Hi All,

I've got a project where I need to enumerate the dacls on a bunch of shares, find group Everyone, and remove it. So I thought of using subinacl from within powershell.

The actual command

subinacl /share \\server\share /display=dacl

looks just fine if I run it directly from the shell. But if I try to dump that into a variable, or pipe it out to a file, the output looks like this (there's an extra space between every single character of the output):

 = = = = = = = = = = = = = = = = = = = = = =
 
 + S h a r e   \ \ v 2 k 3 0 1 \ l e v e l
 
 = = = = = = = = = = = = = = = = = = = = = =
 
 / p e r m .   a c e   c o u n t       = 2
 
 / p a c e   = b u i l t i n \ a d m i n i s t r a t o r s        A C C E S S _ A L L O W E D _ A C E _ T Y P E - 0 x 0
 
      F u l l   C o n t r o l
 
 / p a c e   = p r a x i s \ j a n e u s e r        A C C E S S _ A L L O W E D _ A C E _ T Y P E - 0 x 0
 
      F u l l   C o n t r o l

 

which isn't great for searching for "Everyone". Any idea why this is happening, and what I can do to fix it? I could work around it, or just take what I've got and search for "E V E R Y O N E" but I'd rather learn how to do this correctly.  :-)

Thanks in advance!

Jim

Here's another oddity. If I set a variable equal to the output of subinacl like

$a = subinacl /share \\server\share /display=dacl

and then I iterate through each line of the array looking for $a[x].contains("e v e r y o n e") it's NEVER true - even when I can see that it does. Which is weird, because if I set a variable manually equal to the same exact line, letter for letter, the .contains definitely comes back -eq $true.

Both register as system.string. But clearly, the output of subinacl is weirdly different, according to powershell.

I'm mystified.

 

Jim

 

Well, as I suspected, I ended up piping subinacl's output through out-string, and then adding anything, character by character, that matches a regex for \d or \s onto the end of a new string and then searching that string for "everyone". It works, but it's ugly.

I'd still love to hear a more elegant solution to this. If there's a wmi class I should be using that lists share perms, that would be wonderful. I can get the shares via win32_share, but I haven't found one yet to get the perms from.

Jim

It's returning Unicode, so those blanks are really hex 0's. I don't know if PowerShell has a function to convert to ASCII or if there is a way to tell PowerShell that your $a contains UniCode. Until you find something better you can process your output using the replace command:

$a = $a -replace "`0",""

To get replace to replace the 0 you have to use the back-tick before the 0.

Bruce

Thanks, Bruce, that was a puzzler!! I appreciate the info - it's going to come in handy.

And now that you mention it, I believe I have read something about converting unicode to ascii, somewhere. If I find it, I'll post it back here.

Jim