Mount windows share in command line via net use with password encrypted.

Hi all,

my question is in the subject.

 

thank you and have a good day.

 

Rafter

  • Simple answer, no.   We need more info, like what are you trying to ultimately accomplish here?  Where and what is the encryption for? You do understand that the "net" commands have no facility for encryption, yes?

  • My objectif is to copy file from share1 to my server.

    Actually i use net use with user password and share name to mount the share1 and then copy the file

    I'd like to copy file from share1 without specifiying the password in my script.

     

    can'i do this differently without using net use ?

     

    thank you for your help.

  • Is there a reason why you can't/won't use the Copy-Item cmdlet with a UNC path?  You can certainly code credentials into a script if you need to.  But your question about encrypting with "net use" did not make sense.

  • my main objectif is not how to copy file ( net use or copy-item or other methods) but how to code my credentials to connect to the share like u say it !

     

    thank you

  • Here you are, this is some code that will generate a script that will mount a network folder using New-PSDrive, you can change the \\server01\public to whatever url you require. Let me know how this works for you:

    $Credential = Get-Credential
    $EncryptedPW = $Credential.Password | ConvertFrom-SecureString
    $User = $Credential.UserName
    @"
    `$SecurePW = `'$EncryptedPW`' | ConvertTo-SecureString
    `$UserName = `'$User`'
    `$Credential = New-Object System.Management.Automation.PSCredential (`$UserName, `$SecurePW)
    New-PSDrive -Name X -PSProvider FileSystem -Root \\Server01\Public -Credential `$Credential
    "@ | Set-Content -Path C:\Scripts\MountFolderEncrypted.ps1
  • First of all, thank you for your script.

     

    when i execute the script, it generate another script with encrypted password.

     

    Right now its ok, but when i execute the script generated, it gives me this error :

    restart opeartion without specifying the authentification infos :

    +  <<<< New-PSDrive -Name X -PSProvider FileSystem -Root \\FQDN server name\ share name -Credential $Credential
    + CategoryInfo          : NotImplemented: (:) [], PSNotSupportedException
    + FullyQualifiedErrorId : NotSupported

     

    thank you

  • Sorry to jump in on this thread.  But since you mentioned credentials.  I have a question about credentials.  I've been using credential files for a while.  but I have not been able to  put the user name in the file.  I have a test script to make credential files.  This works to put the password in the file.  But how do I put the username in the file? Also How would I lit the user in the list cred file?

    Thank you

    RAC

     

    Make credfile

    $credential = get-credential  #This will ask for the user/password
    $EncryptedPW=$credential.password|ConvertFrom-SecureString
    $User=$credential.UserName
    $name = $args[0]
    $SecurePW=$EncryptedPW|ConvertTo-SecureString
    $CredPath = Join-Path ($env:USERPROFILE) WindowsPowerShell\$name.ps1.credential
    $NewCredential = New-Object System.Management.Automation.PSCredential ($User,$SecurePW)
    write-host $NewCredential.UserName
    $credential.Password | ConvertFrom-SecureString | Set-Content $CredPath

     

    List cred file

    $name = $args[0]
    $CredPath = Join-Path ($env:USERPROFILE) WindowsPowerShell\$name.ps1.credential
    $pw = Get-Content $credpath | ConvertTo-SecureString
    $cred = new-object -typename system.management.automation.pscredential -argumentlist $pw
    $cred.password
    $bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw)
    $pw = [Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
    write-host "Password=" $pw

  • You're making this WAY too hard.  Create the credential file ...

    Get-Credential | Export-Clixml .\mycredfile.xml

    Use the credential file ...

    $cred = Import-Clixml .\mycredfile.xml
    $cred.UserName
    $cred.GetNetworkCredential().password

     

     

  • Bob McCoy said:

    You're making this WAY too hard.  Create the credential file ...

    Indeed that is a whole lot easier, congrats on your 3,000 posts by the way Bob. Amazing how much time you spend in answering questions and teaching new concepts to people here!

     

  • Jaap Brasser  Never mind my previous question.  I found two new cmdlets that I didn't know.  Export-Clixml  Import-Clixml.  This allowed me to store the username in the file along with the password.

     

    Thanks

    RAC

  • hi all

    how can i use the "export-clixml" ( solution gived by Bob McCoy) in this script ( gived by Jaap Brasser)  :

    $Credential = Get-Credential
    $EncryptedPW = $Credential.Password | ConvertFrom-SecureString
    $User = $Credential.UserName
    @"
    `$SecurePW = `'$EncryptedPW`' | ConvertTo-SecureString
    `$UserName = `'$User`'
    `$Credential = New-Object System.Management.Automation.PSCredential (`$UserName, `$SecurePW)
    New-PSDrive -Name X -PSProvider FileSystem -Root \\Server01\Public -Credential `$Credential
    "@ | Set-Content -Path C:\Scripts\MountFolderEncrypted.ps1

    thank you .

  • Jaap Brasser said:
    Indeed that is a whole lot easier, congrats on your 3,000 posts by the way Bob. Amazing how much time you spend in answering questions and teaching new concepts to people here!

    Thanks, PowerShell is both recreational and therapeutic for me. [:)]

  • You could just use it like this:

    Get-Credential | Export-Clixml .\mycredfile.xml

    $Credential = Import-Clixml .\mycredfile.xml
    New-PSDrive -Name X -PSProvider FileSystem -Root \\Server01\Public -Credential $Credential
  • There is one thing you need to keep in mind about using a credential file.  It's not a portable solution.  In other words, you won't be able to create one file and use it everywhere.  The has to do with the nature of SecureString and not PowerShell.  If you do not provide an explicit encryption key (and that opens a whole other layer of complexity and key management), then DPAPI will generate a key that is unique to the user _AND_ the machine it was generated on.

    For example, say you wanted to give "Joe"  the ability to run your mapping script with "mydomain\Administrator" rights while he was logged into Workstation14.  Joe would have to run the script to generate the credential file while logged into Workstation14.  You would type in the Administrator credentials and save the file on Workstation14 where it could be used later.

    OK, maybe there's two things you need to keep in mind.  You really can't think of this as a secure solution, obfuscated perhaps, but not secure.  Why?  Joe now has access to the Administrator's credentials.  He can now do just about anything with that alternative set of credentials.  So while the password may not show up in plain text, it doesn't take much to get there, and Joe can do it if he has the moxie.

  • Hi,

     

    When i execute the last script gived by Jaap Brasser, the xml file is generated but i have this error :

    D:\20150818\Mount.ps1 : 4 Caractère : 81
    + New-PSDrive -Name X -PSProvider FileSystem -Root \\FQDN server name\sharename -Credential <<<<  $Credential
        + CategoryInfo          : InvalidData: (:) [New-PSDrive], ParameterBindin...mationException
        + FullyQualifiedErrorId : ParameterArgumentTransformationError,Microsoft.PowerShell.Commands.NewPSDriveCommand

     

    thanks for help.