Per user, as you know; is difficult to tease out. Here's a sample of something
similar; but it would be an advertisement, not a ConfigItem; so that you could
then pull the data out via hardware inventory. A configitem makes more sense,
(your method), if you have a lot of shared machines; because you would need to
load up a user hive as system to try to look inside it.
This is probably more personal preference than anything concrete, but I tend to
avoid loading up user hives to read them--if I can in any way be kind to the
client, I try to do that. and loading up a hive and reading it could take more
time than I'm willing to think is a "good thing" on clients.
I'm not saying the right thing to do for you is to completely about-face and
switch to scripts run as adverts; but you could test at least the concept of
script #1 (to create and set security on a custom namespace) and then
subsequent scripts to populate that.
I adore ConfigItems as you know... but user specific stuff is one of those grey
areas where sometimes a "run only when user is logged in"
package/program/advert might provide more accurate results. But it all depends
what you're looking for.
On Thursday, April 23, 2015 9:03 AM, "Krueger, Jeff" <[email protected]>
wrote:
<!--#yiv5862267285 _filtered #yiv5862267285 {font-family:"Cambria
Math";panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv5862267285
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv5862267285
{font-family:"Lucida Console";panose-1:2 11 6 9 4 5 4 2 2 4;}#yiv5862267285
#yiv5862267285 p.yiv5862267285MsoNormal, #yiv5862267285
li.yiv5862267285MsoNormal, #yiv5862267285 div.yiv5862267285MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri",
sans-serif;}#yiv5862267285 a:link, #yiv5862267285
span.yiv5862267285MsoHyperlink
{color:#0563C1;text-decoration:underline;}#yiv5862267285 a:visited,
#yiv5862267285 span.yiv5862267285MsoHyperlinkFollowed
{color:#954F72;text-decoration:underline;}#yiv5862267285
span.yiv5862267285EmailStyle17 {font-family:"Calibri",
sans-serif;color:windowtext;}#yiv5862267285 span.yiv5862267285EmailStyle18
{font-family:"Calibri", sans-serif;color:#1F497D;}#yiv5862267285
.yiv5862267285MsoChpDefault {font-size:10.0pt;} _filtered #yiv5862267285
{margin:1.0in 1.0in 1.0in 1.0in;}#yiv5862267285 div.yiv5862267285WordSection1
{}-->Paging Sherry…. help From: [email protected]
[mailto:[email protected]]On Behalf Of Krueger, Jeff
Sent: Wednesday, April 22, 2015 2:05 PM
To: [email protected]
Subject: [mssms] Configuration Item to check printer connections in each
profile on a PC Hoping someone has done something like this before where you
need to loop through the user profiles and look for something in their registry
hive. I’ve made Configuration Item that runs a powershell script that checks
for connections to a particular print server. It does a reg load on each
user’s profile and then checks for reg keys pointing to the server we’re
interested in. I’m getting inconsistent results, the configuration item is
checking for a Boolean value returned by the script, if it’s false then the
machine is compliant. But I’m getting non-compliant results for machines I
know shoul d evaluate as compliant. The script is below, if anyone has a
simpler way to accomplish this, that would be super helpful. #Create New
PS Drive to access the user Keys New-PSDrive-PSProvider Registry-Name HKU
-Root HKEY_USERS | Out-Null Set-LocationHKU: #Create empty array to which we
will add our list of wrong printer connections $BadPrinters= @() #Gets the
current user's SID to look for printers $strCurrentUser=
(Get-WmiObjectWin32_ComputerSystem -Computer ".").UserName $objCurrentUser=
New-Object System.Security.Principal.NTAccount($strCurrentUser)
$strCurrentUserSID=
($objCurrentUser.Translate([System.Security.Principal.SecurityIdentifier])).Value
$PrintServer= '*PrintServer01*' #Lookup the printer in the current user
hive $GetKey= Test-Path .\$strCurrentUserSid\Printers\Connections IF
($GetKey-eq $true) { $BadPrintServer = Get-ChildItem
-Path.\$strCurrentUserSid\Printers\Connections| Where-Object {$_.Name-like
$Printserver} Foreach ($badconnectsin $BadPrintServer) { $BadPrinters
+="$badconnects" } } #Exclude users from list of profiles we will
load $strUserName= ((Get-WmiObjectWin32_ComputerSystem -Computer
".").UserName).Split('\')[1] $ExcludedUsers=
@($strUserName,'ADMINI~1','Public') #Reg load each user profile and check
for the printers $GetUsersToLoad= Get-ChildItem-path
"$env:SystemDrive\Users"-Exclude $ExcludedUsers $UserList= @() Foreach
($userin $GetUsersToLoad) { $UserList +=$user.Name }
Foreach ($profilein $UserList) { &Reg.exeLoad
HKU\$Profilec:\users\$Profile\ntuser.dat| Out-Null Start-Sleep -s 3
$TempGetKey= Test-Path HKU:\$Profile\Printers\Connections IF
($TempGetKey-eq $true) { $TempBadPrintServer = Get-ChildItem
-PathHKU:\$Profile\Printers\Connections| Where-Object {$_.Name-like
$PrintServer} Foreach ($connectionin $TempBadPrintServer)
{ IF ($connection-ne $Null) {
$BadPrinters +=$connection.ToString() Remove-Variable connection
} } Remove-Variable TempBadPrintServer
} Remove-Variable TempGetKey [gc]::Collect() Try{ & cmd /c
Reg.exe Unload HKU\$Profile2>&1 | Out-Null } Catch{} Start-Sleep
-s 3 cd HKU: } cdc: Remove-PSDriveHKU
$BadPrinters.count-gt '0' Jeff Krueger [email protected] IT - Henry
Ford Health System 248.853.4466
CONFIDENTIALITY NOTICE: This email contains information from the sender that
may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected
from disclosure. This email is intended for use only by the person or entity to
whom it is addressed. If you are not the intended recipient, any use,
disclosure, copying, distribution, printing, or any action taken in reliance on
the contents of this email, is strictly prohibited. If you received this email
in error, please contact the sending party by reply email, delete the email
from your computer system and shred any paper copies.
Note to Patients: There are a number of risks you should consider before using
e-mail to communicate with us. See our Privacy & Security page
onwww.henryford.com for more detailed information as well as information
concerning MyChart, our new patient portal. If you do not believe that our
policy gives you the privacy and security protection you need, do not send
e-mail or Internet communications to us.
