Using Windows 7 Enterprise with SP1, but I'm hoping to get a generic answer that would apply to Windows XP/2003/2008/Vista/7.
From a command prompt, I execute a net use command to map the Z: drive to a share on another computer, but I don't use my current credentials, I specify a different domain and user to map the drive.
net use z: \\rd-pc2037\C_DRIVE password /user:rd-pc2037\Administrator
The command completes successfully. Now that the drive is mapped, how can I find what Domain and Username I used to successfully map the drive? I can't seem to find what I want with the net use command.
C:\Users\rdomarat>net use
New connections will not be remembered.
Status Local Remote Network
----------------------------------------------------------------------------
OK Z: \\rd-pc2037\C_DRIVE Microsoft Windows Network
The command completed successfully.
C:\Users\rdomarat>net use Z:
Local name Z:
Remote name \\rd-pc2037\C_DRIVE
Resource type Disk
Status OK
# Opens 0
# Connections 1
The command completed successfully.
Checking the properties of the share in Windows Explorer and looking at the security tab showed me what permissions different people would have, but I didn't see how which DOMAIN\User I had used. I searched through the registry with limited success as well.
Any thought?
WMI is your friend:
> wmic netuse where LocalName="Z:" get UserName /value
UserName=rd-pc2037\Administrator
[anonymous suggestion 2022-08-07]:
Since Microsoft is gradually moving away from WMI,
Powershell/CIM is your future friend:
Get-CimInstance -classname Win32_NetworkConnection | select-object Remotename,Username
None of these answers help when using alternate credentials. They only show the current, local user. That doesn't help.
To view all stored credentials, use...
rundll32.exe keymgr.dll, KRShowKeyMgr
According to http://technet.microsoft.com/en-us/library/cc957215.aspx
the information you want is in the registry.
I have tried the wmic-command but it showed me the locally logged in user and not the "used DOMAIN\login"
The critical info from the link above:
Registry entry HKCU\Network\{Drive letter}\UserName is a REG_SZ that specifies the username (including domain name) whose credentials were used when the network drive was mapped.
Windows 11 -- some of this is useful, however Windows is still telling me that it has connected to a drive not listed in Windows Explorer, but which is not listed in computer, manage or net use or any of the options above. So Windows is storing connection information somewhere else.
There really should be a way to remove or replace persistent connections globally by username or servername.
Related
I have a windows vm and have created an Admin user, let's say - AdminUser. I have mounted an azure file share to that user to Z: drive. The share can be accessed by unc path or the drive path. I also have a c# utility that checks if path exists and it returns true when I run it. This is all good. Now when I created a windows service with that utility and with same user credential, it throws an error that the path doesn't exist.
Things to note -
The service user or the user I used to login is a local adminstrator user and while creating the service, I had provided as "./AdminUser" to CreateService. Also provided password to config.
The VM is also connected to a domain. So I have users from default-domain\* and connected-domain\*. The connected-domain linked to an azure active directory.
Is there any other type of user I need to set as log on to service?
I can see here it says the local user can't access network resources but I am wondering since I mounted the path with proper credentials, does this matter?
Update:
Got the same issue when using running as with the exe.
runas /user:USERNAME “C:\full\path\of\Program.exe”
We have to use cmdkey to store the credentials that can be used by SMB later. Launch a cmd.exe with the user that you want to use for the service using either context menu or command e.g.
runas /user:default-domain\domainServiceUser cmd
Then in the new command shell use cmdkey
cmdkey /add:<storagteAccountName>.file.core.windows.net\<shareName> /user:AZURE\<storageAccountName> /pass:<storageAccountKey>
Rerun the service and it should work.
If you want to also mount this as a persistent drive, you can use
Command Prompt
net use z: \\<storagteAccountName>.file.core.windows.net\<shareName> /persistent:yes
Powershell
New-PSDrive -Name Z -PSProvider FileSystem -Root "\\<storagteAccountName>.file.core.windows.net\<shareName>" -Persist
Make sure that the user is exactly the same that would be used for the windows service including the domain i.e. use default-domain\domainServiceUser or ./AdminUser for running the cmdkey.
Though the user account is same, when the windows service runs as a 'user' the logon session that it gets is different than the interactive user session (which has the Z drive). Unless you programmatically load the Azure fileshare as a network drive in your code that is part of the Windows service, you won't be able to access it.
I have access to a Samba server using a username and password. To logging the server on windows 10, I put its IP address on the RUN and then input my username and password. Then I can access the data stored in the server normally. However, I don't know how to log off (or Sign out) from that server.
I followed this tutorial about how to access the server, but it does not mention the log off process. I need to log-off and log-in again with my username and password whenever I need to access the server.
Can anyone help?
"Try to restart your workstation".
TL;DR
Open CMD, type NET USE X: /DELETE or NET USE \\SERVER\SHARENAME /DELETE
where X: is your drive and \SERVER\SHARENAME your fully qualified share name.
Step by Step
View all network connections:
NET USE
Example Output:
Status Local Remote Network
--------------------------------------------------------------------------------
OK \\name\IPC$ Microsoft Windows Network
OK \\name2\folder Microsoft Windows Network
Using the Remote name, we can disconnect using on of the following statements, depending on which one we want to disconnect from:
net use \\name /delete
OR
net use \\name2\folder /delete
Example Output: (given the above \name\IPC being connected))
Net use \\name /delete
\\name was deleted successfully.
Another way, to disconnect from every share is to execute net use * /delete. This will disconnect every Network share you're currently connected to. This is still quicker than logging off and back on.
Bonus: make a script to do it
If you want to create an icon to automatically disconnect all network shares (using a GUI method), you can do the following:
Right-click on a blank area of the folder you want to add the shortcut to.
Point to New->Shortcut and click.
Type net use * /delete /y for the Command, then click Next.
Give it a name, and click Finish.
You can also specify a certain network share, if known in advance, and use that one instead. Using the /y automatically select the yes option in the command.
open notepad:
#echo off
::Disconnect user
net use * /delete /y
msg * /time:5 "You have been successfully Disconnected"
Copy paste save as a bat (file Extention " *.bat ", create a shortcut edit the shortcut to an icon of your choosing...
upon double click, the command will be run and a gui popup box will say the message and go away in 5 seconds or wait 5 seconds till appearing...
we use this quite a bit at work :)
I am wondering if it's possible to use the 'net user' command in Windows to pull up details on a user in a different domain? The domain is connected to us. For example, I can log in as that user in the other domain from the same network.
This is the net user command I use to pull my local details:
net user myusername /domain
Is there a way to specify a different domain name? Or are there other commands that will do something similar? I'm am wanting to use a command to verify the password expiration date on the other domain.
No, you cannot use it that way. The /domain flag is used just for specifying that the command should be run on the primary domain controller for the domain that you are in. Otherwise, the command runs on the computer (server) where you are running the command.
https://support.microsoft.com/en-us/help/251394/how-to-use-the-net-user-command
You can, however, use PowerShell cmdlets to manage users in Active Directory. The following documentation is for the Get-AdUser cmdlet.
https://technet.microsoft.com/en-us/library/ee617241.aspx
You probably want to pass in the Identity flag and specify the full Distinguished Name for the user object. For example: -Identity "CN=SaraDavis,CN=Europe,CN=Users,DC=corp,DC=contoso,DC=com"
Try to issue following command in powershell
Get-ADUser "username" -Server "domaincontroller.localdomain"
You can log onto a virtual machine or windows server on that domain and run the same command to get that domain user's details.
Powershell like in Matson's answer is probably the better option if you rarely have machines open on that domain, but if you are already working on a machine in that domain your command works just fine.
I'm using WinRS to run an executable on a remote machine. That executable, in turn, needs to access a UNC network share. I'm on a Windows network with AD, and running everything as a domain admin account (not a local account) that is a machine admin of the servers in question, and has Full Control (folder and share) of the network share. But when I use WinRS to run a remote process, that remote process doesn't seem to have network access. The simplest example I could distill it down to is:
winrs -r:RedServer dir \\BlueServer\SomeSharedFolder
which gives the error
Access is denied.
Note that WinRS itself works on RedServer, because this runs fine:
winrs -r:RedServer dir C:
So, it sounds like a permissions issue, right? But to prove this account does have Full Control over the \\BlueServer\SomeSharedFolder share, I logged into RedServer with that same account and ran this at the command prompt there:
dir \\BlueServer\SomeSharedFolder
It ran fine, giving me the contents of that folder. It's only the combination of WinRS + UNC path that causes errors.
Is there something I need to configure differently, or is this a limitation/safeguard of Windows? I experienced a similar limitation with Sysinternals' PsExec.exe; I could access anything on the target machine, but nothing on the network. Incidentally, I found a somewhat-related SO question here: "Error when creating mapped drive using winrs", but no answers there.
What you describe is a double hop scenario which requires additional configuration on the client and server to support. A double hop scenario is remotely logging in to a Windows server and then accessing a remote network share:
client -> server -> file share
You can accomplish this via CredSSP or Kerberos delegation.
CredSSP authentication is intended for environments where Kerberos delegation cannot be used. Support for CredSSP was added to allow a user to connect to a remote server and have the ability to access a second-hop machine, such as a file share.
While I haven't tried these instructions, they seem like a reasonable place to start. Additionally this blog post by Travis Gan appears to be helpful.
As part of a business solution we are offering several remote desktops to a user base. Currently the users must go system by system attempting to connect and find one that is not already being used. I'd like to see if there is a command that can be run to quickly query an IP and see if there is an active remote connection already.
I've run across a 'wmic' solution already, but this only seems to work if the person running the command has admin access on the destination machine. I don't need a username returned or any information other than if there is a currently in-use remote connection.
Any idea's?
Researched solutions that didn't pan out listed below:
wmic /node:IP ComputerSystem GET UserName ---Returns only if requestor is an admin
qwinsta /server:IP ---RPC is not enabled on all machienes
eventvwr IP ---Too technical and time consuming for end users
Thanks in advance
query session /SERVER:servername