Jump to content



Photo

Remotely mapping network drive


  • Please log in to reply
22 replies to this topic

#1 +Odom

Odom

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 09-August 06

Posted 07 July 2008 - 10:59

I was wondering whether it is possible to remotely map a network share, and if so, how you would go about doing this.

We have an SMS package that installs an application that needs a specific network share mapped to the W:\ drive in order to work. After installing the software, we always need to go to the user or instruct him how to map this drive, so I was wondering if maybe it was possible to do this from my workplace, instead of having to go to the user or talk him through it.

I had a look at psexec and combined it with the net use command, but it always keeps failing, and I am doubting whether they will work together in the first place.

Any help is appreciated :)


#2 Volatile

Volatile

    Neowinian Senior

  • Joined: 12-October 06
  • Location: North Carolina

Posted 07 July 2008 - 11:12

Are you in a domain environment? Group Policy with the same script.

#3 OP +Odom

Odom

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 09-August 06

Posted 07 July 2008 - 11:16

Sorry, forgot the environment. Yes, AD 2003 environment, clients are all XP SP2 and I have local admin permissions on all the clients.

#4 Volatile

Volatile

    Neowinian Senior

  • Joined: 12-October 06
  • Location: North Carolina

Posted 07 July 2008 - 11:20

http://www.computerp...gon_scripts.htm

#5 OP +Odom

Odom

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 09-August 06

Posted 07 July 2008 - 14:15

Thanks for the link.

I had a read through it, but unfortunately it's not something we can use. I found out that at some point it was decided against using a logon script like this, because the GPO script will override any existing mappings to a W:\. Besides, I was told that there are already a lot of scripts during login and they don't want to add another one.

I'm still trying to get this to work with psexec and net use, but so far no luck.

#6 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 07 July 2008 - 16:23

Your going to have problems doing something like that with psexec. What account are you going to be running psexec under on the remote machine?

Not sure you can do something like that too easy. Your prob be better off just popping a batch file onto the users desktop, this is quite easy to do from you desktop -- have them click it that maps the drive for them as them. And then remove the batch file - again you can do from your desk real easy.

#7 VPuccetti

VPuccetti

    Go Linux

  • Joined: 13-February 07
  • Location: New Mexico

Posted 07 July 2008 - 18:04

Why not just create a simple vbs script and have active directory launch it. It won't take much time for it to be executed, and you can also have it on their desktop so they can execute it themselves.

option explicit
Dim WshNetwork, strNewName, strUser, strPassword, objshell, strDriveLetter

strDriveLetter = "W:"
strNewName = "Whatever name you want the drive to be"
strUser = "user logon for domain if needed"
strPassword = "password"

Set WshNetwork = WScript.CreateObject("WScript.Network")
WshNetwork.MapNetworkDrive "W:","\\network-path",false,strUser,strPassword

Set objShell = CreateObject("Shell.Application")
objShell.NameSpace(strDriveLetter).Self.Name = strNewName

wscript.quit


#8 OP +Odom

Odom

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 09-August 06

Posted 07 July 2008 - 20:10

Why not just create a simple vbs script and have active directory launch it. It won't take much time for it to be executed, and you can also have it on their desktop so they can execute it themselves.


AD is a no go, Security Team will not allow adding another script to automatically map a drive, for fear of overwriting any existing drives the users might already have mapped to the same letter.

Pardon my ignorance about scripting, which is virtually zero, but is all I need to do is put that code into a *.vbs file and run it? Do I need any additional software to run *.vbs files or will XP SP2 run that natively?

@BudMan

Your going to have problems doing something like that with psexec. What account are you going to be running psexec under on the remote machine?

Not sure you can do something like that too easy. Your prob be better off just popping a batch file onto the users desktop, this is quite easy to do from you desktop -- have them click it that maps the drive for them as them. And then remove the batch file - again you can do from your desk real easy.


Well, that's just it, I'm having problems with it and I'm not even sure this is possible.
I am running this from my PC from a DOS window with admin permissions. I also have local admin permissions on all the PC's. I think this isn't working so far, as it is executing the psexec and net use command on the other PC with my admin permissions, which don't have access to the share. I was trying to find out a way to do this, so that the mapping of the share would be done under the user account currently logged on.

I think I was running something like:
psexec \\pcname -c net use W: \\server\share
...and I also tried putting the net use command into a cmd file and run that one on the user PC, but this also only ended with error messages. I can post them tomorrow when I'm back at work, as right now I don't recall what exactly they are. But I believe that the above command will still run on the destination PC under my admin account, which is why it's failing.

I appreciate all the help :) I have no problem continuing in instructing a user how to do this or do it myself locally, I just thought there would maybe be a way I could do this easily from my workstation without too much hassle.

Edited by Odom, 07 July 2008 - 20:17.


#9 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 07 July 2008 - 21:32

The problem your going to have with psexec is its running as YOUR account on their machine -- so even if you map a drive.. Which you can do.. they do not have access to it under their session.

psexec is not the way to go for what your wanting to accomplish.

The command to map the drive needs to be executed as the user. This needs to be done in a login script, startup script, the user running the command, or user doing it directly, etc.

#10 Joel

Joel

    Neowinian Senior

  • Joined: 07-August 01

Posted 07 July 2008 - 23:50

AD is a no go, Security Team will not allow adding another script to automatically map a drive, for fear of overwriting any existing drives the users might already have mapped to the same letter.

Sorry, that's a bad excuse. Why are they letting the users dictate their mapped drives? That's ridiculous.

#11 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 08 July 2008 - 03:24

^ EXACTLY! We setup standard drives that are mapped, Dept drives, public, quaility documents, etc. Users are free to to map other drives if they want/need to other locations. But if we needed to bring another standard drive online for some application or new share, etc. The users would just have to move whatever personal maps they had to a new letter.

#12 OP +Odom

Odom

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 09-August 06

Posted 08 July 2008 - 04:31

Sorry, that's a bad excuse. Why are they letting the users dictate their mapped drives? That's ridiculous.


They're not, it's a bit more complicated. We have a lot of network drives that certain applications require and cannot just be remapped to something else. There is currently no list of existing drives, so implementing a strategy via AD without knowing what will be affected will not be done.

I don't like it as well, but there is nothing I can do about it. As almost all of the data we have is highly confidential, there is also the security concern that should drive mapping be done via AD, there is the chance that a user is added to a group he shouldn't and as a result have access to data he shouldn't have. I know that a lot of these are lame excuses, but we are currently in a transition phase where all of this should be consolidated.

I guess the easiest way would be to just put the basic net use command into a small batch file, copy it to the user's HDD and ask him/her to run it once.

Thanks to all of you for your help. I'm gonna give this a few more days to see if I can find a way to get this going, if so, I'll post the result here.

#13 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 08 July 2008 - 06:37

Well just to point out something.. Mapping a drive does NOT give the user permission to said files. Putting them in a security group that has permissions, or changing the permissions on the files does.. Not mapping the drive..

So any drive mapping script you might run via group policy or login script does not give them permissions to anything.. It just attempts to map a drive letter to a share. It has nothing to do with file security, unless the security was flawed in the first place an you method of keeping users from access stuff they shouldn't is not mapping it ;)

Also since it seems your application does not require a specific drive mapping.. Why not setup your loginscripts or AD to map * to the share, ie the next available drive letter. This way its not possible to step on any users existing maps.

net use * \\someserver\someshare

#14 OP +Odom

Odom

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 09-August 06

Posted 08 July 2008 - 07:06

The application requires a specific drive mapping, it can't be the next free one. I did another check, permissions are granted via a security group.

So, the way it is done is: Assign SMS package, assign AD membership (for permissions), map drive.

I know there are ways to do all this in one go, as the last company I worked for did all this with one group membership. I don't know why they don't want to implement this, as, if correctly done, this works just fine. I guess they are just paranoid about security concerns...

#15 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 08 July 2008 - 11:51

Still not understanding what security concerns??? Mapping a drive for a user who needs access to said share is not a security concern ;)

Manually mapping shares on users machines by hand is a total waste of time though ;)



Click here to login or here to register to remove this ad, it's free!