So after further digging, it looks like when running on machines with PowerShell 2.0 I'm getting false positives on the $BadPrinters.count -gt '0' Dumping out the $badprinters variable there is no matching keys added to the array, but it has a count of 1
I think it would be much simpler to iterate through HKEY_Users Unfortunately only the current logged on users will populated in HKEY_Users, which is why I was having to do a reg load. I wish that wasn't the case. I was using the exclude option on the get child item folder so it wouldn't attempt load the current user's ntuser.dat file. I'll look at it again with using the ErrorAction parameter to simplify things more. From: listsadmin@lists.myITforum.com [mailto:listsadmin@lists.myITforum.com] On Behalf Of Michael B. Smith Sent: Thursday, April 23, 2015 1:29 PM To: powersh...@lists.myitforum.com Subject: [powershell] RE: Script to read reg keys from all user profiles You don't have very much error handling in this, at all. If I were to make a guess, if a user is logged in, you cannot access their ntuser.dat. I think it would be much simpler to iterate through HKEY_Users. I verified the code below, insofar as it goes. You've got a handle on the rest of it, I think. Note that the way this works, you don't have to worry about excluding certain users. :) The security errors are filtered automagically. New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null $users = dir HKU: -EA 0 foreach( $user in $users ) { $n = $user.PsChildName "user $n" $s = '' if( $n.Length -gt 8 -and $n.EndsWith( '_Classes' ) ) { "...skipped" continue } $connections = dir HKU:$n\Printers\Connections -EA 0 if( $null -eq $connections -or $connections.count -eq 0 ) { "...no connections" continue } $connections ### blah blah blah } From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Krueger, Jeff Sent: Thursday, April 23, 2015 11:02 AM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] Script to read reg keys from all user profiles Cross posting this from the SMS mailing list. Hoping someone has done something like this before where you need to loop through the user profiles and look for something in their registry hive. I've made Configuration Item that runs a powershell script that checks for connections to a particular print server. It does a reg load on each user's profile and then checks for reg keys pointing to the server we're interested in. I'm getting inconsistent results, the configuration item is checking for a Boolean value returned by the script, if it's false then the machine is compliant. But I'm getting non-compliant results for machines I know should evaluate as compliant. The script is below, if anyone has a simpler way to accomplish this, that would be super helpful. #Create New PS Drive to access the user Keys New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null Set-Location HKU: #Create empty array to which we will add our list of wrong printer connections $BadPrinters = @() #Gets the current user's SID to look for printers $strCurrentUser = (Get-WmiObject Win32_ComputerSystem -Computer ".").UserName $objCurrentUser = New-Object System.Security.Principal.NTAccount($strCurrentUser) $strCurrentUserSID = ($objCurrentUser.Translate([System.Security.Principal.SecurityIdentifier])).Value $PrintServer = '*PrintServer01*' #Lookup the printer in the current user hive $GetKey = Test-Path .\$strCurrentUserSid\Printers\Connections IF ($GetKey -eq $true) { $BadPrintServer = Get-ChildItem -Path .\$strCurrentUserSid\Printers\Connections | Where-Object {$_.Name -like $Printserver} Foreach ($badconnects in $BadPrintServer) { $BadPrinters += "$badconnects" } } #Exclude users from list of profiles we will load $strUserName = ((Get-WmiObject Win32_ComputerSystem -Computer ".").UserName).Split('\')[1] $ExcludedUsers = @($strUserName, 'ADMINI~1', 'Public') #Reg load each user profile and check for the printers $GetUsersToLoad = Get-ChildItem -path "$env:SystemDrive\Users" -Exclude $ExcludedUsers $UserList = @() Foreach ($user in $GetUsersToLoad) { $UserList += $user.Name } Foreach ($profile in $UserList) { &Reg.exe Load HKU\$Profile c:\users\$Profile\ntuser.dat | Out-Null Start-Sleep -s 3 $TempGetKey = Test-Path HKU:\$Profile\Printers\Connections IF ($TempGetKey -eq $true) { $TempBadPrintServer = Get-ChildItem -Path HKU:\$Profile\Printers\Connections | Where-Object {$_.Name -like $PrintServer} Foreach ($connection in $TempBadPrintServer) { IF ($connection -ne $Null) { $BadPrinters += $connection.ToString() Remove-Variable connection } } Remove-Variable TempBadPrintServer } Remove-Variable TempGetKey [gc]::Collect() Try{ & cmd /c Reg.exe Unload HKU\$Profile 2>&1 | Out-Null } Catch{} Start-Sleep -s 3 cd HKU: } cd c: Remove-PSDrive HKU $BadPrinters.count -gt '0' Jeff Krueger jkrue...@hfhs.org<mailto:jkrue...@hfhs.org> IT - Henry Ford Health System 248.853.4466 ________________________________ CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy & Security page on www.henryford.com<http://www.henryford.com> for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.myitforum.com_forums_default.asp-3FcatApp-3D1&d=AwMFAg&c=aLnS6P8Ng0zSNhCF04OWImQ_He2L69sNWG3PbxeyieE&r=pQGVi_ygWZb0EWR_EeMFzgKJCQ8AFTQI7Ck6iiIPItI&m=cmWVtj9pmge45IuICFW4PHOoB1whutsq9d3rupjwkZ4&s=1ziWiHDbbeOdxG_mqSYzdb8GOU1qNeS_UnZVWoZcQdY&e=> ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.myitforum.com_forums_default.asp-3FcatApp-3D1&d=AwQFAg&c=aLnS6P8Ng0zSNhCF04OWImQ_He2L69sNWG3PbxeyieE&r=pQGVi_ygWZb0EWR_EeMFzgKJCQ8AFTQI7Ck6iiIPItI&m=cmWVtj9pmge45IuICFW4PHOoB1whutsq9d3rupjwkZ4&s=1ziWiHDbbeOdxG_mqSYzdb8GOU1qNeS_UnZVWoZcQdY&e=> ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
