Ever wonder how many users grant full control to Everyone on shares they created? This opens a huge risk, as any virus/worm can write itself to these shares, given the NTFS permissions allow them as well. At any rate, I don’t think it’s a good idea, so I scripted it out and found something like 470 shares where Everyone was granted FullControl access in my environment. OUCH!


Keep in mind, this also shows printers. I didn’t take the time to exclude them, so my script actually finds ~620 vulnerable shares.

For logging, just change $script:logfile = "D:\everyoneshares.txt" to whatever location you wish.

If you want to see more than just Full Control, change if (($AccessMask -eq "FullControl") -AND ($myshare.ID -eq "Everyone")){$script:mylist += $myshare} to match your desired output.

It also ignores any share that ends with a $ (administrative or hidden shares), change $shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue |? {$_.Name -notlike "*$"} to $shares = gwmi Win32_LogicalShareSecuritySetting -co $comp -erroraction silentlycontinue and it will look at ALL shares.

Now here’s the code:

I pieced this together from a few things I found on the net (querying AD and Shares), then combined the two and added logfile output.

I recommend using Start-Job for this, and get-job to see if it’s finished. You don’t need to provide any input, and depending on your environment size, it could take quite some time. Here’s the expected output: