Typically, I'd just use something like this to get the info I need:
Get-PSDrive -PSProvider FileSystem | Where-Object {$_.DisplayRoot -match "^\\\\"} | Select-Object -Property Root,DisplayRoot
However, we're working with an RMM that runs in the NT Authority\System context so the results are always blank.
I've had to do something similar before - where I find what user is logged in and find their SID and then figure out the path to the HKCU from there. But I cannot sort out how to get the drive letter & path for each mapped drive. Below is what I've got so far. (If there's a better way, by all means, tell me.)
$Username = (Get-WMIObject -ClassName Win32_ComputerSystem).Username
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
$User = New-Object System.Security.Principal.NTAccount($Username)
$SID = $User.Translate([System.Security.Principal.SecurityIdentifier])
$RegistryPath = "HKU:$($sid.Value)\Network"
With that code, I can typically sort the absolute path of HKCU for the user. At that point, I run something like this to list out all their mapped drives and their paths.
Get-ChildItem $RegistryPath
The output I get is what you see below:
Name Property
---- --------
g RemotePath : \\FS1\Company
UserName :
ProviderName : Microsoft Windows Network
ProviderType : 131072
ConnectionType : 1
ConnectFlags : 0
DeferFlags : 4
UseOptions : {68, 101, 102, 67...}
M RemotePath : \\FS1\ManagementTeam
UserName : 0
ProviderName : Microsoft Windows Network
ProviderType : 131072
ConnectionType : 1
ConnectFlags : 0
DeferFlags : 4
UseOptions : {68, 101, 102, 67...}
o RemotePath : \\FS1\Operations
UserName :
ProviderName : Microsoft Windows Network
ProviderType : 131072
ConnectionType : 1
ConnectFlags : 0
DeferFlags : 4
UseOptions : {68, 101, 102, 67...}
I tried piping the above command to a Select-Object and just grabbing the Name and RemotePath but I only get back the Name; the RemotePath is blank. For that matter, the Name has some extra fluff I don't need but I can live with it if need be.
Sample output:
Name RemotePath
---- ----------
HKEY_USERS\S-1-5-21-645643383-2545892271-1688843945-1108\Network\g
HKEY_USERS\S-1-5-21-645643383-2545892271-1688843945-1108\Network\M
HKEY_USERS\S-1-5-21-645643383-2545892271-1688843945-1108\Network\o
All I'm trying to do is get the drive letter and its path.
Something like this would be ideal:
Name RemotePath
---- ----------
G \\FS1\Company
M \\FS1\ManagementTeam
O \\FS1\Operations
To get your desired output, for the Name property you can use PSChildName and for the RemotePath property you can use .GetValue('RemotePath'); using Select-Object calculated properties the code would become:
$sid = [System.Security.Principal.WindowsIdentity]::GetCurrent().User
Get-ChildItem "Registry::HKEY_USERS\$($sid.Value)\Network" |
Select-Object @(
@{ N = 'Name'; E = 'PSChildName' }
@{ N = 'RemotePath'; E = { $_.GetValue('RemotePath') }})
To understand how PowerShell generates this default table output, you can inspect extended type definition using Get-FormatData:
$format = Get-FormatData Microsoft.Win32.RegistryKey
$format.FormatViewDefinition[0].Control.Rows[0].Columns | Format-Table -Wrap