Folder Redirection Detection [DV]
Summary
This script performs the folder redirection audit for the redirected folders of all users of the Windows machines. The folders which are used for audit are (Desktop, Document, Download, My Picture, My Video, My Pictures, Local AppData, History, Cookies, Cache, AppData, Favorites, Fonts, CD Burning, Administrative Tools, NetHood, Personal, PrintHood, Programs, Recent, SentTo, Start Menu, StartUp, Templates)
Sample Run
Dependencies
DataView - Folder Redirection Audit [Script]
Table - pvl_folder_redirection_audit
Solution - Folder Redirection Audit
Global Parameters
| Name | Example | Required | Description |
|---|---|---|---|
| TableName | pvl_folder_redirection_audit | True | Setting this variable will create the table with that name. It is not recommended to change it as the DV is aligned to the provided tablename as set in the example. |
User Parameters
| Name | Example | Required | Description |
|---|---|---|---|
| SetEnvironment | 1 | False | If set to 1, then the script will create the table with the table name set in the Global parameter only. |
Process
This script downloads the strapper module and executes the Strapper command "Get-UserRegistryKeyProperty" to gather the folder redirection of all active users on the computer for the folders (Desktop, Document, Download, My Picture, My Video, My Pictures, Local AppData, History, Cookies, Cache, AppData, Favorites, Fonts, CD Burning, Administrative Tools, NetHood, Personal, PrintHood, Programs, Recent, SentTo, Start Menu, StartUp, Templates)
Output
- Script Log
- Dataview
- Table pvl_folder_redirection_audit