Sign in to follow this  
Followers 0
BlackHoleSun

[SOLVED] Open a network location without mapping

13 posts in this topic

#1 ·  Posted (edited)

Is there a way to open a network location as another user by impersonating them, but without mapping a drive? This is for Win7 only. I really just want to open an explorer window with the share that the user has access to, but a normal admin (non-domain admins) don't.

This doesn't work:

RunAs(user, domain, password, 0, "explorer.exe \\server\share")
Edited by BlackHoleSun

Share this post


Link to post
Share on other sites



Looking through the help files, it seems like one of the 3 _WinNet_AddConnection functions might help, but the $iOptions are throwing me off to get the user prompted for the username/password. Does anyone have experience with these functions?

Share this post


Link to post
Share on other sites

Anyone have any ideas on this?

Share this post


Link to post
Share on other sites

Have you tried yet?

If the user has access to it the user should just be able to navigate straight to the folder without Windows asking for credentials. In this case, try just the ShellExecute() line below, but adjust $sServerShare. I'm on Win7 in a Domain environment, but not an admin, and it worked fine for me.

#include <WinNet.au3>
$sServerShare = "servershare"
_WinNet_AddConnection2(0, $sServerShare, "username", "password", 1)
ShellExecute("explorer.exe", $sServerShare)

Share this post


Link to post
Share on other sites

The share I'm trying to connect to is the users profile directory, so normal admins wouldn't have access to that. Only enterprise admins and the users do, that's why I need to authenticate as the user.

I have an If Then statement for the result of the add connection and it keeps showing as being False.

Share this post


Link to post
Share on other sites

OK, I tried intentionally using a bad password and then check AD. It doesn't show now as being the last bad password time, so for some reason it's not actually authenticating with what I'm giving it. I don't know if it's a DLL problem or UDF one.

Share this post


Link to post
Share on other sites

If the user who is running the script has already authenticated to the server in which the share is located on it's you typically cannot authenticate as another user account. What happens when you try to authenticate from the command line as that user? Troubleshoot by removing Autoit.

Share this post


Link to post
Share on other sites

I can authenticate fine to the server through the command prompt.

I copied the function into my code directly so I can output some of the strings. What I noticed is that no matter what I input for the password, the hex it turns it into always stays the same.

Share this post


Link to post
Share on other sites

So let's recap real quick...

You and UserA are both using Win7 on a domain?

Both you and UserA are regular users as opposed to domain admins?

Perhaps you're a local admin on your own machine but don't think that really makes a difference.

UserA created a share to his profile directory?

You need to authenticate as that user from your machine to access the share on UserA's machine?

You are able to create the connection at the command line?

You are unable to create the connection in AutoIt using _WinNet_AddConnection2()?

With AutoIt are you specifying "domainusername" as the username or just "username"? How about with the command line?

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

So let's recap real quick...

You and UserA are both using Win7 on a domain?

Yes

Both you and UserA are regular users as opposed to domain admins?

I am a normal non-domain admin, UserA is a regular user

Perhaps you're a local admin on your own machine but don't think that really makes a difference.

See above

UserA created a share to his profile directory?

This is the roaming profile share for UserA

You need to authenticate as that user from your machine to access the share on UserA's machine?

Even though I'm an admin, I don't have access to user profile shares

You are able to create the connection at the command line?

I can connect a drive using NET USE in a command prompt, yes

You are unable to create the connection in AutoIt using _WinNet_AddConnection2()?

Correct, I cannot connect using _WinNet_AddConnection2

With AutoIt are you specifying "domainusername" as the username or just "username"? How about with the command line?

Yes, I'm specifying "domainuser" Edited by BlackHoleSun

Share this post


Link to post
Share on other sites

So I tried specifying 0 as $sLocalName in the _WinNet_AddConnection2() function and it wouldn't connect.

I tried again by specifying "" (two double quotes/empty string) as $sLocalName and it worked. So here's the final code:

$sServer = 'server'
$sShare = 'C$'
$sUsername = 'domainuser'
$sPassword = 'password'
$sServerShare = '' & $sServer & '' & $sShare
$result = _WinNet_AddConnection2("", $sServerShare, $sUsername, $sPassword, 1)
If $result Then
ShellExecute("explorer.exe", $sServerShare)
Else
ConsoleWrite("Unable to connect to " & $sServerShare & @CRLF)
EndIf
1 person likes this

Share this post


Link to post
Share on other sites

I can't do anything but shake my head at that fix. It does work with me though and tested fine with good/bad passwords and the error handling I have works fine.

Thank you so much!

Share this post


Link to post
Share on other sites

I can't do anything but shake my head at that fix. It does work with me though and tested fine with good/bad passwords and the error handling I have works fine.

Thank you so much!

No problem...The Help File says to use a device name or a 0. The MSDN documentation says to use NULL or empty string. I don't know how to specify NULL but empty string works. Using Default didn't work either. Here's that part of the doc...

lpLocalName

A pointer to a null-terminated string that specifies the name of a local device to redirect, such as "F:" or "LPT1". The string is treated in a case-insensitive manner.

If the string is empty, or if lpLocalName is NULL, the function makes a connection to the network resource without redirecting a local device.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0