(imported topic written by SteveC91)
The analysis that comes with BigFix is great. One thing I want to do is strip down the analysis to just show systems that have USB devices (currently it shows all Windows computers with WMI). And, maybe look at only showing systems that have “removable drives” (outside of A:). I’m hoping this will give me a good idea of who’s using USB drives (thumb or HD).
Has anyone modified this analysis to this level?
Thanks
(imported comment written by brolly3391)
Honestly, I have not played much with analysis, but the relevance for what you are looking for might look like this:
q: exists (names of drives whose (type of it = “DRIVE_REMOVABLE” and name of it > “B:”))
A: False
T: 0.447 ms
(imported comment written by brolly3391)
If you prefer a bit more accuracy by using WMI at the expense of a lot slower evaluation:
q: exists (substring after “=” of (selects (“InterfaceType from Win32_DiskDrive”) of WMI as string)) whose (it =“USB”)
A: True
T: 36.723 ms
But I still prefer this for speed. It’s 82x faster!
q: exists (names of drives whose (type of it = “DRIVE_REMOVABLE” and name of it > “B:”))
A: False
T: 0.447 ms
The only way this statement would provide inaccurate results would be if you had floppy drives with drive letters greater than B: which is unheard of these days or if someone explicitly set their USB drive to use drive letter A: or B:. Either condition would be outside of normal Windows OS behaviours.
Cheers,
Brolly