SrvsvcServerDiskEnum - microsoft/SMBSecurity GitHub Wiki

Summary

Enumerate File Server Disks.

This SMB security descriptor (SD) determines which accounts can discover the storage volumes on a Windows file server. This controls access for functions; such as, NetServerDiskEnum.

Default values

These values were collected from Windows Server 2019 in September 2022. These values may be different on other versions of Windows and may change in the future by Windows Update or in future versions of Windows.

Owner : NT AUTHORITY\SYSTEM
Group : NT AUTHORITY\SYSTEM
ACLs  : BUILTIN\Administrators (Allow) {FullControl}
        Server Operators       (Allow) {FullControl}

Rights

FullControl    : 
EnumerateDisks : 
Delete         : 
ReadControl    : 
WriteDAC       : 
WriteOwner     :

Example

  • Download NetServerDiskEnum.ps1 from the SMBSecurity/tests repo.
  • Open a terminal as a test user.
    • This user should not be a member of Administrators or Server Operators.
    • In this example it will be DomainTest on the Test domain.
    • The RunAs command can be used to open the second terminal under the test user context.
 runas /user:test\domaintest powershell
  • Navigate to NetServerDiskEnum.ps1.
  • Execute the script.
.\NetServerDiskEnum.ps1

Output:

Failed to enumerate file server disks : System.ComponentModel.Win32Exception (0x80004005): Access is denied (0x5)
  • Open an elevated PowerShell terminal (Run as administrator).
  • Add the test user to the SrvsvcServerDiskEnum SMB SD with EnumerateDisks rights.
$SDName = "SrvsvcServerDiskEnum"
$SD = Get-SMBSecurity $SDName
$DACLSplat = @{
    SecurityDescriptorName = $SDName
    Access                 = 'Allow'
    Right                  = 'EnumerateDisks'
    Account                = "test\domaintest"
}
$newDACL = New-SMBSecurityDACL @DACLSplat
Add-SMBSecurityDACL -SecurityDescriptor $SD -DACL $newDACL
Save-SMBSecurity $SD
Get-SMBSecurity $SDName
  • The Server service (LanmanServer) must be restarted for the SMB SecurityDescriptor update to take affect. Alternately, the server can be rebooted.
⚠️ WARNING ⚠️
Restarting the Server service will cause all SMB file server connections to be disconnected! 
Restart-Service LanmanServer -Force
  • Return to the test user PowerShell terminal.
  • Run NetServerDiskEnum.ps1. The disks on the Windows file server should now be output.

Sample Output:

C:
D: