How to configure mapped network drives with different credentials using Powershell

Case #

You need to crete a mapped network drive within a VDI user session which will connect with different credentials from the credentials of the logged on user. There is a limitation in Windows Group Policy which does not allow a mapped network drive to be created with "Connect As" option, i.e. with credentials different than that of the user trying to login. Given that the "connect as" option is not availbale by design, you should create the required mapped drive programmatically using Powershell.

Solution #

Option 1 #

One option is to make use of the following code

$User = "domain\username"
$PWord = ConvertTo-SecureString -String "passgoeshere" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -Name "K" -PSProvider "FileSystem" -Root \\UNCPathGoesHere -Credential $Credential -Persist

The above code can be executed remotely on a Windows Server machine by running following cmdlets:

# On the remote machine to be managed
Enable-PSRemoring
# On the management machine
$ScriptBlock = {
$User = "domain\username"
$PWord = ConvertTo-SecureString -String "passgoeshere" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -Name "K" -PSProvider "FileSystem" -Root \\UNCPathGoesHere -Credential $Credential -Persist
}
$ComputerName = "NameOfRemoteServer"
Invoke-Command -ComputerName $ComputerName -ScriptBlock $ScriptBlock

Option 2 #

You can make use of the New-SmbMapping command.

$NetworkPath = "\\UNCPathGoesHere"
$User = "domain\username"
$PWord = "passgoeshere"
New-SMBMapping -LocalPath "K:" -RemotePath $NetworkPath -UserName $User -Password $PWord -Persistent

Basic limitation of both the above options is that the password will need to reside in plain text in some part of the code. You can rework the code in option 1 to look like the following:

#Prompt the user for credentials and store into a file in encrypted format
$Credential = Get-Credential
$User = $Credential.UserName
$Credential.Password | ConvertFrom-SecureString | Set-Content C:\Scripts\Creds.txt
$EncryptedPass = Get-Content C:\Scripts\Creds.txt | ConvertTo-SecureString
$SecureCredential = New-Object System.Management.Automation.PsCredential($User,$EncryptedPass)
New-PSDrive -Name "K" -PSProvider "FileSystem" -Root \\UNCPathGoesHere -Credential $SecureCredential -Persist

A note on Powershell drives #

A Windows PowerShell drive is a data store location that you can access like a file system drive in Windows PowerShell. The Windows PowerShell providers create some drives for you, such as the file system drives (including C: and D:), the registry drives (HKCU: and HKLM:), and the certificate drive (Cert:), and you can create your own Windows PowerShell drives. These drives are very useful, but they are available only within Windows PowerShell. You cannot access them by using other Windows tools, such as File Explorer or Cmd.exe. Windows PowerShell uses the noun, PSDrive, for commands that work with Windows PowerShell drives. For a list of the Windows PowerShell drives in your Windows PowerShell session, use the Get-PSDrive cmdlet.

Sources #

https://docs.microsoft.com/en-us/powershell/module/smbshare/new-smbmapping?view=win10-ps

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/new-psdrive?view=powershell-7.1

https://docs.microsoft.com/en-us/powershell/scripting/samples/managing-windows-powershell-drives?view=powershell-7.1

Powered by BetterDocs