ODFB (One Drive For Business) , Reporting User Compliant Status
If you are implementing ODFB or have done it so, you probably want to make sure your clients are in compliant with KFM, “Known Folder Move” part of your corporate and security policy. With no question in mind, you are well aware of making sure end-user data is protected and at the least you have turned on few of the very basic known folders on the client computer to include with OneDrive sync.
Basic known folders are, Desktop, Documents and Picture folders on the client computer and making sure each of these known folders are included within corporate OneDrive sync. Below script is just going to help you with this specific goal. This simple script can run under user content and results can be exported to desired location. You could simply use any available automation tool, such as SCCM etc. to run the script and collect results into centralize location and generate reports that you need to understand your environment compliance requirements.
<#
.NOTES #============================================= # Script : KFMHealthCheckV1.ps1 # Created : ISE 3.0 # Author(s) : Casey.Dedeal # Date : 10/25/2019 21:51:59 # Org : ETC Solutions # File Name : KFMHealthCheckV1.ps1 # Comments : SCCM will run this script under User Content # Assumptions : SCCM job KFS heath Check Reports #==============================================
SYNOPSIS : KFMHealthCheckV1.ps1 DESCRIPTION : Report User Shell Keys and ODFB GPO Keys Acknowledgements : Open license Limitations : None Known issues : None Credits : Casey Dedeal
.EXAMPLE .\KFMHealthCheckV1.ps1
MAP: ----------- #(1)_.Create Log VARS #(2)_.Define Variables for reg keys #(3)_.Collect PSObject information #(4)_.Function to create Log Folder #(5)_.Run function to Create Report Folder #(6)_.Setup PS Object to collect data to export CSV File on User PC #(7)_.Convert to PS Object to get ready to export collected Data #(8)_.Export USR KFS Health Data to CSV File, SCCM to collect this output
#>
#(1)_.Create Log VARS $repname = 'KFM-USR-Health-Report' $RepServer = $env:COMPUTERNAME $csvname1 = $Repname+'-Log.CSV' $now = (get-Date -format 'dd-MMM-yyyy-HH-mm-ss-tt-') $user = $env:USERNAME $desFol = ("C:\temp\KFM\") $csvfile1 = $desFol+$RepServer+"-"+$now+$csvname1
#(2)_.Define Variables for reg keys $HKCU = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' $HKLM = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' #(3)_.Collect PSObject information $KFSObj1 = (Get-ItemProperty -path $HKCU) $KFSObj2 = (Get-ItemProperty -path $HKLM)
#(4)_.Function to create Log Folder function Function-create-ReportFolder{ [CmdletBinding()] param( [parameter( Mandatory = $true, ValueFromPipeline = $true)] [string]$ReportPath)
Try{
if (!(Test-Path -Path $ReportPath)) { New-Item -Type Directory -Path $ReportPath -ErrorAction Stop | Out-Null }
}catch{ $errormessage = $($PSItem.ToString()) Write-Warning 'Error has occoured' Write-host 'Problem FOUND:' $errormessage -ForegroundColor Red -BackgroundColor Black } } #(5)_.Run function to Create Report Folder Function-create-ReportFolder -ReportPath $desFol
#(6)_.Setup PS Object to collect data to export CSV File on User PC $tempObj = [ordered]@{ 'UserName' = $env:USERNAME 'Domain ' = $env:USERDNSDOMAIN 'Computer' = $env:COMPUTERNAME 'Profile' = $env:USERPROFILE 'Documents' = ($KFSObj).Personal 'Desktop' = ($KFSObj).Desktop 'Pictures' = ($KFSObj).("My Pictures") 'KFMIptIn' = ($KFSObj2).KFMBlockOptIn 'KFMWizard' = ($KFSObj2).KFMOptInWithWizard 'KFMSilentOptIn' = ($KFSObj2).KFMSilentOptInWithNotification 'FileOnDemand' = ($KFSObj2).FilesOnDemandEnabled 'AutoBandwidth' = ($KFSObj2).EnableAutomaticUploadBandwidthManagement }
#(7)_.Convert to PS Object to get ready to export collected Data $KFSReport = New-Object -TypeName psobject -Property $tempObj
#(8)_.Export USR KFS Health Data to CSV File, SCCM to collect this output $KFSReport | Export-Csv -Path $csvfile1 -NoTypeInformation -Append
|
Azure Solutions Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk
vCloud Tech with the help of its IT industry-leading partners provides next-gen Office 365 disaster recovery tools.
ReplyDeleteNice blog....CCM Framework
ReplyDeleteYour PowerShell script, "KFMHealthCheckV1.ps1," is a tool to assess Known Folder Move (KFM) health in a corporate environment, ensuring cloud security solutions like OneDrive for Business (ODFB) are correctly synchronizing user known folders. Your script collects data, checks registry keys, and exports results to a CSV file for reporting. It should be integrated into a cloud security solution framework, like SCCM, to maintain compliance with KFM and ODFB settings. Review, testing, and adherence to security policies are crucial. Exercise caution and ensure proper permissions when running PowerShell scripts.
ReplyDeleteImpressive Article. Thanks for sharing.
ReplyDeleteAzure DevOps Training Online
Azure DevOps Online Training
Azure DevOps Online Training in Hyderabad
Azure DevOps Course Online
Microsoft Azure DevOps Online Training
Azure DevOps Training in Hyderabad
Azure DevOps Training
Azure DevOps Training in Ameerpet