List Mapped Drives of Remote Computers using Powershell

This article was posted more than 1 year ago. Please keep in mind that the information on this page may be outdated, insecure, or just plain wrong today.

This Powershell script is pieced together from a handful of source (noted in script) that will return mapped drives of remote computers of ALL the users.

# cooked by Rich Kreider 
# bits and pieces from:  https://gist.github.com/881412
# http://technet.microsoft.com/en-us/library/ff730940.aspx
# http://andrew-henderson.me.uk/computing/powershellmenu/182-powershellgetremoteloggedonusername
# http://serverfault.com/questions/81797/script-to-list-current-users-mapped-network-drives
# http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_25075337.html
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa394194(v=vs.85).aspx
# http://blogs.msdn.com/b/powershell/archive/2006/11/03/erroraction-and-errorvariable.aspx
# http://blogs.msdn.com/b/dmuscett/archive/2009/05/27/get_2d00_wmicustom.aspx
# http://poshcode.org/882
# http://blogs.technet.com/b/heyscriptingguy/archive/2005/10/27/how-can-i-determine-which-drives-are-mapped-to-network-shares.aspx
#$objUser = New-Object System.Security.Principal.NTAccount("fabrikam", "jdoe")
# get logged on user
#$loggedOn = gwmi win32_computersystem -ComputerName . -namespace "rootcimv2"
# the following gets username and sid
#$objUser = new-object system.security.principal.ntaccount("fabrikam", #$loggedOn.username.split("")[1])
#$strSID = #$objUser.Translate([System.Security.Principal.SecurityIdentifier])
#"SID: "+$strSID.Value
#"Username: "+$loggedOn.UserName.split("")[1]
$saveAs = 'c:ManualMappings.csv'
$ErrorActionPreference="SilentlyContinue"
$USE_ADS=False  # Set this to false if you don't have Quest ActiveRoleManagement snapin.  You can download:  http://www.quest.com/powershell/activeroles-server.aspx
function getData($data) {
        write-host "`tEnumerating SubKeys"
        foreach ($key in $HKU.GetSubKeyNames()) {
            $keys = $HKU.OpenSubKey($key + 'Network')
            # Move on to the next $key if the 'Network' sub key is empty or non-existent
            if ($keys.SubKeyCount -le 0) { continue }
            # Iterate through each drive letter (a corresponding key name) and output drive mapping
            foreach ($driveletter in $keys.GetSubKeyNames()) {
                $values = $keys.OpenSubKey($driveletter)
                # Attempt to translate the SID into a friendly username
                try {
                    $sid = New-Object System.Security.Principal.SecurityIdentifier($key)
                    $user = $sid.Translate([System.Security.Principal.NTAccount])
                }
                # Fallback to displaying SID
                catch {
                    $user = $key
                }
                # Output result to file specified in $saveAs
                $matches.name+",$user,$driveletter," + $values.GetValue('RemotePath') | Add-Content $saveAs
            }
        }
        write-host "`tDone"
}
if ($USE_ADS -eq $TRUE) {
add-pssnapin quest.activeroles.admanagement
$computers = get-qadcomputer | foreach-object {$_.name}
} else {
$computers=switch -regex (net view) { "^(?S+)s+" { $matches.name }}
}
foreach ($computer in $computers) {
    write-host "Trying " $computer
    $HKU = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users', $computer)
    if ($? -eq $FALSE) # $? is a Boolean value that holds the status of the last operation: success or failure.
    {
        write-host "`tRemoteRegistry Connect Fail"
	    # maybe remote registry wasn't enabled, try enabling and run again
    	write-host "`tAttempting to start RemoteRegistry"
        (gwmi win32_service -filter "Name='RemoteRegistry'" -computer $computer -ea silentlycontinue).invokemethod("StartService",$null) | out-null
        if ($? -eq $FALSE)
        {
            write-host "`tNot able to start RemoteRegistry"
        } else {
            write-host "`tRemoteRegistry Started"
			$HKU = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users', $computer)
            if ($? -eq $FALSE)
            {
                write-host "`tFailed to Connect and Start RemoteRegistry"
            } else {
                write-host "`tRemoteRegistry Connected"
		    	$computer+",N/A,N/A,N/A" | add-content $saveAs
			}
		}
    } else {
        write-host "`tRemoteRegistry Connected"
        getData($HKU.GetSubKeyNames())
    }
    } #end-foreach 

There’s probably a handful of issues with this but I at least wanted to get the script up so I could reference it. I’ll clean it up when I get some free time and make it work faster/better but I just don’t have the time right now.

#powershell