8,351 Views

Hi , Thanks for your quick turnaround.

But the command you ahve shared only provides the shares whihc has NTFS permission setup.

 

We need to know the shares with specific NTFS permissions visible on Netapp level for all CUFS shares.

 

 

donny_lang
8,321 Views

Something like this extremely long one-liner might work, if I understand your use case correctly. 

 

(Get-NcCifsShare | select Vserver,Path) | where path -notlike "/" | % {Get-NcFileDirectorySecurity -Path $_.Path -VserverContext $_.Vserver | where SecurityStyle -eq "ntfs"}

 

1. Get listing of all CIFS shares for a given cluster, selecting the Vserver and Path properties, excluding the root shares.

2. Loop through results to collect NTFS security information with Get-NcFileDirectorySecurity, selecting only volumes with an NTFS security style. 

 

You'll get output like this for each CIFS share path: 

 

NcController          : lab-clst-01
SecurityStyle         : ntfs
EffectiveStyle        : ntfs
DosAttributes         : 16
DosAttributesText     : ----D---
DosAttributesExpanded :
UnixUserId            : 0
UnixGroupId           : 0
UnixModeBits          : 777
Acls                  : {NTFS Security Descriptor, Control:0x8004, Owner:BUILTIN\Administrators,
                        Group:BUILTIN\Administrators...}
Inode                 : 64
Path                  : /testing

 

You could filter the data further if you only care about certain fields (the ACLs themselves, and the path - for example) but that should give you a good start at least. 

 

Donny

HarshitG
8,320 Views

Hello Thanks for your update,

 

As i see the command provided , it seems it works for 1 cifs hare ata time ? Please confirm

We need a command which could run and provide the details of all shares in 1 go as we have "n" number of shares in the environment.

 

If we could get a command specific to vserver wise cifs shares NTFS permission provider then also that would be helpful toget the details.

donny_lang
8,314 Views

To clarify, it will iterate through all CIFS shares on a cluster returned by the "Get-NcCifsShare" command, I only showed a single entry from my lab cluster as an example. Does that answer your question?

HarshitG
8,311 Views

Thanks for you quick turnaround danny

 

So just to clear the doubt if we run below command it will show up all teh cifs shares within vserver wise ?

(Get-NcCifsShare | select Vserver,Path) | where path -notlike "/" | % {Get-NcFileDirectorySecurity -Path $_.Path -VserverContext $_.Vserver | where SecurityStyle -eq "ntfs"}

In above command in place of vserver we need to put the vserver name and in place of path what need to specify ??

As if we understand path should be either share or volume path, which means output will be specific to 1 share or volume ??

 

 Sorry I am new to powershelltoolkit so asking basic questions.

donny_lang
8,308 Views

If you run the command, it will show you the NTFS permissions for all volumes with an NTFS security style across all SVMs in whichever cluster you are connected to (via the Connect-NcController cmdlet) when you run the command. You don't need to specify any parameters from your environment, other than the cluster name when you are connecting to it. However, you can modify the "Get-NcCifsShare" portion of the command if, for example, you wanted to limit the output to a specific SVM in your environment. 

 

Let me see if I can break it down a little more clearly: 

 

(Get-NcCifsShare | select Vserver,Path) | where path -notlike "/"this part of the command collects the path and which SVM they reside on for all of the CIFS shares that you have defined on your cluster for all SVMs, omitting the root shares.

 

% {Get-NcFileDirectorySecurity -Path $_.Path -VserverContext $_.Vserver | where SecurityStyle -eq "ntfs"} - This part of the command uses "%", which is an alias for the cmdlet "ForEach-Object". ForEach-Object allows you to loop through multiple entries in a given variable - in our case it is a list of CIFS share paths and their SVMs output from the Get-NcCifsShare command that is to the left of the pipe. With that list, the Get-NcFileDirectorySecurity cmdlet collects the NTFS ACLs for each item in the list and displays the output as shown in my earlier message, but limits the output to only NTFS security style volumes (UNIX security style volumes won't have NTFS ACLs, so I filtered it out with the final "where" command). 

 

HarshitG
8,298 Views

Thanks Danny for sucha  great and deep dive information,

 

Let me try the below provided information and command and will let you know if that helps to me.

 

 

tahmad
7,921 Views

Was the issue resolved? @HarshitG 

Public