Powershell: Creating and disconnecting a network map drive with the SYSTEM user

Question

I need to map a network drive with the SYSTEM user, I created a PS1 which is ran by a Scheduled Task, the first part maps the drive succesfully:

$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("y:", "\\SAN_SERVER\folder1", $false, "domain\service_user", "password")

After the mapping, a bunch of stuff is happening, copying files, etc

At the end of the script the mapped drive need to be disconnected:

& 'D:\Scripts\PsExec64.exe' -s cmd /c "net use y: /delete /yes"

This command works if I run it manually from my user account (I need to start PS as admin), however it does not work from the script in the Scheduled Task, I'm using PsExec64.exe because I found out that since the network drive was mapped with domain\user, it can only be disconnected with domain/service_user unless we use PsExec64.exe, is there a way to disconnect a drive using different credintials?

score 1 · Answer 1 · answered Aug 29 '16 at 16:47

1

I'll assume for the moment that you have compatibility/legacy reasons for not using the native New-PSDrive cmdlet from your Powershell script.

So then since you're already using the legacy MapNetworkDrive from WScript.Network, why are you using net use with psexec instead of just using its partner, RemoveNetworkDrive?

answered Aug 29 '16 at 16:47

Ryan Bolger

16,755
4
42
64

Hi Ryan, yes correct, New-PSDrive doesn't work on PS 2.0. I already explained in the question why I'm using PsExec64.exe, you cannot dismount network drives which were mapped by other users using NET USE from CMD. – ToastMan Aug 29 '16 at 17:47
Apologies, totally missed that part. – Ryan Bolger Aug 29 '16 at 18:09

score 0 · Answer 2 · answered Aug 30 '16 at 02:12

0

Consider not using drive letters. Powershell, even in 2.0, will let you use UNC paths extensively when working with the file system. So you can basically address the locations directly, without PSDrive or drive letter. Then you don't have to map anything, and you don't need to unmap them.

#as the service account
Set-Location \\SAN_SERVER\folder1
#this is the same as net use y: \\SAN_SERVER\folder1;cd y:

Then just do your file manipulation with relative paths. You can also assign the server name and folder path to variables so that you can use "$server\$folderpath\" in place of a drive letter.

answered Aug 30 '16 at 02:12

Jeter-work

845
4
15

Hi.. GPO is preventing us from storing passwords locally so we're running task scheduler with the SYSTEM account - which can only access local resources, resources on the domain require credentials. Is there a way to Set-Location \\SAN_SERVER\folder1 which specifying credentials? – ToastMan Aug 30 '16 at 13:26
Perhaps a managed service account? – Jeter-work Aug 30 '16 at 17:06

ToastMan · Accepted Answer · 2016-08-30T17:02:00.423

0

I found the answer and it's so silly..

& net use y: /delete /yes

This works when ran from a Scheduled Task by SYSTEM.. Just needed to add the &, shows my lack of PS skills.. oh boy

edited Aug 30 '16 at 17:02

answered Aug 30 '16 at 13:40

ToastMan

544
4
18
29

Powershell: Creating and disconnecting a network map drive with the SYSTEM user

3 Answers3