List Offline Files (PowerShell)
Log In or Register to download the BES file, and more.

0 Votes

Collections (part of 1 collection)

PowerShell

Description

List Offline Files

This is considered a brute force search since it recursively looks at every file. 

Be careful to try and be specific with which folder to start your search.  If you start at the "c:\" folder, the scan is likely to take a very long time... and this task waits for that search to complete... thus your client will be stalled until this search is finished.

The results file is saved in the "parent folder of the client" and named "OfflineFiles.csv".

Property Details

ID644
TitleList Offline Files (PowerShell)
DomainBESC
CategorySearch
Download Size0
Sourcedanielheth@bigfix.me
Source ID<Unspecified>
Source Severity<Unspecified>
Source Release Date10/26/2012 12:00:00 AM
Keywordsmicrosoft offline files
Is TaskTrue
Added by on 10/26/2012 4:07:08 PM
Last Modified by on 10/26/2012 4:07:08 PM
Counters 8419 Views / 54 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 9 fixlets and 4 analyses   * Results in a true/false
Show indented relevance
name of operating system as string contains "Win"
Used in 11 fixlets and 5 analyses   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1" whose (value "Install" of it as integer = 1) of registry
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine" whose (value "PowerShellVersion" of it as string as version >= "2.0") of registry

Actions

Action 1 (default)

Action Link Click  here  to search for offline folders/files.
Script Type BigFix Action Script 
action parameter query "startDir" with description "Specify the root folder path you want to scan recursively through:" and with default value "c:\users"
//============================================================================
//PowerShell Script... 
//
//1. Save old ExecutionPolicy value
parameter "PolicyExisted"="{exists value "ExecutionPolicy" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of (if exists x64 registry then x64 registry else registry)}"
parameter "oldExecutionPolicy"="{if (parameter "PolicyExisted" as boolean) then (value "ExecutionPolicy" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of (if exists x64 registry then x64 registry else registry) as string) else ""}"
//2. set to ExecutionPolicy=Unrestricted  and Pull PowerShell exe from registry... if 64bit then pull PowerShell x64
if {x64 of operating system}
    regset64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="Unrestricted"
    parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
else
	//we need to determine what the current execution policy is so we can put it back when we're done.
    regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="Unrestricted"
    parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of registry}"
endif
//3. Create PowerShell script and save to a ps1 file
delete __appendfile
delete script.ps1
appendfile Get-ChildItem "{parameter "startDir"}" -recurse | Where-Object {$_.Attributes -eq 'offline'} | Export-Csv "{pathname of parent folder of client}\OfflineFiles.csv"
move __appendfile script.ps1
//4. Execute PowerShell with ps1 script file
action uses wow64 redirection false 
waithidden "{parameter "PowerShellexe"}" -file "{pathname of client folder of current site}\script.ps1"
action uses wow64 redirection {x64 of operating system}
//5. Restore ExecutionPolicy back
if {x64 of operating system}
    if {parameter "PolicyExisted" as boolean}
        regset64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="{parameter "oldExecutionPolicy"}"
    else
        regdelete64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"
    endif
else
    if {parameter "PolicyExisted" as boolean}
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="{parameter "oldExecutionPolicy"}"
    else
        regdelete "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"
    endif
endif
//============================================================================
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to learn about Ben Shorehill's research into the powershell command we're using.
Script Type URL 
http://www.symantec.com/connect/downloads/csv-report-all-offline-files-powershell

Action 3

Action Link Click here to learn about Microsoft's Offline Files features.
Script Type URL 
http://windows.microsoft.com/en-US/windows-vista/Understanding-offline-files

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as