Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Issue with a script to get mapped drives

Hey all,

I'm trying to create a custom Tool in PDQ Inventory to get a list of all mapped drives for logged-in users.

When I run locally, I get the results I expect. When I run it from Inventory, nothing appears in the Output window except "Return code: 0". I'm trying this with a run type of Local, with the Shell set to "Tool Window - Capture Output".

I tried running it as a package in PDQ Deploy, and added an "Out-File" pipe to the end of the script to make it write out a text file containing the information. When i run it myself, it writes the list of mapped files. Run from Deploy, it ends with status "Succesful" but it writes a zero-byte file.

Any ideas?

It'd be nice if Inventory could do this as part of the default scan profile or maybe a custom WMI one and store the result in a field.

---script below this line---

$ComputerName = $env:COMPUTERNAME gwmi win32_mappedlogicaldisk | select SystemName,Name,ProviderName,SessionID | foreach { $disk = $_ user = gwmi Win32_LoggedOnUser | where { (.Dependent.split("=")[-1] -replace '"') -eq disk.SessionID} | foreach {.Antecedent.split("=")[-1] -replace '"'} $disk | select Name,ProviderName,@{n="MappedTo";e={$user} } } | Out-File -FilePath "C:\Admin\mapped-drives-on-$ComputerName.txt" -Force

0

Comments

6 comments
Date Votes
  • Try cmd:

    net use

    or (the txt file version)

    net use > "C:\Admin\mapped-drives-on-%ComputerName%.txt"

    ~Chris

    0
  • $ComputerName = "$(Computer:TARGETHOSTNAME)"
    $explorer = Get-WmiObject -ComputerName $ComputerName -Class win32_process | ?{$_.name -eq "explorer.exe"}
        
        #If a session was returned check HKEY_USERS for Network drives under their SID
        if($explorer){
          $Hive = [long]$HIVE_HKU = 2147483651
          $sid = ($explorer.GetOwnerSid()).sid
          $owner  = $explorer.GetOwner()
          $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $ComputerName | Where-Object {$_.Name -eq "StdRegProv"}
          $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
          
          #If the SID network has mapped drives iterate and report on said drives
          if($DriveList.sNames.count -gt 0){
            "$($owner.Domain)\$($owner.user) on $($ComputerName)"
            foreach($drive in $DriveList.sNames){
              "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
            }
          }else{"No mapped drives on $($ComputerName)"}
        }else{"explorer.exe not running on $($ComputerName)"}
    

    Does this work for you? Borrowed and modified from https://social.technet.microsoft.com/Forums/ie/en-US/46881e57-62a4-446e-af2d-cd2423e7837f/report-on-remote-users-mapped-drives?forum=winserverpowershell

    Ian Bruckner mentions "Alas this still only returns persistent network drives listed under HKU\SID\Network."

    Run as local tool

    0
  • This actually works pretty reliably if I run it as Remote with the scan user's credentials. I did change the $ComputerName variable to instead store $env:computername. Thanks!

    0
  • For some reason. I was getting a lot of "explorer.exe not running" so I used most of the script above but got the user info via:

    Add-Type -AssemblyName System.DirectoryServices.AccountManagement $sid = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Sid.Value $surname = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Surname $givenname = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Givenname $UserName = "$surname $givenname"

    0
  • Running the following but getting this error....

    Return code: 255

    The filename, directory name, or volume label syntax is incorrect. '$explorer' is not recognized as an internal or external command, operable program or batch file.


    env:computername = "(Computer:TARGETHOSTNAME)"

    $explorer = Get-WmiObject -ComputerName env:computername -Class win32_process | ?{_.name -eq "explorer.exe"}

    #If a session was returned check HKEY_USERS for Network drives under their SID
    if($explorer){
      $Hive = [long]$HIVE_HKU = 2147483651
      $sid = ($explorer.GetOwnerSid()).sid
      $owner  = $explorer.GetOwner()
      $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $env:computername | Where-Object {$_.Name -eq "StdRegProv"}
      $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
      
      #If the SID network has mapped drives iterate and report on said drives
      if($DriveList.sNames.count -gt 0){
        "$($owner.Domain)\$($owner.user) on $($env:computername)"
        foreach($drive in $DriveList.sNames){
          "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
        }
      }else{"No mapped drives on $($env:computername)"}
    }else{"explorer.exe not running on $($env:computername)"}
    
    0
  • Getting the following error - Return code: 255

    The filename, directory name, or volume label syntax is incorrect. '$explorer' is not recognized as an internal or external command, operable program or batch file.


    env:computername = "(Computer:TARGETHOSTNAME)" $explorer = Get-WmiObject -ComputerName env:computername -Class win32_process | ?{_.name -eq "explorer.exe"}

    #If a session was returned check HKEY_USERS for Network drives under their SID
    if($explorer){
      $Hive = [long]$HIVE_HKU = 2147483651
      $sid = ($explorer.GetOwnerSid()).sid
      $owner  = $explorer.GetOwner()
      $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $env:computername | Where-Object {$_.Name -eq "StdRegProv"}
      $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
      
      #If the SID network has mapped drives iterate and report on said drives
      if($DriveList.sNames.count -gt 0){
        "$($owner.Domain)\$($owner.user) on $($env:computername)"
        foreach($drive in $DriveList.sNames){
          "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
        }
      }else{"No mapped drives on $($env:computername)"}
    }else{"explorer.exe not running on $($env:computername)"}
    
    0