Microsoft Virtualization Discussions

Query CIFS Shares & NTFS Permissions for publishing

steven_doan

I am trying to leverage the PowerShell Toolkit to enable me to query all visible shares on the NetApp filer and their associated NTFS permissions to display on a web page.

 

Is the PowerShell tool the correct thing to do this, or is there a better / native Microsoft tool which can pull the same data Share+NTFS permissions directly from the NetApp so that they can be published as a report to a website?

2 REPLIES 2

JGPSHNTAP

You can try to muck around with fsecurity,  but we do this with a combination of custom scripts that grab the shares, put the share permissions and then grab the AD groups associated at a folder level.

 

We have a pretty standard naming convention, so if it's a read group, it's _R and if Change it's _C.

 

I recommend you look at the open source ntfssecurity module in the technet site for anything to do with NTFS perms.

TMADOCTHOMAS

@steven_doan, we actually do this in a nightly script on a VM that replicates to DR. We export the details to CSV files which we would use in a true DR scenario to restore the shares. Here's an edited version of the script:

 

# Get all share data for all SVMs
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver1> | select ShareName,Path,Comment | Export-Csv <vserver1>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver2> | select ShareName,Path,Comment | Export-Csv <vserver2>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver3> | select ShareName,Path,Comment | Export-Csv <vserver3>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver4> | select ShareName,Path,Comment | Export-Csv <vserver4>_shares.csv
Get-NcCifsShare -Controller $CLUSTER -VserverContext <vserver5> | select ShareName,Path,Comment | Export-Csv <vserver5>_shares.csv

# Get all share ACLs for all SVMs
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext cithqnadbbak01p | select Share,UserOrGroup,Permission | Export-Csv <vserver1>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext cithqnadbbak02p | select Share,UserOrGroup,Permission | Export-Csv <vserver2>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext isshqvfexapp01p | select Share,UserOrGroup,Permission | Export-Csv <vserver3>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext isshqvfinapp01p | select Share,UserOrGroup,Permission | Export-Csv <vserver4>_acls.csv
Get-NcCifsShareAcl -Controller $CLUSTER -VserverContext isshqvfinusr01p | select Share,UserOrGroup,Permission | Export-Csv <vserver5>_acls.csv

 

Here's the ReadMe file we put next to the PowerShell script results:

 

-------------------------------------------------------

<vserver>_shares

Enter the following formula in column M, row 3 of the shares spreadsheet, replacing <vserver> with the SVM (use the DR SVM name if restoring in DR). Copy the formula down.

="vserver cifs share create -vserver <vserver> -share-name "&A3&" -path "&B3&" -comment """&C3&""""

NOTES
If comments are blank, remove the -comment <comment> part of the command line.
Remove lines for the $C, $ADMIN, and $IPC shares as they will automatically be re-created.

-------------------------------------------------------

<vserver>_acls

Enter the following formula in column M, row 3 of the acls spreadsheet, replacing <vserver> with the SVM name. Copy the formula down.

="vserver cifs share access-control create -vserver <vserver> -share "&A3&" -user-or-group """&B3&""" -permission "&C3

-------------------------------------------------------

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public