claudetools/temp/datto-recon.ps1

$ErrorActionPreference = 'SilentlyContinue'
Write-Output "=== HOST ==="
Write-Output $env:COMPUTERNAME
Write-Output "=== LOGGED-ON USER ==="
query user 2>$null

Write-Output ""
Write-Output "=== INSTALLED DATTO/WORKPLACE PRODUCTS (uninstall keys) ==="
$paths = @(
 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*',
 'HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
)
foreach ($p in $paths) {
  Get-ItemProperty $p -ErrorAction SilentlyContinue |
    Where-Object { $_.DisplayName -like '*Datto*' -or $_.DisplayName -like '*Workplace*' } |
    ForEach-Object { Write-Output ("  {0} | v{1} | {2}" -f $_.DisplayName, $_.DisplayVersion, $_.InstallLocation) }
}

Write-Output ""
Write-Output "=== DATTO PROGRAM FOLDERS ==="
Get-ChildItem 'C:\Program Files\Datto' -ErrorAction SilentlyContinue | ForEach-Object { Write-Output ("  {0}  (modified {1})" -f $_.Name, $_.LastWriteTime) }
Write-Output "--- SmartBadge DLLs present ---"
Get-ChildItem 'C:\Program Files\Datto' -Recurse -Filter 'DattoSmartBadgeShim*.dll' -ErrorAction SilentlyContinue | ForEach-Object { Write-Output ("  {0}" -f $_.FullName) }

Write-Output ""
Write-Output "=== DATTO WORKPLACE SERVICES / PROCESSES ==="
Get-Service -ErrorAction SilentlyContinue | Where-Object { $_.Name -like '*Datto*' -or $_.DisplayName -like '*Workplace*' } | ForEach-Object { Write-Output ("  svc {0} [{1}] {2}" -f $_.Name, $_.Status, $_.DisplayName) }
Get-Process -ErrorAction SilentlyContinue | Where-Object { $_.ProcessName -like '*Workplace*' -or $_.ProcessName -like '*Datto*' } | ForEach-Object { Write-Output ("  proc {0} (pid {1}) {2}" -f $_.ProcessName, $_.Id, $_.Path) }

Write-Output ""
Write-Output "=== HKLM Excel Addins (Datto) ==="
foreach ($base in @('HKLM:\Software\Microsoft\Office\Excel\Addins','HKLM:\Software\WOW6432Node\Microsoft\Office\Excel\Addins')) {
  Write-Output "[$base]"
  Get-ChildItem $base -ErrorAction SilentlyContinue | Where-Object { $_.PSChildName -like '*Datto*' } | ForEach-Object {
    Write-Output ("  {0}  LoadBehavior={1}" -f $_.PSChildName, (Get-ItemProperty $_.PSPath).LoadBehavior)
  }
}

Write-Output ""
Write-Output "=== CLSID InprocServer32 (SmartBadge shims) ==="
foreach ($clsid in @('{2B96EDC1-FDF3-47E1-B177-F205E7B98DF4}','{3C639243-95A2-400D-B4B4-4384DA7F61D3}')) {
  foreach ($base in @("HKLM:\Software\Classes\CLSID\$clsid\InprocServer32","HKLM:\Software\WOW6432Node\Classes\CLSID\$clsid\InprocServer32")) {
    $item = Get-Item $base -ErrorAction SilentlyContinue
    if ($item) {
      $def = $item.GetValue('')
      $tm  = $item.GetValue('ThreadingModel')
      Write-Output ("  {0}`n     -> {1}  [TM={2}]" -f $base, $def, $tm)
    } else {
      Write-Output ("  {0}`n     -> <MISSING>" -f $base)
    }
  }
}

Write-Output ""
Write-Output "=== Active user hive: Excel addin LoadBehavior + Resiliency ==="
Get-ChildItem 'Registry::HKEY_USERS' -ErrorAction SilentlyContinue | Where-Object { $_.Name -match 'S-1-12-1-|S-1-5-21-' -and $_.Name -notmatch '_Classes$' } | ForEach-Object {
  $sid = $_.PSChildName
  $ua = "Registry::HKEY_USERS\$sid\Software\Microsoft\Office\Excel\Addins"
  if (Test-Path $ua) {
    Get-ChildItem $ua -ErrorAction SilentlyContinue | Where-Object { $_.PSChildName -like '*Datto*' } | ForEach-Object {
      Write-Output ("  [$sid] HKCU addin {0} LoadBehavior={1}" -f $_.PSChildName, (Get-ItemProperty $_.PSPath).LoadBehavior)
    }
  }
  $rb = "Registry::HKEY_USERS\$sid\Software\Microsoft\Office\16.0\Excel\Resiliency"
  if (Test-Path "$rb\DoNotDisableAddinList") {
    (Get-ItemProperty "$rb\DoNotDisableAddinList").PSObject.Properties | Where-Object { $_.Name -notlike 'PS*' } | ForEach-Object { Write-Output ("  [$sid] DoNotDisable {0}={1}" -f $_.Name, $_.Value) }
  }
  if (Test-Path "$rb\DisabledItems") {
    $di = Get-Item "$rb\DisabledItems"
    if ($di.ValueCount -gt 0) { Write-Output ("  [$sid] DisabledItems has {0} entries (Excel has disabled an add-in)" -f $di.ValueCount) }
  }
}
Write-Output "=== END RECON ==="