public static IEnumerable <RegMountedDrive> Get_RegistryMountedDrive(Args_Get_WMIRegMountedDrive args = null)
{
return(GetWMIRegMountedDrive.Get_WMIRegMountedDrive(args));
}
public static IEnumerable <RegMountedDrive> Get_WMIRegMountedDrive(Args_Get_WMIRegMountedDrive args = null)
{
if (args == null)
{
args = new Args_Get_WMIRegMountedDrive();
}
var MountedDrives = new List <RegMountedDrive>();
foreach (var Computer in args.ComputerName)
{
// HKEY_USERS
var HKU = 2147483651;
try
{
var Reg = WmiWrapper.GetClass($@"\\{Computer}\ROOT\DEFAULT", "StdRegProv", args.Credential);
// extract out the SIDs of domain users in this hive
var outParams = WmiWrapper.CallMethod(Reg, "EnumKey", new Dictionary <string, object> {
{ "hDefKey", HKU }, { "sSubKeyName", "" }
}) as System.Management.ManagementBaseObject;
var names = outParams["sNames"] as IEnumerable <string>;
if (names == null)
{
continue;
}
var UserSIDs = names.Where(x => x.IsRegexMatch($@"S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$"));
foreach (var UserSID in UserSIDs)
{
try
{
var UserName = ConvertFromSID.ConvertFrom_SID(new Args_ConvertFrom_SID {
ObjectSID = new[] { UserSID }, Credential = args.Credential
}).FirstOrDefault();
outParams = WmiWrapper.CallMethod(Reg, "EnumKey", new Dictionary <string, object> {
{ "hDefKey", HKU }, { "sSubKeyName", $@"{UserSID}\Network" }
}) as System.Management.ManagementBaseObject;
var DriveLetters = outParams["sNames"] as IEnumerable <string>;
if (DriveLetters == null)
{
continue;
}
foreach (var DriveLetter in DriveLetters)
{
outParams = WmiWrapper.CallMethod(Reg, "GetStringValue", new Dictionary <string, object> {
{ "hDefKey", HKU }, { "sSubKeyName", $@"{UserSID}\Network\{DriveLetter}" }, { "sValueName", "ProviderName" }
}) as System.Management.ManagementBaseObject;
var ProviderName = outParams["sValue"] as string;
outParams = WmiWrapper.CallMethod(Reg, "GetStringValue", new Dictionary <string, object> {
{ "hDefKey", HKU }, { "sSubKeyName", $@"{UserSID}\Network\{DriveLetter}" }, { "sValueName", "RemotePath" }
}) as System.Management.ManagementBaseObject;
var RemotePath = outParams["sValue"] as string;
outParams = WmiWrapper.CallMethod(Reg, "GetStringValue", new Dictionary <string, object> {
{ "hDefKey", HKU }, { "sSubKeyName", $@"{UserSID}\Network\{DriveLetter}" }, { "sValueName", "UserName" }
}) as System.Management.ManagementBaseObject;
var DriveUserName = outParams["sValue"] as string;
if (UserName == null)
{
UserName = "";
}
if (RemotePath != null && (RemotePath != ""))
{
var MountedDrive = new RegMountedDrive
{
ComputerName = Computer,
UserName = UserName,
UserSID = UserSID,
DriveLetter = DriveLetter,
ProviderName = ProviderName,
RemotePath = RemotePath,
DriveUserName = DriveUserName
};
MountedDrives.Add(MountedDrive);
}
}
}
catch (Exception e)
{
Logger.Write_Verbose($@"[Get-WMIRegMountedDrive] Error: {e}");
}
}
}
catch (Exception e)
{
Logger.Write_Warning($@"[Get-WMIRegMountedDrive] Error accessing {Computer}, likely insufficient permissions or firewall rules on host: {e}");
}
}
return(MountedDrives);
}
