PowerShell – Keeping data secure – Move all items from a users desktop to their My Documents


In my environment I have a constant battle with employees saving items on their desktops and expecting desktop support to be able to recover items when they are lost due to accidental deletion or hardware failure. Desktop remapping is an option but I like to allow users to store personal items on their machine (well at least its better than storing them on the network), hence the simple script below.

The script works by detecting environment variables for the users My Documents (obviously a remapped network location is recommended) and creating a subfolder within it called “Desktop Items”. It then starts a copy process before removing all items except shortcuts and the Personal folder from the users desktop.

If you want to be courteous to your users I also recommend using a GPO preference item to create a shortcut to their “Desktop Items” on their desktop. How you deploy the script is up to you, personally I use group policy preferences to create a shortcut to the powershell.exe in the users start up folder.

###############################################################################
#                                                                             #
# ****************** CREATED BY MAURICE DALY ON 16/01/2014 ****************** #
#                                                                             #
# Moves items from users desktop to a subfolder of their My Documents         #
#                                                                             #
# Version 1.0                                                                 #
# Version 1.1 Added functionality to copy leftover excluded files to MISC     #
#             Directory                                                       #
#                                                                             #
###############################################################################

$docspath = [environment]::getfolderpath("mydocuments") + "\Desktop Items"
$desktop = [environment]::getfolderpath("desktop")
$exclusions = @("*.iso", "*.lnk", "*.mp*", "*.exe", "*.msu", "*.url", "*.wav")
$mediafiles = @("*.iso", "*.mp*", "*.exe", "*.msu", "*.wav")

if (!(Test-Path $docspath))
{
new-item -Path $docspath -ItemType Directory
}

# List items to be copied / deleted
$filedirlist = Get-ChildItem -Path $desktop -Recurse -Exclude $exclusions | where FullName -NotLike *Personal* | where FullName -NotLike *Misc*

# Copy files and folders
$filedirlist |
Move-Item -Destination {
if ($_.PSIsContainer)
{
Join-Path $docspath $_.Parent.FullName.Substring($desktop.length)
}
else
{
Join-Path $docspath $_.FullName.Substring($desktop.length)
}
} -Force -Exclude $exclusions

# Set Miscellaneous folder location
$miscdocspath = [environment]::getfolderpath("desktop") + "\Misc"

# Collect list of legacy files to be moved
$legacyfilelist = Get-ChildItem -Path $desktop -Recurse -Include $mediafiles | where FullName -NotLike *Personal* | where FullName -NotLike *.lnk | where FullName -NotLike *Misc*

# Conditional statement to create a "Miscellaneous" directory for left over legacy files if they exist
if ($legacyfileslist -eq $null)
{
if (!(Test-Path $miscdocspath))
{
new-item -Path $miscdocspath -ItemType Directory
}
}

$legacyfilelist |
Copy-Item -Destination {
if ($_.PSIsContainer)
{
Join-Path $miscdocspath $_.Parent.FullName.Substring($desktop.length)
}
else
{
Join-Path $miscdocspath $_.FullName.Substring($desktop.length)
}
} -Force -ErrorAction SilentlyContinue

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s