问题描述
嘿,
我想扫描不同的网络共享,并获取向他们分配的Active Directory组,包括访问权限。
I want to scan different network shares and get the groups of the Active Directory assinged to them including the access rights.
我该怎么做?
问候
推荐答案
感谢您在此处发帖。
如果您想获取具有权限和组名的共享文件夹的用户列表,您可以尝试 下面的代码。
If you want to get the user list of shared folder with the permission and group name, you could try the code below.
using Newtonsoft.Json;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Data;
using System.Data.OleDb;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;
using System.Xml.Linq;
namespace ConsoleApp
{
class Program
{
public static void Main(string[] args)
{
List<Permission> permissions = new List<Permission>();
string DirName = @"Test1"; //folder name
var UserList = GetDirectoryAccountSecurity(DirName);
foreach (var item in UserList)
{
var UserPermission = GetUserPermission(item, DirName);
var GroupName = GetGroupName(item);
permissions.Add(new Permission
{
UserName = item,
UserPermission = UserPermission,
GrouPName = GroupName
});
}
foreach (var item in permissions)
{
Console.WriteLine("UserName:{0}, UserPermission:{1}, GroupName:{2}", item.UserName, item.UserPermission, item.GrouPName);
}
Console.ReadKey();
}
public static List< string> GetDirectoryAccountSecurity(string DirName)
{
List< string> dAccount = new List< string>();
DirectoryInfo dInfo = new DirectoryInfo(DirName);
if(dInfo.Exists)
{
DirectorySecurity sec = Directory.GetAccessControl(DirName,AccessControlSections.All);
foreach(sec.GetAccessRules中的FileSystemAccessRule规则(true,true,typeof(NTAccount)))
{
if(rule.IdentityReference.Value!= @" NT AUTHORITY \ SYSTEM" &&& rule.IdentityReference.Value!= @" BUILTIN \Administrators")
dAccount.Add(rule.IdentityReference.Value);
}
}
返回dAccount;
}
public static string GetUserPermission(string UserName,string DirName)
{
string UserPermission = string.Empty;
DirectoryInfo di = new DirectoryInfo(DirName);
DirectorySecurity acl = di.GetAccessControl(AccessControlSections.All);
AuthorizationRuleCollection rules = acl.GetAccessRules(true,true,typeof(NTAccount));
Console.ReadKey(); } public static List<string> GetDirectoryAccountSecurity(string DirName) { List<string> dAccount = new List<string>(); DirectoryInfo dInfo = new DirectoryInfo(DirName); if (dInfo.Exists) { DirectorySecurity sec = Directory.GetAccessControl(DirName, AccessControlSections.All); foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(NTAccount))) { if (rule.IdentityReference.Value != @"NT AUTHORITY\SYSTEM" && rule.IdentityReference.Value != @"BUILTIN\Administrators") dAccount.Add(rule.IdentityReference.Value); } } return dAccount; } public static string GetUserPermission(string UserName, string DirName) { string UserPermission = string.Empty; DirectoryInfo di = new DirectoryInfo(DirName); DirectorySecurity acl = di.GetAccessControl(AccessControlSections.All); AuthorizationRuleCollection rules = acl.GetAccessRules(true, true, typeof(NTAccount));
foreach(规则中的AuthorizationRule规则)
{
if( rule.IdentityReference.Value.Equals(UserName,StringComparison.CurrentCultureIgnoreCase))
{
var filesystemAccessRule =(FileSystemAccessRule)rule;
UserPermission = filesystemAccessRule.FileSystemRights.ToString();
}
}
返回UserPermission;
}
public static string GetGroupName(string UserName)
{
string groupName = string.Empty;
string name = UserName.Split('\\')。Last(); //使用此代码使用(var context = new PrincipalContext(ContextType)拆分域名和用户名
。域))
{
使用(UserPrincipal user = new UserPrincipal(context))
{
user.SamAccountName = name;
using(var searcher = new PrincipalSearcher(user))
{
foreach(searcher.FindAll()中的var结果)
{
DirectoryEntry de = result.GetUnderlyingObject ()作为DirectoryEntry;
groupName = de.Properties [" memberOf"]。Value.ToString();
}
}
}
}
返回groupName;
}
}
公共类权限
{
public string UserName {get;组; }
公共字符串UserPermission {get;组; }
public string GrouPName {get;组; }
}
}
foreach (AuthorizationRule rule in rules) { if (rule.IdentityReference.Value.Equals(UserName, StringComparison.CurrentCultureIgnoreCase)) { var filesystemAccessRule = (FileSystemAccessRule)rule; UserPermission = filesystemAccessRule.FileSystemRights.ToString(); } } return UserPermission; } public static string GetGroupName(string UserName) { string groupName = string.Empty; string name = UserName.Split('\\').Last();//use this code to split the domain name and user name using (var context = new PrincipalContext(ContextType.Domain)) { using (UserPrincipal user = new UserPrincipal(context)) { user.SamAccountName = name; using (var searcher = new PrincipalSearcher(user)) { foreach (var result in searcher.FindAll()) { DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry; groupName = de.Properties["memberOf"].Value.ToString(); } } } } return groupName; } } public class Permission { public string UserName { get; set; } public string UserPermission { get; set; } public string GrouPName { get; set; } }}
最好的问候,
Wendy
这篇关于网络共享&文件夹&访问权限和广告组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!