none
Drives mounted as Unavailable on the remote machine using Invoke-Command RRS feed

  • Question

  • Hi Everyone,

    After installing the latest Windows updates, I'm facing an issue when I try to mount a network drive on a remote machine using the Invoke-Command cmdlet.

    My requirement is to run the mount command from Python, so I'm launching a PS script which takes the remote machine's credentials, and execute the command using Invoke-Command.

    Tried executing the commands directly from PS Console:

    >>> $cred = Get-Credential administrator

    >>>

    >>> Invoke-Command -ScriptBlock {net use} -ComputerName xxx.xxx.xxx.xxx -Credential $cred

    New connections will be remembered.

    There are no entries in the list.

    >>>

    >>> Invoke-Command -ScriptBlock {net use X: \\SHARE /user:domain\username password /persistent:YES /y} -ComputerName xxx.xxx.xxx.xxx -Credential $cred
    The command completed successfully.

    >>>

    >>> Invoke-Command -ScriptBlock {net use} -ComputerName xxx.xxx.xxx.xxx -Credential $cred
    New connections will be remembered.


    Status       Local     Remote                    Network

    -------------------------------------------------------------------------------
    Unavailable  X:        \\SHARE       Microsoft Windows Network
    The command completed successfully.

    >>>

    The share is only accessible inside the ScriptBlock, but not after, or within the PSSession, if I use Enter-PSSession.

    --------------------------------------------------------------------------------------------------------------------------------------------

    PS C:\WINDOWS\system32> Invoke-Command -ScriptBlock {gdr; net use X: \\SHARE /user:domain\username password /persistent:YES /y; net use; gdr} -ComputerName xxx.xxx.xxx.xxx -Credential $cred -HideComputerName

    Name           Used (GB)     Free (GB) Provider      Root                                               CurrentLocation
    ----           ---------     --------- --------      ----                                               ---------------
    A                                                    A:\
    Alias
    C                  54.37         95.28               C:\                                  Users\Administrator\Documents
    Cert                                                 \
    D                                                    D:\
    E                 119.87         30.13               E:\
    Env
    Function
    HKCU                                                 HKEY_CURRENT_USER
    HKLM                                                 HKEY_LOCAL_MACHINE
    Variable
    WSMan
    The command completed successfully.

    New connections will be remembered.


    Status       Local     Remote                    Network

    -------------------------------------------------------------------------------
    OK           X:        \\SHARE       Microsoft Windows Network
    The command completed successfully.

    A                                                    A:\
    Alias
    C                  54.37         95.28               C:\                                  Users\Administrator\Documents
    Cert                                                 \
    D                                                    D:\
    E                 119.87         30.13               E:\
    Env
    Function
    HKCU                                                 HKEY_CURRENT_USER
    HKLM                                                 HKEY_LOCAL_MACHINE
    Variable
    WSMan
    X                 152.07        323.13               X:\


    PS C:\WINDOWS\system32>

    --------------------------------------------------------------------------------------------------------------------------------------------


    Same happens even if I use CredSSP, which shouldn't even matter here as per my opinion, because I'm already passing the credentials to the net use command.

    I got the same results with New-PSDrive cmdlet as well as with PsExec.

    It only worked with if I passed the -s flag, i.e., as SYSTEM account to PsExec.


    • Moved by Bill_Stewart Thursday, December 20, 2018 9:57 PM This is not "troubleshoot my security issue for me" forum
    Tuesday, October 16, 2018 1:05 PM

All replies

  • You cannot remotely map a drive as it is prohibited by security.  Search for "second hop restriction" to learn why.


    \_(ツ)_/

    Tuesday, October 16, 2018 1:42 PM
  • Hi @jrv,

    I read the articles about the second hop, but is it a change with the recent updates?

    My script has been running for more than a year, but it is from past 2-3 months, that I've started facing these issues.

    In any case, I enabled CredSSP, configured the roles, and yet I saw the same results.

    The drive was still mounted as Unavailable.

    And for this, I would need to configure the Roles on all the machines which would be accessed remotely, which seems like a tedious task.

    Is there any workaround?

    Appreciate the help!

    Wednesday, October 17, 2018 11:02 AM
  • First you need to tell us what it is you are trying to do.  So far you have been very vague and misleading.

    A share is not \\share. It is "\\computername\sharename".

    "net use" is unnecessary with PowerShell.  Use "New-PsDrive"


    \_(ツ)_/

    Wednesday, October 17, 2018 4:27 PM
  • I'm trying to mount a network share on machine B remotely, from the machine A using the Invoke-Command cmdlet.

    From machine A, I run the Invoke-Command cmdlet, and pass the command to mount a network share in the -Scriptblock section.

    I tried with both net use and New-PSDrive but both results in the same output.

    I tried with CredSSP Authentication as well, but unable to access the drive.

    The \\share is actually \\computer\share.

    I can access the newly mounted drive easily inside the same ScriptBlock, but not in the next / any future commands.

    The need here is to be able to mount the drive permanently, so I can access it in the same / later session(s) afterwards.

    Tuesday, October 23, 2018 8:21 AM
  • The drive will not be available if it is not persisted.

    To create a session that is reusable use "New-PsSession" and use that session to invoke your scriptblocks.


    \_(ツ)_/

    Tuesday, October 23, 2018 8:49 AM
  • I tried with the Persist flag for both net use and New-PSDrive but to no help.

    net use X: \\SHARE /user:domain\username password /persistent:YES

    With New-PSSession, I can use the session object in the same runspace only, but not in subsequent PowerShell processes.

    Wednesday, October 24, 2018 12:29 PM