nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Script to Check Open Shares Folders in the Network

jetdynamics

Issue: We need to run a script on the network to check all the open share folder

Criteria: No special tools needed (i.e nessus,nmap a like not allowed )
Must be able to run even without admin rights to the client computer ( reason we have some machinery computers thats connected to the network w/out admin access )

Must be able to **** the information to csv,excel ideal format would be:

Computer Name or IP address:
Open Folder names:

Reason for this request: Worm is spreading and propagating to those computer that has an open shares although our anti-virus was able to detect and delete but if this worm find any available open shares then it is continously propagating. We would like to be pro-active and identify those computer that has an open shares must be removed, But at least prior to removing them we would want to talk to the user first to know that they might have a legitimate use and provide them alternative solutions.

Thanks for sharing any information that can lead to a better solution.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Silentsoul

not a script but very helpful for finding shares and permissions.
ShareEnum

RobertKaucher

ECHO "-------------------------------------------" >> "%userprofile%\Desktop\shares.txt"
ECHO %computername%  >> "%userprofile%\Desktop\shares.txt"
ECHO "-------------------------------------------" >> "%userprofile%\Desktop\shares.txt"
NET SHARE >> "%userprofile%\Desktop\shares.txt"
ECHO "-------------------------------------------" >> "%userprofile%\Desktop\shares.txt"

You could also use PSExec to run it on all the PCs in the domain. To do it to a CSV ideal would be powershell. You could use WMI to access remote PCs. Would you like me to look at that for you?

HeroPsycho

The PowerShell way. You only need PowerShell on a workstation to do this, not on each server. PowerShell will utilize WMI to get the shares

Make a listfile of your servers you want to check, or you can use the Quest AD cmdlets to get a list of servers easily. Assign a variable to the list of servers.

$servers = get-content c:\temp\servers.txt
#Provide an account that has rights to enumerate the shares
$cred = get-credential
get-wmiobject Win32_Share -computer $servers -credential $cred | select __server,name,description,path | export-csv c:\temp\sharereport.csv -notype

jetdynamics

@RobertKaucher

I run the command you mentioned its nice, Is there a way that we can run this and by just pointing a certain range of IP address then it will **** the same information on the text file as what this current command ****? Reason why IP range is prefer because not all computers are registered in our Active Directory.

@HeroPsycho

We dont need to specify the server just all the computers thats plug into the network, Maybe you have another idea just for the computer by using certain IP range?

Thanks guys for taking time to answer my questions , I really appreciate the help.

HeroPsycho

jetdynamics wrote: »

@HeroPsycho

We dont need to specify the server just all the computers thats plug into the network, Maybe you have another idea just for the computer by using certain IP range?

Thanks guys for taking time to answer my questions , I really appreciate the help.

Make a listfile of IP's. You can use powershell to do that.

For example, to get 192.168.1.2-254...

$ips = 2..254 | %{"192.168.1." + $_}

Then use $ips for the -computer parameter.

It could be a Chinamen. IT DON'T MATTER!!!

RobertKaucher

I like hero's approach better than mine. I had actually written a PowerShell script for you first that did a for loop through every address in the 192.168.1.0 range but I kept getting WMI errors and it didn't work as I expected it to. When I saw his reply, I quit.
I did this:

[string]$subnet = "192.168.1."
$StartHosts = 100
$EndHost = 200
for($i = $StartHost; $i -le $EndHost; $i++)
{
 $ComputerName = $subnet+$i
 #Body of script.
}

But hero's

$ips = 2..254 | %{"192.168.1." + $_}

is more consice.

@Hero - Thanks for almost always teaching me something cool in PoSh with your posts!

HeroPsycho

RobertKaucher wrote: »

@Hero - Thanks for almost always teaching me something cool in PoSh with your posts!

And here I thought I was newbish with PoSh...

RobertKaucher

Yes, but newbish is relative. It just mean I am more newbish than thou!