ConfigMgr Inventory Share Permissions

Apparently the original article on this from years ago has disappeared; so here's the old info.  This was originally for Config2007; so it may be this won't work, or will have unknown results.  YOU will need to test it and confirm it does what you think you want it to do in your environment.

Reporting on the permissions applied to non-admin shares can also be queried using the attached. Using --> This Zip File <-- , that's a vbscript.  Either deploy it as a traditional old skool package/program/recurring advertisement, or leverage a Configuration Item to deploy that script . Set a recurring schedule for what makes sense in your environment.

To Be Imported into Default Client Settings, Hardware Inventory:

// <:[-<>>>>>>>>>>>Start>>-Share Permissions-<<Start<<<<<<<<<<<>=]:>

#pragma namespace("\\\\.\\root\\cimv2\\sms")
[SMS_Report(TRUE), SMS_Group_Name("Share Permissions"), SMS_Class_ID("SMS_SharePerms")]
class SMS_SharePerms : SMS_Class_Template
{
[SMS_Report(FALSE), Key] uint32 Counter;
[SMS_Report(TRUE)] boolean Allowed;
[SMS_Report(TRUE)] string ShareName;
[SMS_Report(TRUE)] string Type;
[SMS_Report(TRUE)] string Domain;
[SMS_Report(TRUE)] string TrusteeName;
};
// <:[-<>>>>>>>>>>>End>>-Share Permissions-<<END<<<<<<<<<<<<<>=]:>

Notes:
Allowed = True means the Domain/TrusteeName is granted access of Type to the ShareName
Allowed = False means the Domain/TrusteeName is denied access of Type to the ShareName

You'd write reports against the new v_gs_share_permissions0

Currently, the vbscript is limited to 500 share instances. That could be increased by editing line 78, the DIM statements.

By design, share permissions for default shares will not be reported.

Just to be clear, this routine is for Share Permissions: Read, Change, Full. This is not for NTFS permissions on files/folders contained in those shares.

Note that this routine has only had a very brief life so far in a lab environment. There may be unforeseen problems with the script.