I want to get mapped network drive information from user profile server NTUSER.DAT file. Can you please let me know where can I start I did find few scripts online but they are not useful. I need to search each profile (Reg load) and get the network drives info and then unload.
Any help would be appreciated.
$user = "admin"
$profiles = get-aduser -filter {SamAccountName -eq $user} -properties *
$sid= $profiles.sid
$profile = " \\serverprofile\drive$\ $user\NTUSER.DAT"
Reg load "HKU\$sid" $profile
Reg export "HKU\$sid\network" "C:\temp\$user\network.reg"
[gc]::collect()
Reg unload "HKU\$sid"
Thanks
I'm not on domain to test but following works to load hive from computer on LAN, assuming you have remoting enabled:
$UserName = "USERNAME"
$Domain = "COMPUTERNAME"
$Cred = Get-Credential -Message "Credentials are required to access $Domain"
$CimServer = New-CimSession -ComputerName $Domain -Credential $Cred
$User = Get-CimInstance -ClassName Win32_UserAccount -CimSession $CimServer | Where-Object {
$_.Name -eq $UserName
} | Select-Object -Property Name, SID
$UserProfile = Get-CimInstance -ClassName Win32_UserProfile -CimSession $CimServer | Where-Object {
$_.SID -eq $User.SID
} | Select-Object -ExpandProperty LocalPath
$UserProfile = Split-Path -Path $UserProfile -NoQualifier
New-PSDrive -Name Remote -PSProvider FileSystem -Credential $Cred -Root \\$Domain\C$ | Out-Null
$RegKey = "HKU\Remote-$($User.SID)"
$OldLocation = Get-Location
Set-Location Remote:\$UserProfile
reg load $RegKey NTUSER.dat
[gc]::collect()
reg unload $RegKey
Set-Location $OldLocation
Remove-PSDrive -Name Remote