Batch to map drive on different domain

mirekg
mirekg used Ask the Experts™
on
I had this question after viewing batch file to add map driver for network location and ask for credential.

I have two "DC" and now I'm trying to create a batch or shortcut to DC2  to be map to other folders.
net.exe use X: \\APPS \PCC storage * /user:DC2\myname /persistent:no
Is this fine
or another below statement..

@echo off
if Not exist y:\ (

echo Please enter User ID:
set /p USERID=

echo Please enter your Password:
set /p PASSWORD=


cmdkey.exe /add:APPS.US /user:dc2\myname /pass:%PASSWORD%


net use O: "\\APPS\PC1 storage" /persistent:YES
pause
)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
First is fine..
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer

Commented:
Either method is fine.

The benefit of Using  CMD Key is to add the credential to the Credential store explicitly so you can update it in the future by editing the credential store info.

 Otherwise, you can map a URL by putting the UN and PW int he script which is .. not the greatest.

If you go with the CMD Key Method you should check to see if you can map the folder first, if not then try to update the Credential and try again.
Shaun VermaakSenior Consultant
Awarded 2017
Distinguished Expert 2018

Commented:
Do you have a trust between the two domains?

This can easily be done with Group Policy Preferences, no need for a batch file

gpp-drive-map.png
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer

Commented:
That's true, as @Shaun points out if you have a trust you can trust users from domain A in Domain B.

Then on Domain B (DC2) you can assign the User from Domain A rights to the folder in Domain B using NTFS permissions (or share permissions but NTFS Permissions are preferable).

In essance, though this really means you have two separate questions and his comment underscores that:

1) How to authorize access to a folder in Domain B from a user in Domain A
2) How to actually reach the folder.

Answers to 1) are:
1.a) Domain Trust, give the user in Domain A rights to the folder in Domain B (and to the share for the folder if not set to everyone)
1.b) Authenticate as a User from Domain B that has rights to the folder share
  1.b.1) Use a Credential stored int he Windows Credential store for the UN/PW
  1.b.2) Provide a UN/PW Each time in a script or by user action

Answers to 2) are:
2.a) Map a Drive Each time
2.b) Map a Drive and update the Stored credential as needed
2.c) Map a folder (Sym Link)
2.d) Link a Folder (Soft Link)

For What it's worth, if you are going to give the user permanent permission (IE through a domain trust or you have a user you set up without an expiring password in Domain B, and want to put it in your Credential store), then mapping a folder through a SymLink is a preferable method to use over having a drive mapping, as the Drive mapping is a bit more  fragile.

Author

Commented:
That script...

cmdkey.exe /add:APPS.US /user:dc2\myname /pass:%PASSWORD%


net use O: "\\APPS\PC1 storage" /persistent:YES
pause
)
Should I insert in  C:\Users\userid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial