Issue with a script to get mapped drives

Comments

6 comments

  • Christian Bacher

    Try cmd:

    net use

    or (the txt file version)

    net use > "C:\Admin\mapped-drives-on-%ComputerName%.txt"

    ~Chris

    0
    Comment actions Permalink
  • Webmaster
    $ComputerName = "$(Computer:TARGETHOSTNAME)"
    $explorer = Get-WmiObject -ComputerName $ComputerName -Class win32_process | ?{$_.name -eq "explorer.exe"}
        
        #If a session was returned check HKEY_USERS for Network drives under their SID
        if($explorer){
          $Hive = [long]$HIVE_HKU = 2147483651
          $sid = ($explorer.GetOwnerSid()).sid
          $owner  = $explorer.GetOwner()
          $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $ComputerName | Where-Object {$_.Name -eq "StdRegProv"}
          $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
          
          #If the SID network has mapped drives iterate and report on said drives
          if($DriveList.sNames.count -gt 0){
            "$($owner.Domain)\$($owner.user) on $($ComputerName)"
            foreach($drive in $DriveList.sNames){
              "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
            }
          }else{"No mapped drives on $($ComputerName)"}
        }else{"explorer.exe not running on $($ComputerName)"}
    

    Does this work for you? Borrowed and modified from https://social.technet.microsoft.com/Forums/ie/en-US/46881e57-62a4-446e-af2d-cd2423e7837f/report-on-remote-users-mapped-drives?forum=winserverpowershell

    Ian Bruckner mentions "Alas this still only returns persistent network drives listed under HKU\SID\Network."

    Run as local tool

    0
    Comment actions Permalink
  • Dan Abernathy

    This actually works pretty reliably if I run it as Remote with the scan user's credentials. I did change the $ComputerName variable to instead store $env:computername. Thanks!

    0
    Comment actions Permalink
  • Tim Kehoe

    For some reason. I was getting a lot of "explorer.exe not running" so I used most of the script above but got the user info via:

    Add-Type -AssemblyName System.DirectoryServices.AccountManagement $sid = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Sid.Value $surname = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Surname $givenname = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.Givenname $UserName = "$surname $givenname"

    0
    Comment actions Permalink
  • Webmaster

    Running the following but getting this error....

    Return code: 255

    The filename, directory name, or volume label syntax is incorrect. '$explorer' is not recognized as an internal or external command, operable program or batch file.


    env:computername = "(Computer:TARGETHOSTNAME)"

    $explorer = Get-WmiObject -ComputerName env:computername -Class win32_process | ?{_.name -eq "explorer.exe"}

    #If a session was returned check HKEY_USERS for Network drives under their SID
    if($explorer){
      $Hive = [long]$HIVE_HKU = 2147483651
      $sid = ($explorer.GetOwnerSid()).sid
      $owner  = $explorer.GetOwner()
      $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $env:computername | Where-Object {$_.Name -eq "StdRegProv"}
      $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
      
      #If the SID network has mapped drives iterate and report on said drives
      if($DriveList.sNames.count -gt 0){
        "$($owner.Domain)\$($owner.user) on $($env:computername)"
        foreach($drive in $DriveList.sNames){
          "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
        }
      }else{"No mapped drives on $($env:computername)"}
    }else{"explorer.exe not running on $($env:computername)"}
    
    0
    Comment actions Permalink
  • Jeff Roberts

    Getting the following error - Return code: 255

    The filename, directory name, or volume label syntax is incorrect. '$explorer' is not recognized as an internal or external command, operable program or batch file.


    env:computername = "(Computer:TARGETHOSTNAME)" $explorer = Get-WmiObject -ComputerName env:computername -Class win32_process | ?{_.name -eq "explorer.exe"}

    #If a session was returned check HKEY_USERS for Network drives under their SID
    if($explorer){
      $Hive = [long]$HIVE_HKU = 2147483651
      $sid = ($explorer.GetOwnerSid()).sid
      $owner  = $explorer.GetOwner()
      $RegProv = get-WmiObject -List -Namespace "root\default" -ComputerName $env:computername | Where-Object {$_.Name -eq "StdRegProv"}
      $DriveList = $RegProv.EnumKey($Hive, "$($sid)\Network")
      
      #If the SID network has mapped drives iterate and report on said drives
      if($DriveList.sNames.count -gt 0){
        "$($owner.Domain)\$($owner.user) on $($env:computername)"
        foreach($drive in $DriveList.sNames){
          "$($drive)`t$(($RegProv.GetStringValue($Hive, "$($sid)\Network\$($drive)", "RemotePath")).sValue)"
        }
      }else{"No mapped drives on $($env:computername)"}
    }else{"explorer.exe not running on $($env:computername)"}
    
    0
    Comment actions Permalink

Please sign in to leave a comment.