Parse out info from a Net Use > %filename%.txt

(imported topic written by JamesN91)

parameter “outputfile” = “{pathname of parent folder of regapp “besclient.exe”}\netuse.txt”

waithidden {pathname of system folder}\cmd.exe /C net use >"{parameter “outputfile”}"

///This probally does not work, but something like this?

appendfile {concatenation “%0a%0d” of lines whose (it contains “:”) of it of parameter “output”}

delete “{parameter “outputfile”}”

move __appendfile “{parameter “outputfile”}”

New connections will not be remembered.

Status Local Remote Network

J: \XXXXX\XXXXXX

Microsoft Windows Network

The command completed successfully.

the goal is to create the action to drop a txt file in the Bes client folder that is later read by an analysis. Can Big Fix parse out all lines other then lines with a drive letter? I’d like the new netuse.txt file to contain only

J: \XXXXX\XXXXXX

Thank you.

(imported comment written by NoahSalzman)

This is sort of cheesy (due to the particular strings I’m relying on) but it might get you there:

following texts of firsts " " of preceding texts of firsts “Microsoft” of ((lines of file “c:\netuse.txt”) whose (it contains “\”))

(imported comment written by JamesN91)

I hit a road block before getting to the parsing.

Net Use when ran by BF client does not give the expected results. I need to get RunAsCurrentUser working. I’ve had no success with RACU in the past.

if {exists current user}waithidden C:\Program Files\BigFix Enterprise\BES Client\RunAsCurrentUser-2.0.exe --w cmd.exe /C net use > netuse.txt

Think RACU is failing because there is no Then / Else commands associated with the If?

(imported comment written by JamesN91)

Ran this very simple command…

waithidden C:\Program Files\BigFix Enterprise\BES Client\RunAsCurrentUser-2.0.exe --w cmd.exe /C net use > netuse1.txt

NetUse1.txt was generated, but it was empty.

What should I look at in terms of troubleshooting RunAsCurrentUser-2.0.exe?

(imported comment written by SystemAdmin)

Did you ever get this working? We need to return a list of all users mapped drives and have hit the roadblock of the TEM agent running as system and not having access to the current users environment.

(imported comment written by SystemAdmin)

This process works for me … try it.

Relevance:

exists current user

Action:

if {not exists file “c:\temp\RunAsCurrentUser.exe”}

download http://:52311/Uploads/1752aba5495d6a73a9e1565103edf83f42dffea1/big2.tmp

continue if { (size of it = 96258 and sha1 of it = “1752aba5495d6a73a9e1565103edf83f42dffea1”) of file “big2.tmp” of folder “__Download”}

extract big2.tmp

delete c:\temp\RunAsCurrentUser.exe

copy __Download\RunAsCurrentUser-2.0.2.exe c:\temp\RunAsCurrentUser.exe

endif

delete __appendfile

delete c:\temp\netuse.bat

appendfile @echo off

appendfile net use > c:\temp\netuse.txt

copy __appendfile c:\temp\netuse.bat

wait c:\temp\RunAsCurrentUser.exe --w cmd /C c:\temp\netuse.bat

delete c:\temp\drives.txt

delete __appendfile

appendfile {following texts of firsts " " of preceding texts of firsts “Microsoft” of ((lines of file “c:\temp\netuse.txt”) whose (it contains “\” AND it contains “:”))}

copy __appendfile c:\temp\drives.txt

(imported comment written by SystemAdmin)

JonL,

Excellent, thanks for that. Can you tell me how you pull that data back? Do you have an analysis that parses the txt file or are you uploading it the the BES server?

John