Powershell – Audit NetLogon drive mapping scripts

Here’s a quick fun one! A client currently maps drives for their users to windows servers using logon scripts in the netlogon directory, having one script for every user and assigning it to run at logon on the profile tab of the user account in AD. Many of these mappings are common for groups of users, so it would make sense to consolidate them into a logon script driven by group membership. However, to do this they first need to understand what is being mapped and by whom.

This quick PowerShell script should give them a CSV summarizing who is mapping what drives. This client names the batch files after the username of the account calling the script, which simplifies the requirements somewhat. Otherwise, you could query AD for all user accounts, find the logon script name in the account profile settings, and then analyze that script within the netlogon directory.

So, assume that each file in the directory is named <username>.bat. Also assume that the script only contains "net use" syntax drive mappings (net use <drive letter> <share path>).

$results = @()

$Files = get-childitem \\aemst.einstein.edu\netlogon -include *.bat

ForEach ($File in $Files) {
    $script = get-content $File.FullName
    If ($Script -is [System.Array]) {
        ForEach ($line in $Script) {
            If ($Line) {
                $obj = "" | Select Name,Letter,Path
                $Mapping = $Line.replace("net use ","").split(" ")
                $Obj.Name = $File.name.tolower().replace(".bat","")
                $Obj.Letter = $Mapping[0]
                $Obj.Path = $Mapping[1]
                $Results += $Obj
            }
        }
    } Else {
        $obj = "" | Select Name,Letter,Path
        $Line = $Script
        $Mapping = $Line.replace("net use ","").split(" ")
        $Obj.Name = $File.name.tolower().replace(".bat","")
        $Obj.Letter = $Mapping[0]
        $Obj.Path = $Mapping[1]
        $Results += $Obj
    }
}

$results | export-csv Mappings.csv –notypeinformation

So, first we gather all the filenames in the netlogon directory, then we begin to step through them.

If the contents of a file are an array, that means it is multiple lines long, so we will need to evaluate each line.

For each line (or just the contents of the file if it is only one line long), we create an object with the properties Name, Letter and Path. We then manipulate the string, removing the substring “net use “ with the replace() method and then splitting the remaining string into an array using the split() method. This array is set to the $Mapping variable. Set the Name property of the object to the filename, forcing it to lowercase using the tolower() method and removing the “.bat” extension with the replace() method. Set the Letter property of the object to the first entry in the $Mapping array. The Path property is set to the second entry in the array.

Put the object into an array of results. Once all the files are processed, export the results to a CSV.

Quick and dirty, and no allowances for files that don’t follow the expected formatting, but it gets the job done!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s