Created
January 24, 2015 00:41
-
-
Save jabb3rd/a2264e09400ce05fc3dc to your computer and use it in GitHub Desktop.
Get list of files and directories of current logged on user on each machine from scan.list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function get-loggedonusers | |
| { | |
| param([Array]$Computer) | |
| $computers = get-wmiobject Win32_Computersystem -computername $Computer | |
| $report = @() | |
| foreach ($c in $computers) { | |
| $temp = "" | Select Computer, Username | |
| $temp.Computer = $c.name | |
| $temp.Username = $c.username | |
| $report += $temp | |
| } | |
| $report | |
| } | |
| $computers = Get-Content "scan.list" | |
| foreach ($comp in $computers) { | |
| if (Test-Connection -Cn $comp -BufferSize 16 -Count 1 -ea 0 -quiet) { | |
| Write-Host "[+] $comp" | |
| $lu = (get-loggedonusers $comp).Username | |
| $objUser = New-Object System.Security.Principal.NTAccount($lu) | |
| $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) | |
| $SID = $strSID.Value | |
| $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $comp) | |
| $regkey = $reg.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\$SID") | |
| $ProfileImagePath = $regkey.GetValue("ProfileImagePath") | |
| $drive, $path = $ProfileImagePath.split(':') | |
| Get-ChildItem -Path "\\$comp\$drive$\$path" -Recurse | Out-File -filepath "$comp.dir" -encoding OEM | |
| } else { | |
| Write-Host "[-] $comp" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment