4 Replies Latest reply on Oct 5, 2018 3:33 AM by aplona

    Query for share folder information

    DheerajMeher Rookie

      Hello All,


      How can we create query to check share folder on the client machine?



      Dheeraj Meher

        • 1. Re: Query for share folder information
          phoffmann SupportEmployee

          What exactly are you looking for?


          "What folders are shared as what paths" ...?


          If it's the above - then no, that's not captured by default, but wouldn't be a profoundly complicated thing (I think) to hoover up as custom data in some form. Or you could do it as a custom vulnerability if you so want (making use of the REASON field), depending on what you're after.


          So - "not gathered by default", but probably doable depending on what you're after exactly.

          • 2. Re: Query for share folder information
            DheerajMeher Rookie

            Hello phoffmann,


            Thank you for your revert.


            We want to check the Share folders and share folders path configure on systems. It would be appreciated if you guide, how we can achieve this through EPM query or custom data. 



            • 3. Re: Query for share folder information
              phoffmann SupportEmployee

              So - short answer... you'll need to script it (the data gathering). How the data needs to look then depends on how you want to bring the data back up.




              Option 1 - you can include is as a custom vulnerability.

              You'd essentially follow this proces -- How To: Create a Custom Vulnerability Definition in Patch and Compliance Manager -- and script in there the "grabbing" of the shares, and the reporting back up (such as using the REASON field).


              You can abuse custom vulnerabilities like this for reporting easily (and I have been doing so for over a decade). Drawback is that you tend to get a "single big string" back, which isn't necessarily nice to parse.


              This is VERY easily targetable at a sub-set of devices you're interested in as you'd JUST run that custom vulnerability / custom group of definitions against this set of devices (if you don't need it from all of your estate).




              Option 2 - You gather the data into a file, and then hoover up the file, such as via -- How to read content of INI files on clients into the inventory scan -- as custom data.


              The main problem here is that you're likely looking at 1:* (one-to-many) type data (i.e. "one device has likely got many shares") ... which requires modelling of database-tables (which isn't that hard - it's just detail-work), for that data to go in.


              The good news is that I *have* documented (including examples) HOW to build custom DB tables (and held a class / lab on that at last Interchange) ... but I'm still awaiting on the doc being approved / proof-read (it's 100+ pages long, and some parts of it VERY detailed, so it's not like it's a small amount of work) ... when it will be, it will be in this location -- How to create/model your own custom DB tables (presently unaccessible, because it's not approved).


              That makes it much easier to be queried (as it'll integrate into the regular query-tool with it being part of the data structure).




              That'd be the "more enterprise"-y way to do it. Since I don't know whether you're looking to have this for 5 or 50,000 devices, I figure the above should help you have an idea as to whcih may work better for you.

              • 4. Re: Query for share folder information
                aplona Rookie

                This will be available if you have data analytics > directory services.


                I think you can easly use wmi query to get it from client. Class Win32_share should return required information and put it as custom data to inventory.

                query for powershell: get-WmiObject -class Win32_Share -computer localhost