Today we’re going to continue blogging about scripts that we can use to create system baselines. (For a primer on why you might want to consider performing a system baseline or for a process for performing system baselines, check out our previous blog entries here.)
As we discussed earlier as well, we are going to rely primarily on PowerShell to pull this information for us. So all of the scripts you will see in this series will be written as PowerShell scripts. For your sake, make your life easy, and install PowerShell version 2.0, that will give you the latest and greatest functionality and give you the same development environment we’re primarily using to write these scripts.
Today’s script should give you a list of the shares installed on an individual machine and that share’s path on the local file system. In other words, this script gives us a snapshot of the local directories on a machine that are shared on the network. Again for this script we are going to access the WMIObject via PowerShell and access the Win32 component. Eventually we’ll explore other namespaces, but when this space is so productive, why make it harder than we need to? So here is the script you would run if you want to query this share data:
Get-WmiObject win32_share | Select-Object Name,Path
For a complete copy of each of the scripts in this series (plus bonus scripts as they arrive), check out our full directory listing at https://enclavesecurit.wpengine.com/scripts/.
Enjoy! We look forward to providing you more fully featured scripts as the year progresses. If you do have any requests, don’t be shy, and feel free to make requests too.