Disconnect Specified Mapped Drives for All Users On All Systems

3 years ago
May 27, 2021
2 replies
932 views

Tony-Automox
Automox Employee
35 replies

This worklet will disconnect all mapped drives specified by $removeDrives in the evaluation and remediation. Be sure to set $removeDrives identically in both. The drives will not appear disconnected until after a reboot. Details of the user and drives disconnected will appear in the activity log.

Evaluation:

<#
.SYNOPSIS
    Delete Specified Mapped Drives for All Users on a System
    OS Support: Windows 7 and above
    Powershell: 2.0 and above
    Run Type: Evaluation
.DESCRIPTION
    This worklet is designed to search for any mapped drives specified with $remoteDrives, and disconnect them. If any setting is found to be non-compliant, the evaluation script will close with an
    exit code of '1' to trigger remediation.  $removeDrives needs to be set the same for evaluation and remediation to work correctly.  If drives are found and disconnected, the drives will not appear disconnected until after a reboot.
    To use this worklet, add the desired parameters to the $removeDrives line at the top of this script.
.NOTES
    Author: twiese
    Date: May 27, 2021
#>

# Define mapped drives to disconnect
$removeDrives = @("Y","Z")
# ----------------------------------

# Get User details including SID
$users = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount = 'True'"

# Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue | Out-Null

# Loop through the list of users to check each for matching drives to disconnect and exit when first one is found
Foreach ($user in $users) {

    # Retrieve SIDs for each user
    $sid = $user.SID
    $name = $user.Name
    
    # Load Registries for users, if ntuser.dat exists
    # this prevents us from attempting to load Administrator and similar accounts
    
    if (Test-Path "C:\Users\$name\ntuser.dat") {
        
        # Load user's ntuser.dat into the registry
        & reg load "HKU\$sid" "C:\Users\$name\ntuser.dat" | Out-Null
        
        # Get mapped drives for user and see if any match drives to be removed
        $drives = (Get-ChildItem -Path HKU:\$sid\Network | Get-ItemProperty).PSChildName
        $matches = $removeDrives | Where-Object { $drives -contains $_ }

        # If any user has a matching drive, immediately clean-up PSDrive and exit for remediation without checking for further matches
        If ($matches) {
                Remove-PSDrive -Name HKU
                Exit 1
        }
    }
}

# Clean-up the PSDrive if no results
Remove-PSDrive -Name HKU
Exit 0

Remediation:

<#
.SYNOPSIS
    Delete Specified Mapped Drives for All Users on a System
    OS Support: Windows 7 and above
    Powershell: 2.0 and above
    Run Type: Remediation
.DESCRIPTION
    This worklet is designed to search for any mapped drives specified with $remoteDrives, and disconnect them. If any setting is found to be non-compliant, the evaluation script will close with an
    exit code of '1' to trigger remediation.  $removeDrives needs to be set the same for evaluation and remediation to work correctly.  If drives are found and disconnected, the drives will not appear disconnected until after a reboot.
    To use this worklet, add the desired parameters to the $removeDrives line at the top of this script.
.NOTES
    Author: twiese
    Date: May 27, 2021
#>

# Define mapped drives to disconnect
$removeDrives = @("Y","Z")
# ----------------------------------

# Get Users details including SID
$users = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount = 'True'"

# Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue | Out-Null

# Loop through the list of users to check each for matching drives to disconnect
Foreach ($user in $users) {

    # Retrieve SIDs for each user
    $sid = $user.SID
    $name = $user.Name

    # Load Registries for users, if ntuser.dat exists
    # this prevents us from attempting to load Administrator and similar accounts

    If (Test-Path "C:\Users\$name\ntuser.dat") {

        # Load user's ntuser.dat into the registry
        & reg load "HKU\$sid" "C:\Users\$name\ntuser.dat" | Out-Null
        
        # Get mapped drives for user and see if any match drives to be removed
        $drives = (Get-ChildItem -Path HKU:\$sid\Network | Get-ItemProperty).PSChildName
        $matches = $removeDrives | Where-Object { $drives -contains $_ }
        
        # If any mapped drives match ones to be disconnected, disconnect them
        If ($matches) {
            ForEach ($match in $matches) {
                Try {
                    Remove-Item "HKU:\$sid\Network\$match"
                    Write-Output "User: $name, drive $match disconnected.  "
                    
                } Catch {
                    Write-Output "User: $name, drive $match couldn't be disconnected.  "
                }
            }
        }
    }
}

# Clean-up the PSDrive
Remove-PSDrive -Name HKU

Mrichards
Power User
58 replies
3 years ago
March 10, 2022

Any chance we can get a rework of this to match a mapped name instead of a specific drive letter? We have sporadic mapped drive letters (manually done, I know, I know) I’ve been struggling to get this working using PS-GetDrive and this looks more elegant

Mrichards
Power User
58 replies
3 years ago
March 10, 2022

Here's a quick and ugly hot-take on your script.. modified to parse all SIDs in HKU and agnostic of drive letters.. let me know what you think :D

New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue | Out-Null

$users = @(Get-ChildItem -Path HKU:\)
foreach ($user in $users) {
    $exists = (Get-ChildItem -Path HKU:\$user\Network | Get-ItemProperty)
    foreach ($exist in $exists) {
        if ($exist.RemotePath -match "chicago") {
            $delete = $exist.PSChildName
            Remove-Item "HKU:\$user\Network\$delete"

            Write-Output "User: $user, drive "$exist.RemotePath" disconnected."
    }
    }
}

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Install MSI using administrator privilegesicon

Worklet: Automox OS Upgrade to Latest Windows10 OS version

Worklet: Automatic OS Upgrade to Windows 10 1903

Worklet BitLocker Encryption - Not workingicon

Enforce BitLocker Encryptionicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings