Avatar of Pau Lo
Pau Lo
 asked on

what drives did they have mapped

We have a task of identifying what network drives a disabled AD user would have had on his/her PC in my computer when they log in to the domain each day. Any ideas how we could find this out? I know you have a login script which I guess maps drives. Can you have any other manually mapped drives accessible to the user each time they login outside of the script, if so anyway to see what they were? Any other suggestions?

Also - what other things are tied to a user account, logging in script will map drives, outlook email, anything else?
Microsoft Server OSActive DirectoryWindows Server 2008

Avatar of undefined
Last Comment
Krzysztof Pytko

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
athomsfere

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Krzysztof Pytko

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Pau Lo

ASKER
Can you tell which drives were mapped by which means?

I.e. which were mapped via script, which GPO, which locally?

Can you give some clues how to see any mappd by GPO? I can use a test user and machine
Pau Lo

ASKER
Also from the client machine is there anyway to copy the actual loginscript to see what its doing, via command prompt or something....
Gary Dewrell

If you login to your test machine as that user and that test machine is joined to the domain you will see all mapped drives that are mapped via script or GPO.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Pau Lo

ASKER
Sorry no can do that acct is disabled for a reason and logging in with it will cause issues with potential disciplinary.
Pau Lo

ASKER
Can you tell which drives were mapped by which means?

I.e. which were mapped via script, which GPO, which locally?

Can you give some clues how to see any mappd by GPO? I can use a test user and machine
Pau Lo

ASKER
isiek - can you share any more information on:

You need to review registry HKEY_USERS hive on each workstation to which user was logged on. Then in registry you can find these mapping


Where exactly is this key?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Krzysztof Pytko

Yes, sure. You need to only know user's SID but this can be done using DSQUERY or PowerShell and then in registry go to:

first, locating user's SID:

dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(sAMAccountName=UserNameToGetSID))" -attr sAMAccountName objectSID

Open in new window


now, log on to workstation and in registry localize user's SID under HKEY_USERS hive. Then go to Network key and you will see all mapped drives there.

Krzysztof
Pau Lo

ASKER
Thanks does that include drives mapped via local gpo or script? Or just one group
Krzysztof Pytko

All mapped drives by manual, local and script (GPO) but only with "persistent" (Reconect at logon) option :/
http://technet.microsoft.com/en-us/library/cc957210.aspx

So, if user used another mappings they would not appear in registry but mostly users have this option selected :)

Krzysztof
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Pau Lo

ASKER
This is weird, I checkd mine as a test, each morning I have my home drive mapped, and 2 other network drives. In the regedit is shows only the 2 network drives, not my home drive. I got a copy of the logon bat file and that too only seems to link to the network drives, not my home drive. How is a home drive typically mapped? I know its stored in my properties in AD, but I cant see how its mapped each time I login or why it wouldnt show in this registry key? Any ideas?
Krzysztof Pytko

Yes, this is mapped each time you are log in and without "persistent" flag :)

Krzysztof
Pau Lo

ASKER
I see, so that wouldnt show anyway then?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Krzysztof Pytko

Yes, but this is not so matter for Domain Admins :) They have access to account properties and then simply can read which logon script is applied, so they can see what drives are mapped. In user's profile you have also information about home drive. The rest (manually mapped with persistent flag) are stored in registry.

Summarizing them all you have the final result :]

Krzysztof
Pau Lo

ASKER
Just to clarify, by what mechanism is a users H drive mapped, i.e. when I login to the domain from any PC, how does the login process know to map my network home drive? What happens during login to check where my home drive is and map it for me, if it isnt a script or a GPO?
Krzysztof Pytko

Normally, when you are logging into PC with domain account then user properties are checked like:

1) startup scripts from GPOs (at computer level)

2) user AD profile (home drive and home path)

3) logon scripts from GPOs

4) logon script from AD profile

Krzysztof
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Pau Lo

ASKER
Also, can the user copy their login script at all via the command prompt. I.e. you run NET User and see your login script is accountancylogin.bat, c an you take a copy of that bat file via a command prompt, I am 99% sure I have seen this mentioned before, but cant remember the command.
Krzysztof Pytko

Yes, you're right. Each user can run in command-line

set
command and then verify which logon script is applied. To be able to run (apply) logon script user needs at least read&execute permissions on NETLOGON share (which is by default done). So, if I know which logon script is interesting me or even all of them :) I can download them using Windows Explorer

\\domain.loca\NETLOGON
and I can see all logon scripts. Of course if user is more advanced then he/she is also able to use command-line for that as you mentioned.

Krzysztof