Sign in to follow this  
Followers 0
Odom

Remotely mapping network drive

23 posts in this topic

I was wondering whether it is possible to remotely map a network share, and if so, how you would go about doing this.

We have an SMS package that installs an application that needs a specific network share mapped to the W:\ drive in order to work. After installing the software, we always need to go to the user or instruct him how to map this drive, so I was wondering if maybe it was possible to do this from my workplace, instead of having to go to the user or talk him through it.

I had a look at psexec and combined it with the net use command, but it always keeps failing, and I am doubting whether they will work together in the first place.

Any help is appreciated :)

Share this post


Link to post
Share on other sites

Are you in a domain environment? Group Policy with the same script.

Share this post


Link to post
Share on other sites

Sorry, forgot the environment. Yes, AD 2003 environment, clients are all XP SP2 and I have local admin permissions on all the clients.

Share this post


Link to post
Share on other sites

Thanks for the link.

I had a read through it, but unfortunately it's not something we can use. I found out that at some point it was decided against using a logon script like this, because the GPO script will override any existing mappings to a W:\. Besides, I was told that there are already a lot of scripts during login and they don't want to add another one.

I'm still trying to get this to work with psexec and net use, but so far no luck.

Share this post


Link to post
Share on other sites

Your going to have problems doing something like that with psexec. What account are you going to be running psexec under on the remote machine?

Not sure you can do something like that too easy. Your prob be better off just popping a batch file onto the users desktop, this is quite easy to do from you desktop -- have them click it that maps the drive for them as them. And then remove the batch file - again you can do from your desk real easy.

Share this post


Link to post
Share on other sites

Why not just create a simple vbs script and have active directory launch it. It won't take much time for it to be executed, and you can also have it on their desktop so they can execute it themselves.

option explicit
Dim WshNetwork, strNewName, strUser, strPassword, objshell, strDriveLetter

strDriveLetter = "W:"
strNewName = "Whatever name you want the drive to be"
strUser = "user logon for domain if needed"
strPassword = "password"

Set WshNetwork = WScript.CreateObject("WScript.Network")
WshNetwork.MapNetworkDrive "W:","\\network-path",false,strUser,strPassword

Set objShell = CreateObject("Shell.Application")
objShell.NameSpace(strDriveLetter).Self.Name = strNewName

wscript.quit

Share this post


Link to post
Share on other sites
Why not just create a simple vbs script and have active directory launch it. It won't take much time for it to be executed, and you can also have it on their desktop so they can execute it themselves.

AD is a no go, Security Team will not allow adding another script to automatically map a drive, for fear of overwriting any existing drives the users might already have mapped to the same letter.

Pardon my ignorance about scripting, which is virtually zero, but is all I need to do is put that code into a *.vbs file and run it? Do I need any additional software to run *.vbs files or will XP SP2 run that natively?

@BudMan

Your going to have problems doing something like that with psexec. What account are you going to be running psexec under on the remote machine?

Not sure you can do something like that too easy. Your prob be better off just popping a batch file onto the users desktop, this is quite easy to do from you desktop -- have them click it that maps the drive for them as them. And then remove the batch file - again you can do from your desk real easy.

Well, that's just it, I'm having problems with it and I'm not even sure this is possible.

I am running this from my PC from a DOS window with admin permissions. I also have local admin permissions on all the PC's. I think this isn't working so far, as it is executing the psexec and net use command on the other PC with my admin permissions, which don't have access to the share. I was trying to find out a way to do this, so that the mapping of the share would be done under the user account currently logged on.

I think I was running something like:

psexec \\pcname -c net use W: \\server\share

...and I also tried putting the net use command into a cmd file and run that one on the user PC, but this also only ended with error messages. I can post them tomorrow when I'm back at work, as right now I don't recall what exactly they are. But I believe that the above command will still run on the destination PC under my admin account, which is why it's failing.

I appreciate all the help :) I have no problem continuing in instructing a user how to do this or do it myself locally, I just thought there would maybe be a way I could do this easily from my workstation without too much hassle.

Edited by Odom

Share this post


Link to post
Share on other sites

The problem your going to have with psexec is its running as YOUR account on their machine -- so even if you map a drive.. Which you can do.. they do not have access to it under their session.

psexec is not the way to go for what your wanting to accomplish.

The command to map the drive needs to be executed as the user. This needs to be done in a login script, startup script, the user running the command, or user doing it directly, etc.

Share this post


Link to post
Share on other sites
AD is a no go, Security Team will not allow adding another script to automatically map a drive, for fear of overwriting any existing drives the users might already have mapped to the same letter.

Sorry, that's a bad excuse. Why are they letting the users dictate their mapped drives? That's ridiculous.

Share this post


Link to post
Share on other sites

^ EXACTLY! We setup standard drives that are mapped, Dept drives, public, quaility documents, etc. Users are free to to map other drives if they want/need to other locations. But if we needed to bring another standard drive online for some application or new share, etc. The users would just have to move whatever personal maps they had to a new letter.

Share this post


Link to post
Share on other sites
Sorry, that's a bad excuse. Why are they letting the users dictate their mapped drives? That's ridiculous.

They're not, it's a bit more complicated. We have a lot of network drives that certain applications require and cannot just be remapped to something else. There is currently no list of existing drives, so implementing a strategy via AD without knowing what will be affected will not be done.

I don't like it as well, but there is nothing I can do about it. As almost all of the data we have is highly confidential, there is also the security concern that should drive mapping be done via AD, there is the chance that a user is added to a group he shouldn't and as a result have access to data he shouldn't have. I know that a lot of these are lame excuses, but we are currently in a transition phase where all of this should be consolidated.

I guess the easiest way would be to just put the basic net use command into a small batch file, copy it to the user's HDD and ask him/her to run it once.

Thanks to all of you for your help. I'm gonna give this a few more days to see if I can find a way to get this going, if so, I'll post the result here.

Share this post


Link to post
Share on other sites

Well just to point out something.. Mapping a drive does NOT give the user permission to said files. Putting them in a security group that has permissions, or changing the permissions on the files does.. Not mapping the drive..

So any drive mapping script you might run via group policy or login script does not give them permissions to anything.. It just attempts to map a drive letter to a share. It has nothing to do with file security, unless the security was flawed in the first place an you method of keeping users from access stuff they shouldn't is not mapping it ;)

Also since it seems your application does not require a specific drive mapping.. Why not setup your loginscripts or AD to map * to the share, ie the next available drive letter. This way its not possible to step on any users existing maps.

net use * \\someserver\someshare

Share this post


Link to post
Share on other sites

The application requires a specific drive mapping, it can't be the next free one. I did another check, permissions are granted via a security group.

So, the way it is done is: Assign SMS package, assign AD membership (for permissions), map drive.

I know there are ways to do all this in one go, as the last company I worked for did all this with one group membership. I don't know why they don't want to implement this, as, if correctly done, this works just fine. I guess they are just paranoid about security concerns...

Share this post


Link to post
Share on other sites

Still not understanding what security concerns??? Mapping a drive for a user who needs access to said share is not a security concern ;)

Manually mapping shares on users machines by hand is a total waste of time though ;)

Share this post


Link to post
Share on other sites

Yes, well, you don't have to convince me :D Apparently their concern is about adding another script to a logon, however their reasoning still eludes me...

Unfortunately, in my current position I have no say in the matter, I am currently only enforcing the policies and cannot change them.

Share this post


Link to post
Share on other sites

From the sound of it, you have no say in the AD usage or how its run. But yes, if you copy that script I had into notepad and save it as *.vbs and run it locally, it will work.

the user and password are fields if you have to map a drive with specific permissions. You can change the drives around however you like. Our admin script here at work has 11 network drives. Different people in different departments have different scripts (because some programs we have require different drives) So I set up the different scripts for different users and have AD take care of the rest.

Share this post


Link to post
Share on other sites

Sorry, but that script is overkill for something as simple as mapping a drive

net use driveletter: \\servername\share /PERSISTENT:YES

This all that needs to be in the batch/cmd that you put on the desktop the user clicks on ;)

Share this post


Link to post
Share on other sites

Budman is right there. You don't need a VB script file to map a network drive. Been a while since I've done none AD network drive mapping, but I'm pretty sure the windows mapping process takes the current users credentials when trying to map a drive. If the user has permission to access the share they are trying to map then it'll map no problem. If they aren't allowed access, it won't let them access.

What I would do, seeing as the software you are talking about NEEDS a W: drive mapping...make it a reserved drive letter. To be honest, if you've got a company who allows users to map their own drives but there is software that requires a certain drive letter to work...then not reserving that drive letter is just plain stupid. And you can tell the people in charge of this that they are making a lot of extra work for themselves. Reserving drive letters is not difficult, and stops lots of headaches.

Summary:

reserving drives letters.....sensible, and provides hassle prevention in future.

providing user with list of reserved drive letters.....sensible, and provides hassle prevention in future.

having idiots in charge of 'network security and Active Directory'......not sensible, and provides massive hassle in future.

p.s. not calling you an idiot, as I did notice that you said you have no control over this...just input to the people in charge.

Share this post


Link to post
Share on other sites

lol you guys have no idea the hassle and grief they cause. But then again, the background for these issues is all political. Feel free to pm me if you're curious about it and would like to know more.

Anyway, thanks to all of you for your suggestions. In the end, I just created a simple *.cmd file with the net use command that BudMan already suggested and I either put it on their desktop and ask them to run it, or I just talk them through over the phone, or send them an email with nice screenshots and instructions if they're away.

I tried the script provided by Unholee, but it prompts for the username & password and just seems to be overly complicated. Running a net use from within the user's session seems simpler :D

Share this post


Link to post
Share on other sites

moved here

Share this post


Link to post
Share on other sites

Reminds me of the time i needed to change some mappings. I just wrote a batch file and saved it on the network share, then just used PSEXEC to call it. It was a while ago, but was something like this:

PSEXEC \\COMPUTER -u DOMAIN\ADMINISTRATOR -P PASSWORD "\\NETWORK SHARE\BATCHFILE.BAT"

<this batch file was on the network share that the Code above called i stuck it in the root of the network share>

@echo off

IF NOT EXISTS W:\ GOTO Change

Net use W: \\NewShare

:Change

Net use w: /Delete /no

Net use W: \\NewShare

exit

Share this post


Link to post
Share on other sites

"It was a while ago"

So was this thread, almost 2 years..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.