2

I have an application which can execute a powershell script on remote windows machine. I am trying to map a network drive using a powershell script. When the same script executed at the endpoint, script works fine and able to map a network drive. But when the same script executed from my application, mapping a network drive done but as a disconnected network drive.

Now, my observations: I found that My application is executing the script with NT Authority\System account. May be because of this, mapped network drive is visible to a specific user as a disconnected drive. am I correct!!?

Now, the problem: What I can do to map a network drive available for all users? or Can I run my powershell script as a specific user, sothat drive will be mapped to that user only?

Anyhow, I have already tried running my powershell script as a different user from my application using Start-Process and Invoke-Command, it throws an error, says run winrm quickconfig which also did not work.

Any help? Appreciated!!

Pydev
  • 43
  • 1
  • 3

1 Answers1

2

When mapped from NT Authority\System the drive will show as disconnected, but it should work: Map a network drive to be used by a service

NOTE: The newly created mapped drive will now appear for ALL users of this system but they will see it displayed as "Disconnected Network Drive (Z:)". Do not let the name fool you. It may claim to be disconnected but it will work for everyone.

Moreover, mapping a drive using NT Authority\System is the only (although not officially supported) way to make a network drive available for all users.

If you want to map a drive for specific user, you'd have to run PowerShell as a different user. But it also means that you'd have to get credentials for that user.

This can be mitigated using token manipulation, but it's tricky. See Invoke-TokenManipulation function and it's ImpersonateUser parameter.

Community
  • 1
beatcracker
  • 1,359
  • 8
  • 13