Use PowerShell to Discover and Record File Shares

An old college professor of mine once gave our class some simple yet sound advice; know your network. I didn’t realize it at the time but that his statement would stick with me and be something that I’d repeat to new hires and colleagues. So here you go Steve, I am writing this article for you.

Today’s Tip-of-the-Week is about knowing your network, specifically the file shares that it contains. Knowing what file shares exist and having a complete list of them can not only help with audits, but it will also help ensure you know what’s on your network and that it’s secure.

Here is an overview of how the script will work:

• First, you will use Powershell’s Test-Connection to ping sweep the entire network.
• Then, any successful pings will translate the IP address to their DNS name.
• Next, you will enumerate the computer shares using WMI.
• Lastly, you will store the following in a .csv file: computer name, local path of the share, the share name, and the UNC path.

Please note, you’re going to omit the hidden admin shares from our search as those are defaults and can be found on any network. Default admin shares are C$, D$, E$, etc. We’re only concerned with the non-default shares, which are the ones end users can access.

Here are the steps:

1. First, you need to modify the Powershell script. Everything in bold will need to be modified to match your environment. Don’t be intimidated though, just the IP address range, network address, and optionally the file names and paths need to be modified.######################Beginning of script######################

   #Use Test-Connection to ping sweep the entire subnet network. Modify the #$start, $end and $ip variables to match your network.

   $start = 1

   $end = 254

   $start..$end | foreach {

   $ip = “192.168.15.0” -replace “0$”,$_

   Write-Host “Pinging $IP” -Foregroundcolor Cyan

   $status = (Test-Connection $ip -Count 1 -Quiet)

   $ErrorActionPreference = “silentlycontinue”

   $Result = $null

   #Pass the IP address to .Net for DNS name resolution.

   $Result = [System.Net.Dns]::gethostentry($IP)

   #Begin processing the results

   #If the ping result is true then enumerate the shares. Optionally you can change #the bolded file name

   If ($Result)

   {

   $MyResult = [string]$Result.HostName

   write-Host “Resolved. Enumerating shares from $MyResult” -ForegroundColor Green

   get-wmiobject win32_share -computer $ip | where {$_.name -NotLike “*$”} | sort-object -property path | select-object __server,Name,Path | export-csv .wmi-server-shares-temp.csv -notypeinformation -encoding ASCII -force -Append

   }

   #If the ping result is false, don’t enumerate but export to a csv. Optionally you can #change the bolded file name.

   Else

   {

   $MyResult = “unresolved”

   Write-Host “Hostname for $IP $MyResult” -foregroundcolor Red

   $ip | export-csv .wmi-servers-not-resolved.csv -notypeinformation -encoding ASCII -force -Append

   }

   #UNCPath. Optionally you can change the bolded file name

   $folder = import-csv .wmi-server-shares-temp.csv | Select-Object -ExpandProperty Name

   foreach ($i in $folder)

   {

   $uncpath = ForEach-Object {(“\”+$MyResult + “” +$i)}

   Write-Host “”$uncpath””

   import-csv .wmi-server-shares-temp.csv | Select *