Solved

Getting a User's Drive Mappings on a Remote Machine

Posted on 2004-04-22
8
620 Views
Last Modified: 2007-12-19
I just finished writing an application that our LAN Managers use to back up certain data and features from a user's machine. It works quite well (many thanks to those here who helped me to recursively search for files), but one feature that the LMs have requested is to grab a users drive mappings and write them out to the log file I'm using.

My first thought was to see if I could use the WNet functions to access a remote machine, but I couldn't find any documentation that would lead me to pursue that approach. I'm already using the registry on the remote machine to provide me with printer information, so that was my next thought for drive mappings. I knew this could be tricky because in the past, I have written services that load a user's profile, but in this case I won't be executing on the remote machine, only accessing it. So, knowing that the drive info is stored within the HKEY_USERS hive I thought I could leverage that. All the subkeys under that are SID's, and I figured that SID would correspond to the SID I could grab from calling LookupAccountName. So, I made the call, converted the SID to a string, but the SID I receive from the conversion does not match any of the SID subkey names under HKEY_USERS.

Does anyone know an easier way to pull a particular users drive mappings, or barring that, what I'm doing wrong?

Below is my function to lookup the SID and convert it to a string. It is incomplete at this point because I wanted to do a proof of concept to be reasonably sure I was getting a SID string I could then pass to RegOpenKey.

Thanks,
Jeff
***********************************************************
BOOL CFileBackupDlg::getMappings(CString strComputer, CString strUser)
{
      const unsigned int      MAX_NAME = 17;
      char            ch = '\0';
      char            szUser[MAX_PATH];
      char            szDomain[MAX_PATH];
      char            lpBuf[MAX_PATH];
      LPTSTR            strSid;
      BYTE            SidBuffer[1024];
      PSID            psid = (PSID)SidBuffer;
      SID_NAME_USE      sidUse;
      DWORD            cbSidBuff = 1024;
      DWORD            cbDomainName = sizeof (szDomain);

      
      ch = strUser[0];
      if ((ch == 'b') || (ch == 'B') || (ch == 'd') || (ch == 'D'))
            lstrcpy (szDomain, "bell-atl-n");
      if ((ch == 'v') || (ch == 'V') || (ch == 'z') || (ch == 'Z'))
            lstrcpy (szDomain, "us1");

      lstrcpy (szUser, szDomain);
      lstrcat (szUser, "\\");
      lstrcat (szUser, strUser);

      if (!LookupAccountName (strComputer,
                  szUser,
                  psid,
                  &cbSidBuff,
                  szDomain,
                  &cbDomainName,
                  &sidUse))
      {
            wsprintf (lpBuf, "SID lookup failed for user: %s in domain: %s\n", strUser, szDomain);
            MessageBox (lpBuf, "Error in LookupAccountName", MB_OK |MB_ICONSTOP);
            return FALSE;
      }
      else
      {
            BOOL bRes = ConvertSidToStringSid (psid, &strSid);
            MessageBox (strSid, "User SID", MB_OK);
            return TRUE;
      }
}
0
Comment
Question by:jpetter
8 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 10892151
>>what I'm doing wrong?

The subkeys under HKEY_USERS are only loaded when a user is logged on to that machine, this is the problem.
0
 

Author Comment

by:jpetter
ID: 10892205
Ah, I thought that HKEY_CURRENT_USER was loaded when a user logged on, and HKEY_USERS stored the hives of other users, but those not logged on.

Man, so does this mean I have to go the LogonUser route and work with that token? I hope not since I would probably need to do it as a service then to ensure I had the necessary credentials.

Thanks,
Jeff
0
 
LVL 86

Expert Comment

by:jkr
ID: 10892237
>>Man, so does this mean I have to go the LogonUser route and work with that token?

How would you do that remotely? The easiest way to collect that information is to grab it via a logon script and sent it to the collecting program.
0
 
LVL 14

Assisted Solution

by:wayside
wayside earned 150 total points
ID: 10893976
If using WMI is an option, you can use the Win32_LogicalDisk class to get all of the logical drives on a machine, including mapped ones. You can then use the ProviderName field to filter out mapped drives.

WMI is easy from VB, a pain in the a** from C++, though.

Here's a link to a VB script that does this. You can find sample C++ WMI code on CodeGuru.

http://www.microsoft.com/technet/community/scriptcenter/dfs/scrdfs18.mspx
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:jpetter
ID: 10894123
JKR,

You're right! Duh, I wasn't thinking. Of course LogonUser would not work as it would not be executing on the remote PC. We don't use logon scripts; all the drives are mapped persistently on the user's machine.

Wayside,

Thanks, I may end up checking that out. I've played around a little with WMI using C++ and to me it doesn't flow that well. It worked well with C# and VB, but it seems like the documentation and support for C++ and WMI is lagging far behind.

Thanks,
Jeff
0
 
LVL 86

Accepted Solution

by:
jkr earned 200 total points
ID: 10895361
>>If using WMI is an option

The problem that the user has to be logged on to obtain the file mappings persists, though.
0
 
LVL 5

Assisted Solution

by:rendaduiyan
rendaduiyan earned 150 total points
ID: 10895467
if you want to print out user information of remote machine, you can use
NetUserEnum, and must handle with wide char.
see MSDN for helps
0
 

Author Comment

by:jpetter
ID: 10898017
Rendaduiyan,

Thanks for the help. However, according to the documentation in the Platform SDK, there is no user info structure that will return the drive mappings, nor does the function return all system users and their data. It only returns information for those users that were created with a call to NetUserAdd. But I appreciate the help.

JKR,

Good point about the WMI issue. If I was going to be dependant upon the user being logged on, then I could use the registry with relative ease compared to WMI (but then I don't really know WMI).

Since there doesn't seem to be a solution to this, I'll split up the points. If anyone has any ideas though, I would be eager to hear them.

Thanks,
Jeff
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now