PowerShell v Accesschk

This topic contains 3 replies, has 2 voices, and was last updated by  Gerry McCafferty 3 years, 6 months ago.

  • Author
    Posts
  • #15355

    Gerry McCafferty
    Participant

    Hey all,

    I have been trawling through some of the great Tech Ed 2014 sessions that have been online, and watched Case of the Unexplained: Troubleshooting with Mark Russinovich and he said that Powershell v4.0 did not properly enumerate admin shares, where as Accesschk did.

    I was curious to know what the good people in here thought about that?

    I haven't yet had a chance to test myself, but it is a task I can see needing a good script to check multiple servers.

  • #15364

    Dave Wyatt
    Moderator

    I'm not sure what he meant by that, and haven't watched that particular session yet. What PowerShell commands was he referring to?

  • #15448

    Gerry McCafferty
    Participant

    I have had a look and it is Aaron Margosis' “Sysinternals Primer” http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B340#fbid=

    Around 29 minutes in he starts talking about the new version of AccessChk that can check SMB Admin shares with the -h switch.

    He then mentions that the Powershell v4 command Get-SMBShareAccess queries a hardcoded list rather than the registry, so gets it wrong.

    Sorry for the confusion.

  • #15410

    Gerry McCafferty
    Participant

    Hi Dave,

    Thanks for the response. I am now desperately trying to find the part where he said it, and doubting myself!

    I watched Mark's demo on Case of the Unexplained, but I also watched "Malware Hunting with Mark Russinovich and the Sysinternals Tools" http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B368#fbid= as well as Aaron Margosis' "Sysinternals Primer" http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B340#fbid=
    around the same time, so it may have been in one of the other ones.

    I will try and have a look tonight and verify.

You must be logged in to reply to this topic.