ThinWorld Citrix Knowledgebase

Thursday, 11 March 2010

Audit Users Manually mapped Drive mappings

I needed to create a script to check to see if users had manually mapped network drives to a certain data share in order to perform a successful migration of the share to a new server.

Our central logon script would be easy to amend but obviously manually added mappings would not be effected by that. In our environment it is possible users have manually added a network drive on their local client device (workstation or laptop) or within their Citrix Xenapp sessions.

The drive mapping in citrix were easy to obtain as we have a hybrid profile solution and the drive mappings show as plain text files within their profile.

For Client Devices this task proved much more difficult and the scripts detailed here require scriping knowledge and some management. Also the data returned is reliant on a number of factors , most notable it can only check logged on users. (trying to rip apart NTUSER.DAT files proved fruitless the file is often locked and did not always seems to show the keys for reasons unknown)

Client Device check Script - You Feed the script a list of usernames and their workstation names and in a comma seperated file called workstation.csv
It will then output back to you if any of those users have the drive mapping you need to change. You can amend this script to FIND and REPLACE if required as well. The one posted here is an audit only to identify users who have the mapping.

(eg. User1,Workstation7

You must retrieve this in any manner you can, I had a list from SMS and also a report from edgesight showing me users and which workstations they had logged onto in the last 30 days.

Client Device check Script.VBS

On error resume Next

Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.fileSystemObject")

Const HKU = &H80000003
Dim StrArray(1000)
Dim StrDog, StrSplit, StrSID, StrText, StrText2, StrUserID, StrreplaceDrive

StrReplaceDrive = "\servername\sharename"

' Get AD group name and membership
StrGroup = Inputbox("Enter AD Group Name ")
Return = ("%comspec% /c h:\utils\DSGET group " & CHR(34) & "cn=" & StrGroup & ",OU=Data Access,OU=Groups,DC=thinworld,DC=netUK" & CHR(34) & " -members -expand | h:\utils\dsget user -samid -sid >members.txt" ,0,True)

Set objInputFile = objFSO.OpenTextFile("workstations.csv",1,False,-1)
Set objOutputfile = objFSO.CreateTextFile("Output.txt",2,True)

' Read the User IDs from file and then attach the SID on their PC to see the Drive mappings
Do While Not objinputfile.AtEndOfStream
Strtext = Ucase(objinputfile.ReadLine)
StrUSerID = Split(StrText,",")

' Check the machine is available before trying to read the registry
PINGFlag = Not CBool("ping -n 1 " & StrUserID(1),0,True))
If PINGFlag = True Then
Call READREG(StrUserID(0),StrUserID(1),StrSID(1))
objOutputfile.WriteLine StrUserID(1) & CHR(9) & "Computer Not Online"
End If

x = x + 1


' Display the output file
Return = ("%comspec% /c notepad.exe output.txt",0,False)
' End the Script

' Get the users SID Name
Set objInputFile2 = objFSO.OpenTextFile("members.txt",1)
Do While Not objinputfile2.AtEndOfStream
Strtext2 = objinputfile2.ReadLine
Pos = Instr(Strtext2,StrUserID)
If Pos > 0 Then
StrSID = Split(Strtext2,"S-1-5")
End If
End Sub

' Search the users registry for the drive mapping
Function READREG(StrUserID,Strcomputer,StrSID)
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
Set WshSysEnv = ObjShell.Environment("PROCESS")
StrSID = Trim(StrSID)
strKeyPath = "S-1-5" & StrSID & "\Network"
strKeyName = "RemotePath"
objReg.EnumKey HKU , strKeyPath, arrSubKeys

For Each subkey In arrSubKeys
objReg.GetSTRINGValue HKU ,strKeyPath & "\" & subkey,strKeyName,szValue
intLength = Len(szValue)-1
strUncPath = Right(szValue, intLength)
If Ucase(StrUNCPath) = Ucase(StrreplaceDrive) Then
objOutputfile.WriteLine Subkey & " Drive Mapped to " & StrUNCPath & " By User : " & StrUserID & " On Client : " & Strcomputer
End If
End Function


Post a Comment

<< Home