Public/OS/Get-MappedDrive.ps1
|
<#
Copyright © 2024 Integris. For internal company use only. All rights reserved. #> FUNCTION Get-MappedDrive { <# .SYNOPSIS Loads or unloads user registry hives and retrieves mapped drive information. .DESCRIPTION This function manages user registry hives by loading or unloading them and retrieves information about mapped network drives for each user profile on the system. .PARAMETER Load Loads the user registry hives. .PARAMETER Unload Unloads the user registry hives. .EXAMPLE Get-MappedDrive -Load This command loads the user registry hives and retrieves mapped drive information. .EXAMPLE Get-MappedDrive -Unload This command unloads the user registry hives. .NOTES This function requires administrative privileges to execute and may need to be run with elevated permissions. #> [CmdletBinding(DefaultParameterSetName='Load')] PARAM( [Parameter(ParameterSetName = 'Load')] [SWITCH]$Load = $False, [Parameter(ParameterSetName = 'Unload')] [SWITCH]$Unload = $False ) IF (!(Test-AdministratorElevation)) { Write-Warning "This command must be run with administrator elevation. Please elevate and try again."; RETURN } $Results = @() $Profiles = Get-WindowsUserProfile IF ($Unload -eq $True) { FOREACH ($Profile in $Profiles) { REG UNLOAD "HKU\$($Profile.ProfileName)" } $LoadedHives = @() $LoadedHives = (Get-ChildItem Registry::HKEY_USERS) | Where-Object { $Profiles.ProfileName -contains $_.Name.Replace("HKEY_USERS\","") } IF ($LoadedHives.Count -eq 0) { RETURN "All Hives Unloaded Successfully" } ELSE { FOREACH ($LoadedHive in $LoadedHives) { $Results += New-Object PSObject -WarningAction SilentlyContinue -Property @{ HiveName = $LoadedHive.Name Status = "Still Loaded" } } } RETURN $Results | Select-Object HiveName, Status } IF ($Load -eq $True) { FOREACH ($Profile in $Profiles) { IF ($Profile.ProfileName -like "*MSSQL$*") { continue } IF ($Profile.ProfileName -like "*.NET*") { continue } Start-Process REG -ArgumentList "LOAD `"HKU\$($Profile.ProfileName)`" `"$($Profile.ProfilePath)\NTUSER.DAT`"" -WindowStyle Hidden -Wait } } $Hives = (Get-ChildItem Registry::HKEY_USERS -ErrorAction SilentlyContinue) | Where-Object {($_.Name.Length -gt 30 -and $_.Name -notlike "*classes*") -or ($Profiles.ProfileName -contains $_.Name.Replace("HKEY_USERS\","")) } FOREACH ($Hive in $Hives) { $MappedDrivesKeys = @() $SID = $Hive.Name.Replace("HKEY_USERS\","") $UserName = $SID #$FullName = Get-ItemProperty Registry::HKEY_USERS\$($SID)\Software\Microsoft\Office\16.0\Common\Identity -ErrorAction Continue TRY { $UserName = ((New-Object System.Security.Principal.SecurityIdentifier($SID)).Translate([System.Security.Principal.NTAccount])).Value } CATCH { $UserName = $SID } IF ($UserName -like "*MSSQL$*") { continue } IF ($UserName -like "*.NET*") { continue } $MappedDrivesKeys = (Get-ChildItem Registry::HKEY_USERS\$($SID)\Network -ErrorAction SilentlyContinue) IF ($MappedDrivesKeys.Count -eq 0) { $Results += New-Object PSObject -WarningAction SilentlyContinue -Property @{ Username = $UserName DriveLetter = "None" Path = "User Has No Mappings" } } ELSE { FOREACH ($MappedDrivesKey in $MappedDrivesKeys) { $Values = Get-ItemProperty -Path "Registry::$($MappedDrivesKey.Name)" $Results += New-Object PSObject -WarningAction SilentlyContinue -Property @{ Username = $UserName DriveLetter = $Values.PSChildName.ToUpper() Path = $Values.RemotePath } } } } $Results | Select-Object Username, DriveLetter, Path | Sort-Object Username, DriveLetter } New-Alias -Name Get-MappedNetworkDrive -Value Get-MappedDrive |