Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

View user 1's mapped drives when using "runas" as another user

Hi,

I'm working on a script which remaps a users' DVD drive to another drive letter... I have the script all working (using DISKPART) and it's brilliant... as long as you are an administrator!  One of the checks when re-assigning, is to make sure that the drive letter isn't already used... again - this works as administrator (under own profile).

This causes a bit of a problem when trying to run on a normal users' PC...

jbloggs1 is logged in... and wants to have his DVD re-mapped to Z:... but as he's just a user, he can't use the DISKPART command.  My script would check... and notice that he's already got his Z: drive mapped to \\server\share\folder1 so couldn't proceed...

Now... because he doesn't have permission - I need to have permission, so run the app as "adminuser1".  But this then looks at the "mapped drives" of adminuser1... rather than "jbloggs1" so won't provide a warning!

Is there any way that I can have the app running as "adminuser1" but seeing the mapped drives of "jbloggs1"?

(Note that logging the user off or changing their permissions is NOT an option!)
0
Jofnn
Asked:
Jofnn
  • 4
  • 2
1 Solution
 
JofnnAuthor Commented:
(To hopefully make it a bit clearer...)
SCENARIO 1:    XPuser01 has admin rights on the local machine.  He wants to change his DVD drive to point at his Z: instead of D:.  He would run my script, which would check the Z: drive to make sure it's not already mapped to... if it's not, it'll complete the move (using diskpart).

SCENARIO 2:  XPuser02 has no admin rights on the local machine.  He also wants to change his DVD drive to point to Z: instead of D:.  The script would need to be run under an admin account (say XPadmin01).  The script would run and attempt to check his Z: for a current mapping...

BUT... this now looks at the current mappings of XPadmin01's account... rather than XPuser02's.  This would proceed to map according to XPadmin01's account... and would subsequently change the DVD mapping.  This then leaves the DVD drive invisible to the user (as Z: is already mapped to \\server\share\folder1)

Make sense?
0
 
dynamik74Commented:
I don't believe it can be done in the manner you suggest. All actions are relative to the user that makes the changes.

Logon and Logoff scripts run with the the users' privileges but Startup and Shutdown scrips run with system privileges.

If you move the drive at the system level, assumedly the logon script mapping the drive will fail and the DVDRW will persist.

Accordingly, place that user in a different management context so he gets a different logon script.

IMO this is bad practice (assuming you have more than 1 person to support). You should make a SOE policy, get it approved by management and tell your users that's the way it is. ;)
0
 
subhashchyCommented:
Not sure if it helps ...if the goal is to check whether a drive letter is already assigned as network drive or not then it will work.

1.find the SID of that users.. can be find from registry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

2. once you know the SID Query this value .
HKEY_USERS\S-1-5-21-3408476870-1314309435-1325301189-1000\Network

change the SID to the one you find..

It will list the netwok drive maped for that user (belongs to SID) so no matter in which user context you are runnng the script


0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
JofnnAuthor Commented:
Thanks - I'll have a play around tomorrow and try to knock something up!
0
 
JofnnAuthor Commented:
Hi,

I've gone down the route of using psgetsid (from pstools) and run as:
@ECHO OFF

SET findsid=\\server\share\folder\psgetsid.exe

FOR /F "tokens=1*" %%d in ('%findsid% %username% ^| find "S-1"') do set sidnum=%%d

Open in new window


I then use the %sidnum% variable to query the registry key shown in point 2 above... all other code is then built round that and it works great!!
0
 
JofnnAuthor Commented:
The principal was right... except Step 1 would be more difficult to pin a SID to a certain user...

Using the psgetsid as declared in my last post allows you to query this and then continue with step 2 of subhashchy's solution!
0
 
subhashchyCommented:
thanks for notifying and glad it worked..
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now