Tuesday, September 28, 2021

ODFB (One Drive For Business) , Reporting User Compliant Status

ODFB (One Drive For Business) , Reporting User Compliant Status

If you are implementing ODFB or have done it so, you probably want to make sure your clients are in compliant with KFM, Known Folder Move part of your corporate and security policy. With no question in mind, you are well aware of making sure end-user data is protected and at the least you have turned on few of the very basic known folders on the client computer to include with OneDrive sync.

Basic known folders are, Desktop, Documents and Picture folders on the client computer and making sure each of these known folders are included within corporate OneDrive sync. Below script is just going to help you with this specific goal. This simple script can run under user content and results can be exported to desired location. You could simply use any available automation tool, such as SCCM etc. to run the script and collect results into centralize location and generate reports that you need to understand your environment compliance requirements.

 

<#    

 

.NOTES

#=============================================

# Script      : KFMHealthCheckV1.ps1

# Created     : ISE 3.0 

# Author(s)   : Casey.Dedeal 

# Date        : 10/25/2019 21:51:59 

# Org         : ETC Solutions

# File Name   : KFMHealthCheckV1.ps1

# Comments    : SCCM will run this script under User Content

# Assumptions : SCCM job KFS heath Check Reports

#==============================================

 

SYNOPSIS           : KFMHealthCheckV1.ps1

DESCRIPTION        : Report User Shell Keys and ODFB GPO Keys

Acknowledgements   : Open license

Limitations        : None

Known issues       : None

Credits            : Casey Dedeal

 

.EXAMPLE

  .\KFMHealthCheckV1.ps1

 

  MAP:

  -----------

  #(1)_.Create Log VARS

  #(2)_.Define Variables for reg keys

  #(3)_.Collect PSObject information

  #(4)_.Function to create Log Folder

  #(5)_.Run function to Create Report Folder

  #(6)_.Setup PS Object to collect data to export CSV File on User PC

  #(7)_.Convert to PS Object to get ready to export collected Data

  #(8)_.Export USR KFS Health Data to CSV File, SCCM to collect this output

 

 

#>

 

 

  #(1)_.Create Log VARS

  $repname   = 'KFM-USR-Health-Report'

  $RepServer = $env:COMPUTERNAME

  $csvname1  = $Repname+'-Log.CSV'

  $now       = (get-Date -format 'dd-MMM-yyyy-HH-mm-ss-tt-')

  $user      = $env:USERNAME

  $desFol    = ("C:\temp\KFM\")

  $csvfile1  = $desFol+$RepServer+"-"+$now+$csvname1

 

 #(2)_.Define Variables for reg keys

 $HKCU  = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'

 $HKLM  = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive'

 

 #(3)_.Collect PSObject information

 $KFSObj1 = (Get-ItemProperty -path $HKCU)

 $KFSObj2 = (Get-ItemProperty -path $HKLM)

 

 #(4)_.Function to create Log Folder

 function Function-create-ReportFolder{

 

  [CmdletBinding()]

  param(

    [parameter(

     Mandatory         = $true,

     ValueFromPipeline = $true)]

     [string]$ReportPath)

 

 Try{

 

 if (!(Test-Path -Path $ReportPath))

 {

  New-Item -Type Directory -Path $ReportPath -ErrorAction Stop | Out-Null

 }

 

}catch{

  

    $errormessage = $($PSItem.ToString())

    Write-Warning 'Error has occoured'

    Write-host 'Problem FOUND:' $errormessage -ForegroundColor Red -BackgroundColor Black

   }

}

  

 #(5)_.Run function to Create Report Folder

 Function-create-ReportFolder -ReportPath $desFol

 

 #(6)_.Setup PS Object to collect data to export CSV File on User PC

 $tempObj = [ordered]@{

           

            'UserName'       = $env:USERNAME

            'Domain  '       = $env:USERDNSDOMAIN

            'Computer'       = $env:COMPUTERNAME

            'Profile'        = $env:USERPROFILE

            'Documents'      = ($KFSObj).Personal

            'Desktop'        = ($KFSObj).Desktop

            'Pictures'       = ($KFSObj).("My Pictures")

            'KFMIptIn'       = ($KFSObj2).KFMBlockOptIn

            'KFMWizard'      = ($KFSObj2).KFMOptInWithWizard

            'KFMSilentOptIn' = ($KFSObj2).KFMSilentOptInWithNotification

            'FileOnDemand'   = ($KFSObj2).FilesOnDemandEnabled

            'AutoBandwidth'  = ($KFSObj2).EnableAutomaticUploadBandwidthManagement

        }

 

 #(7)_.Convert to PS Object to get ready to export collected Data

 $KFSReport = New-Object -TypeName psobject -Property $tempObj

 

 #(8)_.Export USR KFS Health Data to CSV File, SCCM to collect this output

 $KFSReport | Export-Csv -Path $csvfile1  -NoTypeInformation -Append

 

 

Azure Solutions Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk

 


4 comments:

  1. vCloud Tech with the help of its IT industry-leading partners provides next-gen Office 365 disaster recovery tools.

    ReplyDelete
  2. Your PowerShell script, "KFMHealthCheckV1.ps1," is a tool to assess Known Folder Move (KFM) health in a corporate environment, ensuring cloud security solutions like OneDrive for Business (ODFB) are correctly synchronizing user known folders. Your script collects data, checks registry keys, and exports results to a CSV file for reporting. It should be integrated into a cloud security solution framework, like SCCM, to maintain compliance with KFM and ODFB settings. Review, testing, and adherence to security policies are crucial. Exercise caution and ensure proper permissions when running PowerShell scripts.

    ReplyDelete
  3. Impressive Article. Thanks for sharing.
    Azure DevOps Training Online
    Azure DevOps Online Training
    Azure DevOps Online Training in Hyderabad
    Azure DevOps Course Online
    Microsoft Azure DevOps Online Training
    Azure DevOps Training in Hyderabad
    Azure DevOps Training
    Azure DevOps Training in Ameerpet

    ReplyDelete

Setting up ISE Profile with Options

  Here is updated ISE profile. You can use it to built your own and make few adjustments.       # STARTING ADDS-ON MENU # ...