1. PDQ Deploy & Inventory Help Center
  2. Community
  3. General

Issue with a script to get mapped drives

Avatar
Dan Abernathy

Hey all,

I'm trying to create a custom Tool in PDQ Inventory to get a list of all mapped drives for logged-in users.

When I run locally, I get the results I expect. When I run it from Inventory, nothing appears in the Output window except "Return code: 0". I'm trying this with a run type of Local, with the Shell set to "Tool Window - Capture Output".

I tried running it as a package in PDQ Deploy, and added an "Out-File" pipe to the end of the script to make it write out a text file containing the information. When i run it myself, it writes the list of mapped files. Run from Deploy, it ends with status "Succesful" but it writes a zero-byte file.

Any ideas?

It'd be nice if Inventory could do this as part of the default scan profile or maybe a custom WMI one and store the result in a field.

---script below this line---

$ComputerName = $env:COMPUTERNAME gwmi win32_mappedlogicaldisk | select SystemName,Name,ProviderName,SessionID | foreach { $disk = $_ user = gwmi Win32_LoggedOnUser | where { (.Dependent.split("=")[-1] -replace '"') -eq disk.SessionID} | foreach {.Antecedent.split("=")[-1] -replace '"'} $disk | select Name,ProviderName,@{n="MappedTo";e={$user} } } | Out-File -FilePath "C:\Admin\mapped-drives-on-$ComputerName.txt" -Force

0

Comments

6 comments
Date Votes
  • Avatar
    Christian Bacher

    Try cmd:

    net use

    or (the txt file version)

    net use > "C:\Admin\mapped-drives-on-%ComputerName%.txt"

    ~Chris

    0
  • Avatar
    Webmaster 
    $ComputerName = "$(Computer:TARGETHOSTNAME)"
$explorer = Get-WmiObject -ComputerName $ComputerName -Class win32_process | ?{$_.name -eq "explorer.exe"}
    
    #If a session was returned check HKEY_USERS for Network drives under their SID
    if($explorer){
      $Hive = [long]$HIVE_HKU = 2147483651
      $sid = ($explorer.GetOwnerSid()).sid
      $owner  = $explorer.GetOwner()
      $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $ComputerName | Where-Object {$_.Name -eq "StdRegProv"}
      $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
      
      #If the SID network has mapped drives iterate and report on said drives
      if($DriveList.sNames.count -gt 0){
        "$($owner.Domain)\$($owner.user) on $($ComputerName)"
        foreach($drive in $DriveList.sNames){
          "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
        }
      }else{"No mapped drives on $($ComputerName)"}
    }else{"explorer.exe not running on $($ComputerName)"}

    Does this work for you? Borrowed and modified from https://social.technet.microsoft.com/Forums/ie/en-US/46881e57-62a4-446e-af2d-cd2423e7837f/report-on-remote-users-mapped-drives?forum=winserverpowershell

    Ian Bruckner mentions "Alas this still only returns persistent network drives listed under HKU\SID\Network."

    Run as local tool

    0
  • Avatar
    Dan Abernathy

    This actually works pretty reliably if I run it as Remote with the scan user's credentials. I did change the $ComputerName variable to instead store $env:computername. Thanks!

    0
  • Avatar
    Tim Kehoe

    For some reason. I was getting a lot of "explorer.exe not running" so I used most of the script above but got the user info via:

    Add-Type -AssemblyName System.DirectoryServices.AccountManagement $sid = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Sid.Value $surname = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Surname $givenname = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Givenname $UserName = "$surname $givenname"

    0
  • Avatar
    Webmaster

    Running the following but getting this error....

    Return code: 255

    The filename, directory name, or volume label syntax is incorrect. '$explorer' is not recognized as an internal or external command, operable program or batch file.

    env:computername = "(Computer:TARGETHOSTNAME)"

    $explorer = Get-WmiObject -ComputerName env:computername -Class win32_process | ?{_.name -eq "explorer.exe"}

    #If a session was returned check HKEY_USERS for Network drives under their SID
if($explorer){
  $Hive = [long]$HIVE_HKU = 2147483651
  $sid = ($explorer.GetOwnerSid()).sid
  $owner  = $explorer.GetOwner()
  $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $env:computername | Where-Object {$_.Name -eq "StdRegProv"}
  $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
  
  #If the SID network has mapped drives iterate and report on said drives
  if($DriveList.sNames.count -gt 0){
    "$($owner.Domain)\$($owner.user) on $($env:computername)"
    foreach($drive in $DriveList.sNames){
      "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
    }
  }else{"No mapped drives on $($env:computername)"}
}else{"explorer.exe not running on $($env:computername)"}
    0
  • Avatar
    Jeff Roberts

    Getting the following error - Return code: 255

    The filename, directory name, or volume label syntax is incorrect. '$explorer' is not recognized as an internal or external command, operable program or batch file.

    env:computername = "(Computer:TARGETHOSTNAME)" $explorer = Get-WmiObject -ComputerName env:computername -Class win32_process | ?{_.name -eq "explorer.exe"}

    #If a session was returned check HKEY_USERS for Network drives under their SID
if($explorer){
  $Hive = [long]$HIVE_HKU = 2147483651
  $sid = ($explorer.GetOwnerSid()).sid
  $owner  = $explorer.GetOwner()
  $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $env:computername | Where-Object {$_.Name -eq "StdRegProv"}
  $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
  
  #If the SID network has mapped drives iterate and report on said drives
  if($DriveList.sNames.count -gt 0){
    "$($owner.Domain)\$($owner.user) on $($env:computername)"
    foreach($drive in $DriveList.sNames){
      "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
    }
  }else{"No mapped drives on $($env:computername)"}
}else{"explorer.exe not running on $($env:computername)"}
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post