none
Help Required for Mapping Drives from another Domain RRS feed

  • Question

  • Hi Scripting Guys,

    I am currently in the process of putting a logon script together in order to map network drives for users. This should be easy, but the drive mappings will be connecting to storage on another domain - without any trust relationship between the domains.

    There is a legitimate reason for the trust not being there, if it was this would be much easier.

    Each user has their own logon script (%username%.bat), which has a list of drive mappings using the 'net use...' commands to map to the storage on the second domain. Within the second domain, they also have another AD account (exactly the same username format) with the correct permission to the storage.

    My initial idea was to place a script called 'runas.bat' within the 'NETLOGON' area of the domain they're logging into, with a one-liner of runas /user:<secondDomain>\%username% "%username%.bat" - hoping that this would run for each user, ask for their credentials to the second domain, and then run the required %username%.bat for that user to map the drives.

    The problem... the 'runas' script will not run against a UNC path, so the script also defaults to 'system32' and the %username%.bat scripts cannot be found.

    I have seen suggestions of temporarily mapping a drive letter within the 'runas.bat' script, but this would get messy.

    Any ideas/suggestions would be greatly appreciated.

    Cheers 

    • Moved by Bill_Stewart Wednesday, July 26, 2017 7:45 PM This is not "scripts on demand"
    Friday, June 23, 2017 9:13 AM

All replies

  • In modern Windows we use Group Policy to perform drive mapping.

    Batch files are deprecated and should no longer be used as logon scripts.

    Mapping to an untrusted domain is a bad idea as it will expose credentials for all to see.  It would be best that you teach the users how to map a drive with credentials and have them save the credentials in their vault.  Once the drive is "persisted" it will be automatically attached at each login.

    Your issue is common among untrained Admins and desktop techs.  If you have a certified Admin in your company you should sit down with them and work out the best way to approach this issue.


    \_(ツ)_/

    Friday, June 23, 2017 9:46 AM
  • The domain they're currently logging into will soon go, they're in the process of migrating all users, business data, and applications across to the new domain. The data has been moved, so they need a very temporary solution to map to the new storage area from their soon to be decommissioned domain.

    I realise for a long term drive mapping solution their are way better options, and the second domain already incorporates this.

    What we are looking for is a very quick solution for a very short period, adding to the very old 'net use' method already in place.
    • Edited by MDK1981 Friday, June 23, 2017 1:04 PM
    Friday, June 23, 2017 10:05 AM