Thursday, March 17, 2016

Determining which users are using offline files

One of my colleagues came to me today seeking advice on how to check which users are using offline files.  I honestly don't know why he needs to know this but, according to him, it is something that quite a lot of people on the Internet need to know.

Here's what we came up with...

He provided a registry area:
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\NetCache\SyncItemLog

Apparently this registry area is something that he found and it is not well known.  What he had discovered is that if a user has chosen to use offline files there will be sub-keys generated here.  If the user has not turned on offline files then there will not be any sub-keys.  The sub-key names are UNC paths to offline file locations.

So, this is where he came to me and said "How do we gather up this information on all of our users?"

What I came up with is two-fold.  First I created the PowerShell script below to gather the information into a log file.  The problem, however, is that the script must run under the user context of whichever user you want to check.  You can't run it as yourself or as system because it would not be able to read items from the other user's HKEY_CURRENT_USER hive.

The solution to the problem of running it as the local user is simply change the $OutputLog variable to point to a central share to which all of the users can write and then create a package with the script.  Have the package execute once per user per machine, under the user credentials, and only if a user is logged in.

Hopefully others find this useful.  If so, please +1, leave a commment, and/or link back to this blog.

Here's the script:

#Test-OfflineFileUse.ps1
#by Mark Randol
#randoltech.blogspot.net
new-psdrive -Name O -PSProvider FileSystem -Root "\\server\share"
$OutputLog = "O:\OfflineFilesCheck.csv"
Clear-Host
Set-Location -Path "Registry::HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\NetCache"
$SyncItemLogRegKey = (Get-ChildItem -Path . -Name)
IF ($SyncItemLogRegKey -like 'SyncItemLog')
{
    $SyncKey = (Get-ChildItem -path .\$SyncItemLogRegKey -Name)
    foreach ($SubKey in $SyncKey)
    {
        if ($SubKey -ne $null)
        {
            $LogOutputString = $env:USERDOMAIN + '\' + $env:USERNAME + ',' + $env:COMPUTERNAME + ',' + $SubKey
            Out-File -FilePath $OutputLog -Append -InputObject $LogOutputString
        }
    }
}
ELSE
{
    $SyncKey = "SyncItemLog registry key does not exist"
    $LogOutputString = $env:USERDOMAIN + '\' + $env:USERNAME + ',' + $env:COMPUTERNAME + ',' + $SyncKey
    Out-File -FilePath $OutputLog -Append -InputObject $LogOutputString
}

No comments:

Post a Comment