I have a script that maps a network drive, but the drive goes away after the user reboots or logs off.
I read that i needed to “Dot-Source” the script to get it to stick after a reboot. I created a second script to “Dot-Source” the mapping script (as the best to my understanding) but it still does not seem to work.
The drive maps and then goes away after a logoff still. Im not sure if I understand hot the dot-sourcing is suppose to work, but here is what I am using.
This is the script that uses the dot-source to kick off the mapping processes:
. \\<NetworkLocation>\<FileLocation>\MapDrive.ps1
# SIG # Begin signature block
# MIIFmgYJKoZIhvcNAQcCoIIFizCCBYcCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR......<so on and so on>
This is the script that does the actual mapping:
$User = Get-Content "<REMOVED-SecureInfo>"
$EPass = "\\<REMOVED-SecureInfo>"
$KeyFile = "\\<REMOVED-SecureInfo>"
$Key = Get-Content $KeyFile
$Creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $EPass | ConvertTo-SecureString -key $Key)
New-PSDrive -Name <DriveLetter> -PSProvider FileSystem -Root "\\<MappingLocation>" -Credential $Creds -Scope Global -Persist
# SIG # Begin signature block
# MIIFmgYJKoZIhvcNAQcCoIIFizCCBYcCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR....<so on and so on>
Where are you putting this script? Is this going into a GPO or running as a scheduled task? It is hard to say without know how the script is being executed.
Where are you putting this script? Is this going into a GPO or running as a scheduled task? It is hard to say without know how the script is being executed.
pwshliquori
[/quote]
It was originally going to be a GPO logon script, but testing lead to believe it takes much longer then just running it manually. So it was just going to be a “Who ever needs this…right click on this file and choose run in Powershell” email to everyone in our company.
[quote quote=147272]Dot sourcing is not required and will not impact in any way here to persist the mapped drive. Actually -Persist should do the trick.
Can you try creating a persistent network drive mapping using net.exe
[/quote]
I started going down the net.exe path at first, but could not find instructions on doing the encrypted login password as I have done here in my script.
Looking at your script, it does not look like you are adding a value for the -Name parameter. Is that intentional or just for the purposes of posting? The -Name parameter requires an A-Z for drive letters when using the -Persist parameter. Using New-PSDrive would be the same as using net use to map network drives.
Per Microsoft’s documentation, you are correct. In order for New-PSDrive to map indefinitely, you need to dot-source your script.
“When you scope the command locally, that is, without dot-sourcing, the Persist parameter does not persist the creation of a PSDrive beyond the scope in which you run the command. If you run New-PSDrive inside a script, and you want the new drive to persist indefinitely, you must dot-source the script. For best results, to force a new drive to persist, specify Global as the value of the Scope parameter in addition to adding Persist to your command.”
I can not use the Microsoft GPO because the mapping is to a machine on a workstation in our DMZ, and all my users are in a domain. GPOs will not allow me to enter the login information for an account outside of the domain due to security vulernabilities this feature was removed in 2013 I think…so the straight GPO method does not work in this case.
I do have a letter assigned in the script…I pulled it out for security reasons and added <Removed>, but for some reason it is not showing my <REMOVED> quotes. We will say I have the script written with -drive Z for poops and giggles.
Are you saying to just combine the two scripts into one?
So add the . \NetworkShare\MapDrive.ps1 inside of the the MapDrive.ps1 script? Would this not call itself and turn into an infinate loop where it would start the script and the first line would then start the script again which would then call to start the script again, etc…?
I would defiantly suggest that you would investigate having a domain controller in a segmented part of your DMZ and having specific FW network rules to allow for authentication. Having a local script while seems like the easier option here however secure-string passwords can be decrypted using the same user context it’s less secure.
I would defiantly suggest that you would investigate having a domain controller in a segmented part of your DMZ and having specific FW network rules to allow for authentication. Having a local script while seems like the easier option here however secure-string passwords can be decrypted using the same user context it’s less secure.
Cheers,
PSM
[/quote]
Im not really sure how adding a DC to my DMZ would help as the computer we are trying to map the folder to is not domain joined…so I still need the script to input the usable account on the local machine…?
I have read that the encrypted password in the script is not ideal, but its better than nothing at this point until I can find a better path.