I am trying to make a script in powershell (if you have suggestions for another tool to make this with please advise) that would map network drives for userA to map their own drives temporarily while userB is still logged in.
I tried to use both the New-PSDrive method, as well as the MapNetworkDrive method.
They both throw this error:
"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again"
After I saw this, I tried disconnecting all drives associated with the server before connecting the desired share via:
net use * /d /y
net use \\server\ipc$
net use \\server\ipc$ /d /y
(thanks #jessehouwing !)
The same error still occurs.
If you want to check my connection code I have it below:
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive($drLetter, $share, $false, $user, $pass)
and
New-PSDrive -Name $drLetter -PSProvider FileSystem -Root $share -Credential $user -Persist
You are getting that error because you are not allowed to have multiple connection to the same resource with different credentials. I am going to Assume you don't just have a temporary connection to this resource defined by server.
What I always to in situations like this is use the IP address of the host. so...
net use \\10.10.10.10\ipc$
I am going to try and find the articles that discuss what is occurring here but in short this will allow the separate connections.
Related
I have a list of servers, and then another list of services on each of those servers. I am trying to remove it, change a few values in the .bat and then install the services again. Right now I have started a remote Powershell Session using
$PSsession = New-PSSession -ComputerName $server -Credential $Credential
Enter-PSSession -Session $PSsession
I have been mainly using the Invoke-Command -ScriptBlock {//somecodehere} -Session $PSsession in order to run each of the commands that I have used so far. My initial approach was to use sc.exe config $serviceName obj=$username password=$passwd, but each time I make the change on the remote server, it tells me that there is a NativeCommandError and that there is a logon issue with the service.
Is there a way that I can use the credentials provided by the user in order to change the username/password of a service in a secure way? Or does anyone have any recommendations on a better approach I could research?
So my solution to my own problem was to create a script and copy it over to the server. Then it ran the sc.exe command inside of the machine itself. Since it is another machine, you can't send the credentials through as variables if they are a SecureString. So my solution is just to create those variables normally and then make sure to delete them afterwards.
If you are working with confidential data, don't forget that you usually need to overwrite the variable 3 times before deleting it.
Current situation:
We've got a domain with mostly Win Server 2022, including one database server. Next to that our backup server is in a different (accessible) VLAN, but did not join the domain (still in Workgroup). I've got a shared folder on our backup-server with permissions to Everyone.
Future situation:
I would love to write a powershell-script that automatically sends file from our Database-server (in domain) to our backup server (workgroup).
I keep struggling with permissions and auomatically putting them into the PowerShell scripting ... Anyone has got a solution to this?
You can authorize against the share with net-use first, then call your powershell
net use \\server\share /user:<domain\username> <password>
Or if you want to go powershell only, use the New-PSDrive cmdlet.
New-PSDrive -Name P -PSProvider FileSystem -Root \\Server01\Public -Credential user\domain -Persist
Hope this helps.
i'm trying to use tasklist command in cmd.exe for list all processes on my remote Windows 10 PC (which is in my home and connected on the same network as my main computer).
But when I type in cmd.exe from my main computer tasklist /s <his IP> /u Lucas /p <Lucas's password> it shows me Error : Incorrect user or password but user Lucas is the local admin for this remote PC and I'm 100% sure it's the right password, I really don't understand.
I have tried to disable firewall for private network, without success.
I have tried to add an exception in the firewall for port 135 (TCP), without success.
Ping command works fine.
I hope you can help me.
Regards.
Solved my problem by doing powershell Invoke-Command -ComputerName <ip of the remote computer> -Credential <his_name>\PC_Guest -ScriptBlock {Get-Process}
with <his_name> the name of the remote PC.
For the explanations PC_Guest was the old name of the admin account that I renamed to Lucas and I think that when we rename administrators accounts, Windows not change completely the name in permissions system, so that is why I had Access Denied or Unknown user or password errors with user Lucas.
Thanks #lit for your answer.
I found several answers on the web, but not really what I was searching for.
The issue is as follows:
When restoring a file with "Networker", the ACLs of the file are the same ones as when the file was backed up, regardles of inheritance in the folder the file is restored to. Meaning the inheritence of ACL does not affect the newly restored file.
This leaves me with the problem that only 3 Accounts have the right to alter the ACL.
The user, the file belongs to
The domain Admins
The system account
To solve the issue I would like to run an automated script fixing the ACL and activating the correct inheritance.
The system user for the script has to be one of the three.
The User is changing and thefore not a valid choice, also I dont want to leave any domain admin credentials nor give domain admin rights to a service account.
This leaves me with the system account to do the job and here comes the question:
How do I execute a task in powershell under system account credentials?
I tried
$username = "NT Authority\System"
$password = ConvertTo-SecureString -String "" -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist #($username, $password)
Since the password is an empty I can not really create credentials with it.
The name of the account in all locales is .\LocalSystem. The name,
LocalSystem or ComputerName\LocalSystem can also be used. This account
does not have a password.
https://msdn.microsoft.com/de-de/library/windows/desktop/ms684190(v=vs.85).aspx
So now I am a little bit confused as to how I can get this to work.
Edit:
The file system runs on EMC and is not a real Windows File System, but just kinda hooked onto a Linux system. So there is no local administrator account.
TL;DR
I want to inherit ACL Permissions on files using the system account with powershell, how?
https://github.com/mkellerman/Invoke-CommandAs
Made a function to Invoke-Command against local/remote computer using provided credentials or SYSTEM. Returns PSObjects, handles network interruptions and resolves any Double-Hop issues.
Try it out let me know if this resolves your issues.
If you're ok installing a (very useful) 3rd party program, you can try the following. It's a portable .zip, no real installation.
Run as administrator:
C:\WINDOWS\system32>nircmd.exe elevatecmd runassystem c:\windows\System32\cmd.exe
starts a new cmd window:
Microsoft Windows [Version 10.0.18362.418]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>whoami
nt authority\system
C:\WINDOWS\system32>
https://www.nirsoft.net/utils/nircmd.html
Domain Admins get access via the local Administrators group. Local Administrators can take ownership of any local object and subsequently grant new permissions to that object.
Running something like this as an administrator should do what you want:
takeown /f C:\some\file_or_folder /a /r /d:y
icacls C:\some\file_or_folder /reset /t /c /q
Never use the SYSTEM account for things like this.
I'm trying to build a custom VeeamZip backup script using PowerShell from a Windows 7 box. The box doesn't have the space requirements to hold the actual data itself, it's just the catalyst to manage the VeeamZip files.
I've been hunting around and found a solution here on SO to work around the fact that the PS-Drive command doesn't function using the -Credentials flag in PowerShell 2.0 using this snippet:
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("u:", "\\share\point", $false, "user", "pass")
I can verify this is properly mounting the share and is searchable using Powershell, but when using the VeeamZip Powershell commands, the path U:\ isn't available.
I tried then using the net use command in Powershell which also mounted the volume, but even with /persistent:yes it won't show in Explorer and the backups fail.
What can I do? There has to be option to get this to work. I'm a Linux guy so I'm not powershell wiz.
EDIT: I've now updated to Powershell 3.0 and I still can't get it work...
I'm trying the following snippet, but only Powershell has access the new drive:
$credential = Get-Credential
New-PSDrive -Name V -PSProvider FileSystem -Root \\server\share -Credential $credential -Persist
EDIT: The New-PSDrive function now works to mount the volume in Explorer and can be browsed as expected as long as I don't launch PowerShell as administrator. The dilemma is now that I can't use the VeeamZip tool because it requires Admin to function. Ideas welcome.