PowerShell Script to Search Netlogon for a Specific List of Script files to Replace or Alter Drive Mappings

Updates/Edits:

10/12/2015: I’ve updated the script to allow multiple, simultaneous changes for a list of bat files, and no need to manually add “.bat” to the list of user account samAccount names.

Prologue

Yes, it’s me again, Ace Fekay.

You’ve already *probably* read my recent blog:

PowerShell Script to Search Netlogon logon scripts and Replace Drive Mappings – 9/10/2015
https://blogs.msmvps.com/acefekay/2015/09/10/script-to-search-netlogon-logon-scripts-and-replace-drive-mappings/

That blog is about searching all script files that end with *.bat, and make changes to the files.

This time we’re going to run something similar, but for a strict list of specific files (user logon scripts) for a list of users. This came about when a request came in to remove access to 140 users and remove their drive mappings, and another request to alter access for 120 users’ scripts.

To remove drive mapping is easy. The following shows our normal mapping method in each script:

:: Access has been provided by Ace Fekay on 10/3/2015 with approval in Ticket# 123456
net use t: /del
net use t: \\contoso.com\sharename

And for the ones we are removing access, we can keep the net use t: .del to delete the mappings when the user logs on, but we want to comment out the mapping, as such:

::Access Removed per Ace Fekay in Ticket# 123456 – net use x: \\contoso.com\SomeShareName$

And of course, this is based on reading a list of script.bat file names in a text file appropriately called, “SomeShareNameRemoveMappingsUserListBat.txt.”

Have fun!

Script:

– Updated script: 10/11/2015:

# *************************************************************************************
# If this is a migration, first run the robocopy script to copy all data
# Then run the netlogon report script to see how many bat files in netlogon
#    reference OldServerName
# Then run this script to replace any reference to OldServerName in the batch
#    files for each share.
# *************************************************************************************
# Modified by Ace Fekay 10/11/2015
#
# Changes:
#    Input file just needs to be samAccount names and no longer need .bat suffixed
#    Allows to change multiple scripts as long as they have a common name,
#    such as the server name
#    Accommodates if the multiple users have different mapped drive letters.
#
# *************************************************************************************

get-credential

# Used for testing – $Path = “\\contoso.com\NETLOGON\test-RemoveMapping2”

$Path = “\\contoso.com\NETLOGON”
$WhatAmIlookingFor = “contoso.com”

#This grabs the list of user UserAccounts from the input file.
$SourceListOfUserAccounts = “C:\PSScripts\Netlogon Search and Replace\UserFileList.txt”

#Example of UserFileList.txt:
# username1
# username2
# username3
# etc

cd $Path
$RemoveMappedDriveFromUserList = (get-content $SourceListOfUserAccounts)
$UserCount = 0
$MappingsRemoved = 0

Foreach ($User in $RemoveMappedDriveFromUserList) {

#This will annotate/suffix “.bat” to the end of each user name
$UserScript = $User+”.bat”
$UserCount++

$file = get-content $UserScript

    #only modify files that contain the string $WhatAmILookingFor
    if (Select-String -InputObject $file $WhatAmIlookingFor){

$MappingsRemoved++

    $file = $file -replace “net use .?\: \\\\contoso.com\\ShareName1″,”::Mapped Drive Access Removed by Ace Fekay per Ticket# 123456 – net use ?: \\contoso.com\ShareName1
    $file = $file -replace “net use .?\: \\\\contoso.com\\ShareName2\$”,”::Mapped Drive Access Removed by Ace Fekay per Ticket# 123456 – net use ?: \\Malvern\output$ \\contoso.com\ShareName2$
    $file = $file -replace “net use .?\: \\\\contoso.com\\ShareName3″,”::Mapped Drive Access Removed by Ace Fekay per Ticket# 123456 – net use ?: \\contoso.com\ShareName3

# *************************************************************************************
# Previous stuff I kept here for future reference but commented out:
#    $file = $file -replace “\\\\OldServerName\\ShareName1$”,”\\contos.com\ShareName1$”
#    $file = $file -replace “\\\\OldServerName\\ShareName2″,”\\contos.com\ShareName2”
#    $file = $file -replace “\\\\OldServerName\\ShareName3″,”\\contos.com\ShareName3”
#    $file = $file -replace “\\\\OldServerName\\ShareName4″,”\\contos.com\ShareName4”
#    $file = $file -replace “\\\\OldServerName\\ShareName5″,”\\contos.com\ShareName5”
#    $file = $file -replace “\\\\OldServerName\\ShareName6″,”\\contos.com\ShareName6”
#    $file = $file -replace “\\\\OldServerName\\ShareName7″,”\\contos.com\ShareName7”
#    $file = $file -replace “\\\\OldServerName\\ShareName8″,”\\contos.com\ShareName8”
#    $file = $file -replace “\\\\OldServerName\\ShareName9″,”\\contos.com\ShareName9”
# *************************************************************************************
   
#comment out net time statements if they exist
    $file = $file -replace “^net time”,”REM net time”
   
#write out the changes
    Set-Content -Value $file -Path $UserScript
    write-host $UserScript “was changed to” $file
    }
}

write-host “Total users:” $UserCount
write-host “Total Mappings removed:” $MappingsRemoved
# *************************************************************************************
# *************************************************************************************

– Old script prior to 10/10/2015:

# *************************************************************************************
# If this is for post-migration, first run the robocopy script to copy all data
# Then run the netlogon search report script to see how many script.bat files in netlogon reference SomehareName
# Then run this to replace any reference to SomeShareName to TheNewShareName or even just to disable the share or shares.
# Highly modified by Ace Fekay 10/3/2015
# *************************************************************************************

get-credential

$Path = “\\contoso.com\NETLOGON”

# This code snippet gets all the files in $Path that end in “.bat”.
cd $Path

$RemoveMappedDriveFromUserList = (get-content “C:\PSScripts\Netlogon Search and Replace\SomeShareNameRemoveMappingsUserListBat.txt”)
 
$UserCount = 0
$MappingsRemoved = 0

Foreach ($User in $RemoveMappedDriveFromUserList) {
$UserCount++
$file = $RemoveMappedDriveFromUser

# Only modify files that contain the string “SomeShareName”
    if (Select-String -InputObject $file “SomeShareName”){

$MappingsRemoved++

# Note that the following is doing a number of things, such as commenting out mappings that they are no longer permitted to use,
# providing comments, changing or updating sharenames, etc.
    $file = $RemoveMappedDriveFromUser
    $file = $file -replace “net use g\: \\\\contoso.com\\SomeShareName\$”,”::Access Removed per Ace Fekay in Ticket# 123456 – net use g: \\contoso.com\SomeShareName$”
    $file = $file -replace “net use X\: \\\\contoso.com\\SomeShareName\$”,”::Access Removed per Ace Fekay in Ticket# 123456 – net use x: \\contoso.com\SomeShareName$”
    $file = $file -replace “net use z\: \\\\contoso.com\\SomeOldShareName\$”,”net use z: \\contoso.com\SomeNewShareName$”
    $file = $file -replace “\\\\OldServerName\\ShareName1$”,”\\contoso.com\ShareName1$”
    $file = $file -replace “\\\\OldServerName\\ShareName2$”,”\\contoso.com\ShareName2$”
    $file = $file -replace “\\\\OldServerName\\ShareName3$”,”\\contoso.com\ShareName3$”
    $file = $file -replace “\\\\OldServerName\\ShareName4$”,”\\contoso.com\ShareName4$”
    $file = $file -replace “\\\\OldServerName\\ShareName5$”,”\\contoso.com\ShareName5$”

# Comment out net time statements
    $file = $file -replace “^net time”,”REM net time”
   
# Write out the changes
    Set-Content -Value $file -Path $_;
    }
}

write-host “Total users:” $UserCount
write-host “Total Mappings removed:” $MappingsRemoved
# *************************************************************************************

 

More to come…

Comments are welcomed.

==================================================================

Summary

I hope this helps!

Published 10/3/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image002622[2][2][2] clip_image004622[2][2][2] clip_image006622[2][2][2] clip_image008622[2][2][2] clip_image010622[2][2][2] clip_image012622[2][2][2]

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.