We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

View user 1's mapped drives when using "runas" as another user

Medium Priority
334 Views
Last Modified: 2012-05-11
Hi,

I'm working on a script which remaps a users' DVD drive to another drive letter... I have the script all working (using DISKPART) and it's brilliant... as long as you are an administrator!  One of the checks when re-assigning, is to make sure that the drive letter isn't already used... again - this works as administrator (under own profile).

This causes a bit of a problem when trying to run on a normal users' PC...

jbloggs1 is logged in... and wants to have his DVD re-mapped to Z:... but as he's just a user, he can't use the DISKPART command.  My script would check... and notice that he's already got his Z: drive mapped to \\server\share\folder1 so couldn't proceed...

Now... because he doesn't have permission - I need to have permission, so run the app as "adminuser1".  But this then looks at the "mapped drives" of adminuser1... rather than "jbloggs1" so won't provide a warning!

Is there any way that I can have the app running as "adminuser1" but seeing the mapped drives of "jbloggs1"?

(Note that logging the user off or changing their permissions is NOT an option!)
Comment
Watch Question

Author

Commented:
(To hopefully make it a bit clearer...)
SCENARIO 1:    XPuser01 has admin rights on the local machine.  He wants to change his DVD drive to point at his Z: instead of D:.  He would run my script, which would check the Z: drive to make sure it's not already mapped to... if it's not, it'll complete the move (using diskpart).

SCENARIO 2:  XPuser02 has no admin rights on the local machine.  He also wants to change his DVD drive to point to Z: instead of D:.  The script would need to be run under an admin account (say XPadmin01).  The script would run and attempt to check his Z: for a current mapping...

BUT... this now looks at the current mappings of XPadmin01's account... rather than XPuser02's.  This would proceed to map according to XPadmin01's account... and would subsequently change the DVD mapping.  This then leaves the DVD drive invisible to the user (as Z: is already mapped to \\server\share\folder1)

Make sense?
I don't believe it can be done in the manner you suggest. All actions are relative to the user that makes the changes.

Logon and Logoff scripts run with the the users' privileges but Startup and Shutdown scrips run with system privileges.

If you move the drive at the system level, assumedly the logon script mapping the drive will fail and the DVDRW will persist.

Accordingly, place that user in a different management context so he gets a different logon script.

IMO this is bad practice (assuming you have more than 1 person to support). You should make a SOE policy, get it approved by management and tell your users that's the way it is. ;)
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Thanks - I'll have a play around tomorrow and try to knock something up!

Author

Commented:
Hi,

I've gone down the route of using psgetsid (from pstools) and run as:
@ECHO OFF

SET findsid=\\server\share\folder\psgetsid.exe

FOR /F "tokens=1*" %%d in ('%findsid% %username% ^| find "S-1"') do set sidnum=%%d

Open in new window


I then use the %sidnum% variable to query the registry key shown in point 2 above... all other code is then built round that and it works great!!

Author

Commented:
The principal was right... except Step 1 would be more difficult to pin a SID to a certain user...

Using the psgetsid as declared in my last post allows you to query this and then continue with step 2 of subhashchy's solution!
thanks for notifying and glad it worked..
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.