ConfigMgr Inventory: Per User Mapped Drive Information (datashift replacement)

Back when Windows 98 and Windows XP were the norm, there was a script available called "datashift", which would grab information from users regarding their mapped drives.  It worked because everyone was a local admin--that's no longer the case.

This is a replacement for that older utility.  If you still have a need for the per-user information regarding per-user network connections to shares, here is a way to obtain that information.

The basics of how it works is this.  There are two vbscripts that run.  One runs as SYSTEM, and it's only purpose is to create a custom namespace in WMI (if it doesn't already exist), and grant permissions to all of your domain users to that custom namespace--so they can populate it with the results of script #2.  Script #2 runs, only when a user is logged in, with user rights.  That's because the script needs to read information about that specific logged-in users network drive connection information.

The results of the 2nd script end up in that custom WMI namespace, and will have the following information:

DateScriptRan = the exact date and time that the script ran to gather this user-specific information.
Drive = the drive letter mapped (if a drive letter was used, if no drive letter was used for the connection, this is blank)
Location = the share location UserDomain = whomever is logged in when the script ran, what their domain is.
UserName = whomever is logged in when the script ran, what their username is.

End result:  After deploying these two scripts, you will be able to answer the question from your server team of "who is actually mapping to these shares".  Of course, the main limitation is this is per-user information. 

Ok, enough of how it works.  You really want to know *exactly* what to do, right?  Let's start!  

Your Source folder for the package will contain 3 things:

• WMINameSpaceAndSecurity.VBS
• WMISecurity.exe
• Mappeddrives.vbs

The .vbs files are at this link --> Mappeddrives <--.  Note that WMISecurity.exe is not attached here; just search using your favorite search engine to find and download wmisecurity.exe.  The one I used was version 1.0.1.31058 --maybe there are later versions of this .exe; but that's the one I found, and it worked.

You will need to make 1 change to "WMINameSpaceAndSecurity.vbs", this line: strDomain = "YOURDOMAINHERE" Modify that to be your domain (the domain your users are in that will be logging in and running script #2).

Create two programs; the first runs cscript.exe WMINameSpaceAndSecurity.vbs, whether or not a user is logged in, with Administrator rights.  The second runs cscript.exe MappedDrives.vbs, only when a user is logged in, with user rights.  The 2nd one; you want to "run another program first", and have it run the first one.  It only needs to run the 1st program once, per computer; it doesn't need to re-run.

Advertise the 2nd program to a collection (I recommend a test/pilot first), and confirm that it works as you expect.  If you

want to confirm the data is there, look in root\CustomCMClasses  (not root\cimv2) for cm_MappedDrives, that there are instances there for mapped drives for that user.

If you are satisfied it's there locally, either add the below to sms_def.mof (if you are ConfigMgr07) or import it into Default Client Agent Settings, Hardware Inventory (if you are CM12)

[SMS_Report(TRUE),
 SMS_Group_Name("MappedDrives"),
 SMS_Class_ID("MappedDrives"),
 SMS_Namespace(FALSE),
 Namespace("\\\\\\\\localhost\\\\root\\\\CustomCMClasses")]

class cm_MappedDrives : SMS_Class_Template
{
  [SMS_Report(TRUE)] string DateScriptRan;
  [SMS_Report(TRUE),key] string Drive;
  [SMS_Report(TRUE),key] string Location;
  [SMS_Report(TRUE)] string UserDomain;
  [SMS_Report(TRUE)] string UserName;
};

sit back, relax for a bit... then invoke a hardware inventory on your test boxes, and see if the data shows up in your database in v_gs_MappedDrives0.  If so, deploy the advert to your real target collection of users or computers, and wait for the data to show up.  Depending upon your need for this information; you may or may not want to have the advert run on a recurring basis (weekly? monthly?) or just gather it for a week or so (just enough to answer the question) then delete the advert and change the Inventory from TRUE to FALSE (until the next time they ask).

Here's a potential sql report to get you started:

select sys.netbios_Name0 as [Computer Name],
MD.UserDomain0 as [User Domain],
MD.UserName0 as [User Name],
MD.Drive0 as [Mapped Drive Letter],
MD.Location0 as [Mapped to Location],
md.DateScriptRan0 as [Date Collected]
from v_R_System sys
Inner Join v_GS_MappedDrives0 MD on sys.ResourceID = MD.ResourceID
order by sys.netbios_Name0

Caveat: as of 3/27/2014, the above routine has only been tested in a lab environment.  If people comment or somehow else let me know how well it works for them (or not), I'll update this blog with that information.  But right now... this isn't tested thoroughly at all.  I think it'll work just fine; but only you can confirm that.