-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSCCM - All Users Mapped Drive Script - Mk2.ps1
103 lines (80 loc) · 3.87 KB
/
SCCM - All Users Mapped Drive Script - Mk2.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<#
.NOTES
===========================================================================
Created on: 2022-04-27
Created by: Brian Thorp
===========================================================================
.Description
Digs through every user profile (HKCU per user) and dumps mapped drives
Extended information
Dumps the information to a csv file per machine into the sources\logs directory to be used
#>
# Computer Name, User Name, Drive Letter, Mapped Path
$SystemsMappedDrives = @()
# Regex pattern for SIDs
$PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$'
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object { $_.PSChildName -match $PatternSID } |
Select-Object @{name = "SID"; expression = { $_.PSChildName } },
@{name = "UserHive"; expression = { "$($_.ProfileImagePath)\ntuser.dat" } },
@{name = "Username"; expression = { $_.ProfileImagePath -replace '^(.*[\\\/])', '' } }
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = Get-ChildItem Registry::HKEY_USERS | Where-Object { $_.PSChildname -match $PatternSID } | Select-Object @{name = "SID"; expression = { $_.PSChildName } }
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select-Object @{name = "SID"; expression = { $_.InputObject } }, UserHive, Username
# Loop through each profile on the machine
Foreach ($UserProfile in $ProfileList)
{
# Load User ntuser.dat if it's not already loaded
IF ($UserProfile.SID -in $UnloadedHives.SID)
{
reg load HKU\$($UserProfile.SID) $($UserProfile.UserHive) | Out-Null
}
#####################################################################
# This is where you can read/modify a users portion of the registry
# This example lists the Uninstall keys for each user registry hive
# "{0}" -f $($item.Username) | Write-Output
$Username = $UserProfile.Username
#Write-Host "Checking $Username"
#$MappedDrives = Get-ChildItem registry::HKCU\Network
$MappedDrives = Get-ChildItem registry::HKEY_USERS\$($UserProfile.SID)\Network
foreach ($MappedDrive in $MappedDrives)
{
$DriveLetter = Split-Path $MappedDrive.Name -Leaf
$MappedPath = (Get-ItemProperty -Path registry::HKEY_USERS\$($UserProfile.SID)\Network\$DriveLetter).RemotePath
$obj = New-Object -TypeName PSObject
$obj | Add-Member -MemberType NoteProperty -Name Computer -Value $env:computername
$obj | Add-Member -MemberType NoteProperty -Name UserName -Value $Username
$obj | Add-Member -MemberType NoteProperty -Name DriveLetter -Value $DriveLetter
$obj | Add-Member -MemberType NoteProperty -Name DrivePath -value $MappedPath
$SystemsMappedDrives += $obj
}
#####################################################################
# Unload ntuser.dat
if ($UserProfile.SID -in $UnloadedHives.SID)
{
### Garbage collection and closing of ntuser.dat ###
[gc]::Collect()
try {reg unload HKU\$($UserProfile.SID) | Out-Null} Catch {}
}
}
$HostName = $env:COMPUTERNAME
$OutPath = "\\sccmserver\sources\Logs\MappedDrives\$HostName.csv"
# ===================================================================================
if (Test-Connection -ComputerName "sccmserver" -Count 1 -Quiet)
{
if (-not (Test-Path ($OutPath)))
{
Write-Host "Writing file"
# $SystemsMappedDrives | ConvertTo-CSV | Out-File $OutPath
$SystemsMappedDrives | Export-Csv -Path $OutPath
}
else
{
Write-Host "File Already Updated"
}
}
else
{
Write-Host "Cannot Reach SCCM Share"
}