If your company’s drive mapping GPOs are not functioning correctly, manual drive mapping may be a last resort, which often ends up in high inconsistency between what shares each user is using. One way you can start gaining control of the situation is to do a mass query to find out what drives each user has. While is would be quite nice to use PSExec and query each machine as its local system account, this will query mapped drives of the local system user, not the user you want. Thus, it must be done under the HKEY_CURRENT_USER security context, and the following script is one easy way to accomplish this.
## Title: discovery.ps1 ## Description: Query for local mapped drives, logon server, and GPOs applied, and report to a uniquely named file using format MACHINE.DOMAIN.USER.txt. Also clears a problematic entry from the Credential Manager. Designed to be used as a logon script. ## Author: Steven J. Borrelli ## Email: sborrelli@rdata.us ## Serial: 2018082900 ## Version: 1.03 ## Example usage: ## Place script in the NETLOGON folder of the domain controller and include the following command in your logon batch file. ## PowerShell.exe -noprofile -executionpolicy bypass -file %logonserver%\netlogon\discovery.ps1 # Location of export file $folderpath = "\\fileserver\discovery\" # File name structure #$filename = [string]::Join(".",$env:COMPUTERNAME,$env:userdomain,$env:username,"txt") # use with Powershell 5.0 $filename = -join ($env:COMPUTERNAME,".",$env:userdomain,".",$env:username,".txt") # use with Powershell 2.0 # Full file path $filepath = join-path -path $folderpath -childpath $filename # See if file exists first $checkfile = Test-Path $filepath # If file doesn't already exist, get mapped drives and write to specified file #if ($checkfile) {Write-Host "$filename exists!"} else {Get-WmiObject -Query "SELECT Caption, ProviderName FROM Win32_MappedLogicalDisk" | Select-Object @{ Name = 'DriveLetter'; Expression = { $_.Caption } }, @{ Name = 'NetworkPath'; Expression = { $_.ProviderName } } | Out-File $filepath} Get-WmiObject -Query "SELECT Caption, ProviderName FROM Win32_MappedLogicalDisk" | Select-Object @{ Name = 'DriveLetter'; Expression = { $_.Caption } }, @{ Name = 'NetworkPath'; Expression = { $_.ProviderName } } | Out-File $filepath # Identify the logon server and append to the file echo "Logon Server: "$Env:LOGONSERVER | Out-File $filepath -Append # Do a silent gpupdate of computer and user policies echo n | gpupdate /force /wait:0 /target:computer echo n | gpupdate /force /wait:0 /target:user # List the GPOs and groups applied, and append it to the file gpresult /r | Out-File $filepath -Append # Clear problematic credentials if exist, but list it first cmdkey /list | findstr server2 | Out-File $filepath -Append cmdkey /list | ForEach-Object{if($_ -like "*Target:*" -and $_ -like "*server2*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}