Getting all GPP Drive maps in a Domain with PowerShell

Group Policy Preferences are mostly great and frequently used to solve different kind of policy related problems in an it Environment.
There are a few PowerShell cmdlet for GPO’s (28 last time I checked) but only three of them are related to Group Policy Preferences.
2013-12-31 13-31-59.

Case and Solution
A customer of mine wanted to inventory their GPP Drive maps, and get information about what GPO, drive letter, drivepath, security Filtering and so on.

I know there are quite a few solutions that can do this for you, but why not use PowerShell when possible? 🙂

The script is using the GroupPolicy POSH-module which has been around since 2008R2, so this works even there.
It simply gets all Group policies in your domain, checks each policy for drive maps (by checking if Drives.xml exists) and gives you a bit of nice output. (ehh.. could be nicer, but anyway… )

See my examples below:
1. Gives you all Drive Map GPO’s plain and formats the output as a table.

2013-12-31 13-48-24
Note: The DriveAction object is not translated to a more friendly name at this time so U, stands for Update, D, for delete and so on. That is also applies on the DrivePersistent output (“Reconnect”).
Update: This is now updated so it gives you a bit of nicer output!

2. Searches for drive maps in a specific GPO.
2013-12-31 13-42-38

3. Exports the output to a csv.

.\Get-GPPDriveMaps.ps1 | Export-Csv DriveMaps.csv -NoTypeInformation

Get-GPPDriveMaps.ps1

<#
.SYNOPSIS     
           The script finds the GPP Drive Maps in your domain. 
.NOTES     
           File Name: Get-GPPDriveMaps.ps1     
           Author   : Johan Dahlbom, johan[at]dahlbom.eu     
           The script are provided “AS IS” with no guarantees, no warranties, and it confer no rights. 
#>
#Import the required module GroupPolicy
try
{
Import-Module GroupPolicy -ErrorAction Stop
}
catch
{
throw "Module GroupPolicy not Installed"
}
        $GPO = Get-GPO -All

        foreach ($Policy in $GPO){

                $GPOID = $Policy.Id
                $GPODom = $Policy.DomainName
                $GPODisp = $Policy.DisplayName

                 if (Test-Path "\\$($GPODom)\SYSVOL\$($GPODom)\Policies\{$($GPOID)}\User\Preferences\Drives\Drives.xml")
                 {
                     [xml]$DriveXML = Get-Content "\\$($GPODom)\SYSVOL\$($GPODom)\Policies\{$($GPOID)}\User\Preferences\Drives\Drives.xml"

                            foreach ( $drivemap in $DriveXML.Drives.Drive )

                                {New-Object PSObject -Property @{
                                    GPOName = $GPODisp
                                    DriveLetter = $drivemap.Properties.Letter + ":"
                                    DrivePath = $drivemap.Properties.Path
                                    DriveAction = $drivemap.Properties.action.Replace("U","Update").Replace("C","Create").Replace("D","Delete").Replace("R","Replace")
                                    DriveLabel = $drivemap.Properties.label
                                    DrivePersistent = $drivemap.Properties.persistent.Replace("0","False").Replace("1","True")
                                    DriveFilterGroup = $drivemap.Filters.FilterGroup.Name
                                }
                            }
                }
        }

The script can of course be extended with a lot more information, and make the output easier to read, but that’s a later project.

/Johan

Advertisements

11 thoughts on “Getting all GPP Drive maps in a Domain with PowerShell

  1. Pingback: Get all GPO deployed Printers with PowerShell | Tailspintoys - 365lab.net

      1. ramblingcookiemonster

        Haven’t dug into it, but curious – are preferences solely stored in XML? And if so, would it be possible to manage preference items via PowerShell (e.g. add or remove a Drive Map)? Might be interesting to explore.

        Borrowed your workflow and wrote Get-GPPFile and Get-GPPShortcut, but dealing with the filters is a bit less straightforward – i.e. Drive Maps typically get mapped by group; with others I had to add a Filters property to each object that contains a collection of any filters.childnodes.

        Cheers!

      2. Johan Dahlbom Post author

        Thanks! Nice work with your functions, soon we’ll have a complete GP preferences module 🙂
        I think it should be possible to for example change Drive Maps through the XML files, but haven’t had the time do dig down to if it works well to create new ones as well.
        I’ll see if I can get Darren (the gpoguy on sdmsoftware) to give us un answer.

      3. Johan Dahlbom Post author

        Hi Dennis, Thanks for reading!
        I am working hard to get the create part working as well, but since its much more complex and requires lots of time and testing, I’m not quite there yet.
        As soon as I am near to finish, I’ll let you know.
        Until then you can look in to sdmsoftware.com’s GPO automation toolkit that will let you create the Drive maps preferences as well.

  2. Pingback: PowerShell GPO Reporting: WSUS | Tailspintoys - 365lab.net

  3. Mike

    Thanks for posting this script. I had been auditing our GPO drive mappings manually each time a change is made. This makes it a breeze. The problem I am having is some of our drive mappings have multiple FilterGroup and FilterOrgUnit per mapping. When this is the case the group or OU variables are blank. Do you have any idea how I can deal with this? I have tried to set up a hash or array but I couldn’t get either of those to work.

    Reply
  4. Paul Distel

    I am also very interested in a powershell script creating the mappings as stored in drives.xml to execute as soon as I connect through VPN. Any updates? 🙂

    Reply
  5. BrettKennard

    Hello – Checking back in for the “set”-gppshorcut script to edit the xml file. As these settings can be exported to a csv, I am hoping that they can also be imported.

    Current example, a manual entry is required GPME\User Configuration\Preferences\Windows Settings\Shortcuts\ -> new shortcut -> Action:Update\Name:Misc\Target Type:URL\Location:Explorer Links\Target URL:Misc.com\etc.

    What you do is appreciated immensely!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s