Saturday, April 23, 2016

Outlook Folders and Powerhsell

I spend a LOT of time drafting procedures and monitoring penetration tests for my employer. This means I don't get a lot of time, even at home, for being a nerd and breaking things. I have been able to spend a bit more time in PowerShell. For some reason, I find that I am constantly having to "reorganize" my Outlook folders at work. Since I deal with a large number of people, groups, projects, AND spam, I have both a large number of Rules as well as a LARGE number of folders.

I found an older script for the listing of Outlook Folders. Being that I wanted a quick, easy visual of what the structure looked like in order to tweak my rule set...and get rid of the unnecessary stuff, I thought that this script would be perfect. While it didn't go as deep in the recursion as I needed, it was an excellent starting point and required very little modification to get the output I wanted and to go as many levels down as needed.

The original script, by Kent Finkle, can be found at:

The changes that I made to Kent's script, in addition to getting a full recursion:
  - added some visual help with the tree view
  - added to Folder name a count of how many items are in that folder

The Output resembles the below. I should note that my account is an MS Exchange account and I have not tested this against an IMAP/POP3 PST file.
---| Items: (1)
-----| Deleted ItemsItems: (24)
-----| InboxItems: (932)
-------| ___AttachmentsItems: (0)
-----| OutboxItems: (0)
-----| Sent ItemsItems: (2799)

The script as modified:
$comments = @'
Script name: Get-Subfolders.ps1 Created on: Friday, August 17, 2007
Author: Kent Finkle
Purpose: How can I use Windows Powershell to
Write a Script That Accesses All the Subfolders in My Outlook Inbox?

Modified: 22 April 2016
Author: Dave Werden
Comments: Updated Kent's Script to provide tree-like structure ouput

function GetSubfolders($Parent) {
    #spacers used to provide visual of different levels
    #each call to function means we've gone a level deeper
    $spacers = $spacers + "--" 

    $folders = $Parent.Folders
    Write-Host($spacers + "| " + $folder.Name + " with Items: (" +   $folder.Items.Count + ")")

    foreach ($folder in $folders) {
       $Subfolder = $Parent.Folders.Item($folder.Name)

# 6 is always the 'inbox'
#...try enumerating through a range of numbers and see
# what pops up :-)
$olFolderInbox = 6

$o = new-object -comobject outlook.application

$n = $o.GetNamespace("MAPI")

$spacers = "-"

foreach ($folder in $n.Folders) {
    Write-Host($spacers + $folder.Name)
#End Script

I think I mentioned above but to reiterate, I have only tried this against my own work and personal Outlook accounts. The iteration through the OST works fine, the attempt at home...not so much. But hey, it gives me something more to work and learn. :-) 

UPDATE: I was able to get this working just fine at home with PST files (yes, multiple). The trick was that I was running Outlook as a standard user and trying to execute the PS code from an elevated ISE instance. Some quick googling found me the problem.

For anyone one else:
The initial error I received:
new-object: ..... Exception from HRESULT: 0x80080005 (CO_E_SERVER_EXEC_FAILURE) .....

When you get this error with Microsoft Office components that you're trying to automate, the problem is that you are trying to interact from two different security levels. Running the script as a normal user works just fine. Now...I want to see about up and down grading user account perms within a PS script. I know that there are some elevation techniques and token impersonation scripts already out there...but it sounds fun to me. :-)

What I may do is work this into a module for different functions such as getting/setting rules and whatnot. The ultimate goal, in my free time, is to tweak and mess with the com interface to applications and what potential pentesting values are there. ;-)