-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSCCM - All Users Mapped Drive Script.ps1
84 lines (59 loc) · 3.19 KB
/
SCCM - All Users Mapped Drive Script.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<#
.NOTES
===========================================================================
Created on: 2022-04-27
Created by: Brian Thorp
===========================================================================
.Description
Digs through every user profile (HKCU per user) and dumps mapped drives
#>
# Computer Name, User Name, Drive Letter, Mapped Path
$SystemsMappedDrives = @()
# Regex pattern for SIDs
$PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$'
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object { $_.PSChildName -match $PatternSID } |
Select-Object @{name = "SID"; expression = { $_.PSChildName } },
@{name = "UserHive"; expression = { "$($_.ProfileImagePath)\ntuser.dat" } },
@{name = "Username"; expression = { $_.ProfileImagePath -replace '^(.*[\\\/])', '' } }
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = Get-ChildItem Registry::HKEY_USERS | Where-Object { $_.PSChildname -match $PatternSID } | Select-Object @{name = "SID"; expression = { $_.PSChildName } }
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select-Object @{name = "SID"; expression = { $_.InputObject } }, UserHive, Username
# Loop through each profile on the machine
Foreach ($UserProfile in $ProfileList)
{
# Load User ntuser.dat if it's not already loaded
IF ($UserProfile.SID -in $UnloadedHives.SID)
{
reg load HKU\$($UserProfile.SID) $($UserProfile.UserHive) | Out-Null
}
#####################################################################
# This is where you can read/modify a users portion of the registry
# This example lists the Uninstall keys for each user registry hive
# "{0}" -f $($item.Username) | Write-Output
$Username = $UserProfile.Username
Write-Host "Checking $Username"
#$MappedDrives = Get-ChildItem registry::HKCU\Network
$MappedDrives = Get-ChildItem registry::HKEY_USERS\$($UserProfile.SID)\Network
foreach ($MappedDrive in $MappedDrives)
{
$DriveLetter = Split-Path $MappedDrive.Name -Leaf
$MappedPath = (Get-ItemProperty -Path registry::HKEY_USERS\$($UserProfile.SID)\Network\$DriveLetter).RemotePath
$obj = New-Object -TypeName PSObject
$obj | Add-Member -MemberType NoteProperty -Name UserName -Value $Username
$obj | Add-Member -MemberType NoteProperty -Name DriveLetter -Value $DriveLetter
$obj | Add-Member -MemberType NoteProperty -Name DrivePath -value $MappedPath
$SystemsMappedDrives += $obj
}
#####################################################################
# Unload ntuser.dat
if ($UserProfile.SID -in $UnloadedHives.SID)
{
### Garbage collection and closing of ntuser.dat ###
[gc]::Collect()
try {reg unload HKU\$($UserProfile.SID) | Out-Null} Catch {}
}
}
$SystemsMappedDrives
# ===================================================================================