????

Your IP : 3.145.92.183


Current Path : C:/Windows/SysWOW64/WindowsPowerShell/v1.0/Modules/SmbShare/
Upload File :
Current File : C:/Windows/SysWOW64/WindowsPowerShell/v1.0/Modules/SmbShare/SmbScriptModule.psm1

 data _system_translations 
 {
    ConvertFrom-StringData @'

    # Fallback text
    # Copy all the strings in the psd1 file here

    msg_ad_forest = SMB Delegation cmdlets require the Active Directory forest to be in Windows Server 2012 forest functional level.

    msg_ad_cmdlets = SMB Delegation cmdlets require the installation of the Active Directory module for Windows PowerShell.

'@
}
 
Import-LocalizedData -BindingVariable _system_translations -fileName SmbLocalization.psd1

 function Set-SmbPathAcl
 {
     [CmdletBinding()]
     param(
        [Parameter(Mandatory=$true)]
        [string]
        $ShareName,

        [Parameter()]
        [string]
        $ScopeName = $null
    )

    if( ($null -ne $ScopeName ) -and ( "" -ne $ScopeName) )
    {
        (Get-SmbShare -Name $ShareName -ScopeName $ScopeName ).PresetPathACL | Set-Acl
    }
    else
    {
        (Get-SmbShare -Name $ShareName ).PresetPathACL | Set-Acl
    }

 }

function CheckDelegationPrerequisites
{
    if( $null -eq (Get-Command -Module ActiveDirectory) )
    {
        Write-Error $_system_translations.msg_ad_cmdlets

        return $false
    }

    #
    # Forest mode should be greater than or equal to Windows2012Forest
    #
    if( (Get-AdForest).ForestMode.ToInt32($null) -lt [Microsoft.ActiveDirectory.Management.AdForestMode]::Windows2012Forest.ToInt32($null) )
    {
        Write-Error $_system_translations.msg_ad_forest

        return $false
    }

    return $true
}

 function Get-SmbDelegation
 {
     [CmdletBinding()]
     param(
        [Parameter(Mandatory=$true)]
        [string]
        $SmbServer
    )

    $check = CheckDelegationPrerequisites

    if( -not $check )
    {
        return
    }

    $result = @()

    $fsAD = Get-ADComputer -filter {Name -Like $SmbServer} -Properties 'msds-allowedtoactonbehalfofotheridentity'
    
    foreach ($AllowedAccount in $fsAD."msDS-AllowedToActOnBehalfOfOtherIdentity".Access) 
    { 
        $samAccountName = $AllowedAccount.IdentityReference.Value 
        $samAccountName = $samAccountName.Remove(0, ($samAccountName.IndexOf("\")+1))

        $result += Get-ADComputer -Filter {SamAccountName -Like $samAccountName} 
    }

    $result.Name
 }

 function Enable-SmbDelegation
 {
     [CmdletBinding()]
     param(
        [Parameter(Mandatory=$true)]
        [string]
        $SmbClient,

        [Parameter(Mandatory=$true)]
        [string]
        $SmbServer
    )

    $check = CheckDelegationPrerequisites

    if( -not $check )
    {
        return
    }

    $delegationPrinciples = @() 
    $fsAD = Get-ADComputer -Filter {Name -Like $SmbServer} -Properties msDS-AllowedToActOnBehalfOfOtherIdentity

    foreach ($AllowedAccount in $fsAD."msDS-AllowedToActOnBehalfOfOtherIdentity".Access) 
    { 
        $samAccountName = $AllowedAccount.IdentityReference.Value 
        $samAccountName = $samAccountName.Remove(0, ($samAccountName.IndexOf("\")+1))

        $delegationPrinciples += Get-ADComputer -Filter {SamAccountName -Like $samAccountName} 
    }

    $delegationPrinciples += Get-ADComputer -Identity $SmbClient 
    $fsAD | Set-ADComputer -PrincipalsAllowedToDelegateToAccount $delegationPrinciples 
 }


 function Disable-SmbDelegation
 {
     [CmdletBinding()]
     param(
        [Parameter()]
        [string]
        $SmbClient,

        [Parameter(Mandatory=$true)]
        [string]
        $SmbServer,

        [System.Management.Automation.SwitchParameter]
        [bool]
        $Force = $false
    )

    $check = CheckDelegationPrerequisites

    if( -not $check )
    {
        return
    }

    $delegationPrinciples = @() 
    $fsAD = Get-ADComputer -Filter {Name -Like $SmbServer} -Properties msDS-AllowedToActOnBehalfOfOtherIdentity

    if( ($null -ne $SmbClient) -and ("" -ne $SmbClient) )
    {
        foreach ($AllowedAccount in $fsAD."msDS-AllowedToActOnBehalfOfOtherIdentity".Access) 
        { 
            $samAccountName = $AllowedAccount.IdentityReference.Value 
            $samAccountName = $samAccountName.Remove(0, ($samAccountName.IndexOf("\")+1))

            $adc = Get-ADComputer -Filter {SamAccountName -Like $samAccountName} 

            if( $adc.Name -ne $SmbClient )
            {
                $delegationPrinciples += $adc
            }
        }
    }

    $fsAD | Set-ADComputer -PrincipalsAllowedToDelegateToAccount $delegationPrinciples 
 }

 function DumpAndTestCertificate([String]$Storename, [String]$Thumbprint) {

    # All SMB Server certificates for QUIC should be from the machine store
    $Certificate = (Get-Item -path Cert:\LocalMachine\$Storename\$Thumbprint)

    if ($null -eq $Certificate)
    {

        Write-Error -Message "Unable to retrieve certificate '$Storename' '$Thumbprint'" -Category ObjectNotFound;
        return;
    }

    # Certificate is self-signed if the issuer-name and subject-name match
    $IsSelfSigned = -not (Compare-Object $Certificate.IssuerName $Certificate.SubjectName)

    #$SubjectName = $Certificate.SubjectName.Name;
    $SubjectOid = $Certificate.SubjectName.Oid;
    $SubjectRawData = $Certificate.SubjectName.RawData;

    $SignatureAlgorithm = $Certificate.SignatureAlgorithm.Value.ToString() + " " + $Certificate.SignatureAlgorithm.FriendlyName.ToString();

    #$Certificate | Select-Object -Property *
    $Certificate | Select-Object -Property @{Name = 'SMBServerCertificateMappingName'; Expression = { $MappingName } },
                                           @{Name = 'SelfSigned'; Expression = { $IsSelfSigned.ToString() } },
                                           SubjectName,
                                           Subject,
                                           @{Name = 'SubjectOid'; Expression = { $SubjectOid } },
                                           @{Name = 'SubjectRawData'; Expression = { $SubjectRawData } },
                                           FriendlyName,
                                           @{Name = 'SignatureAlgorithm'; Expression = { $SignatureAlgorithm } }, 
                                           Thumbprint,
                                           NotBefore,
                                           NotAfter,
                                           SendAsTrustedIssuer,
                                           PublicKey,
                                           DnsNameList | Format-List

    if ($IsSelfSigned)
    {
        $TestResult = $Certificate | Test-Certificate -AllowUntrustedRoot
    }
    else
    {
        $TestResult = $Certificate | Test-Certificate 
    }

    if ($TestResult)
    {
        Write-Output "Test-Certificate result : PASS"
    }
    else
    {
        Write-Error "Test-Certificate result : FAIL"
    }

}
 function Get-SmbServerCertProps
 {
     [CmdletBinding()]
     param(
        [Parameter(Mandatory=$true)]
        [string]
        $Name,

        [System.Management.Automation.SwitchParameter]
        [bool]
        $Force = $false
    )

    $AllCertMappings = Get-SmbServerCertificateMapping -Name $Name;


    foreach ($CertMapping in $AllCertMappings) {

        Write-Output "---------------------------------------------------------------------------------------------------------------"

        $MappingName = $($CertMapping).Name

        Write-Output "Checking Mapping '$MappingName'....."

        $StoreName = $($CertMapping).StoreName

        DumpAndTestCertificate -Storename $StoreName -Thumbprint $CertMapping.Thumbprint

        $RenewalChain = $($CertMapping).RenewalChain

        Write-Output "`r`nRenewalChain: $RenewalChain"

        if ($RenewalChain -ne "") {

            Write-Output "`r`nTesting certificates in the RenewalChain.....`r`n"

            $RenewalChain -split ":" | ForEach-Object {

                $RenewedCert = $_
                if ($null -eq $RenewedCert -or $RenewedCert -eq "") {
                    continue
                }
                Write-Output "`r`nRenewedCert: $RenewedCert"
                Write-Output "-------------------------------------------------------"

                DumpAndTestCertificate -Storename $StoreName -Thumbprint $RenewedCert
            }
        }
    }
}

 Set-Alias -Name ssmbp -Value Set-SmbPathAcl
 Set-Alias -Name gsmbd -Value Get-SmbDelegation
 Set-Alias -Name esmbd -Value Enable-SmbDelegation
 Set-Alias -Name dsmbd -Value Disable-SmbDelegation
 Set-Alias -Name gsmbscp -Value Get-SmbServerCertProps


 Export-ModuleMember -Function Set-SmbPathAcl -Alias ssmbp
 Export-ModuleMember -Function Get-SmbDelegation -Alias gsmbd
 Export-ModuleMember -Function Enable-SmbDelegation -Alias esmbd
 Export-ModuleMember -Function Disable-SmbDelegation -Alias dsmbd
 Export-ModuleMember -Function Get-SmbServerCertProps -Alias gsmbscp