Map network drive script

Associate
Joined
6 Feb 2004
Posts
689
Location
Herts
Hello,

I plan to map network drives in our organisation using logon (and logoff) scripts.

This is fine but I am yet to come up with a solution for applying the associated credentials. Some of the shares are located outside of our active directory and require the user to "connect using a different username". To maintain current functionality I need a way to specify these alternate credentials without compromising security (i.e. including the username and password in the script).

How do you guys overcome this? Any ideas how I can too?
 
mike1210 said:
net use x: \\server\path /user:domain\username password
:)
Which, I think you'll find, includes the the username and password in the script.

Although it's one of the only ways I know how (it's either that or VB Script). Both require you to put the credentials in plaintext though.
 
it does yes, best practise dicates you make a user account with as limited rights as possible to prevent a possible compromise or limit access to the batch file by security group or user account
 
If you want scripts like this, then look up script center on Microsofts website, there loads of examples you just cut and paste.
 
Thanks for the feedback so far.

I am aware that I can lock down access to the script using NTFS permissions but surely to include username and password credentials in a script is not best practice!!

Looking into this a little further i have found the "manage passwords" feature in XP which might give me a glimmer of hope!

I can write the script without including the account credentials and then set these using the "manage passwords" feature.

My only question now is can I use group policy to set the values in the "manage passwords" feature?

Cheers
Dan.
 
If you are wanting to access resources 'outside your active directory' I assume you mean in a different forest?

If so, why not create a trust between forests and grant whatever rights you need to the resources in the other forest, with your domain account?
 
Thanks bond but its actually resources located in a DMZ workgroup environment so a trust is not applicable in this case.

I had a chat with one of our developers yesterday and he mentioned that it may be possible to encode/encrypt the credentials in the script so i'm waiting to here back on that before i got any further.

Dan.
 
We had similar concerns when creating an "end user" logon script. In the end one of my colleagues wrote it in c++ using the Windows libraries. His script actually prompted for a password to be entered but it could conceivably be embedded in the source code and then compiled.
 
Ive got a logon script here that allows specific drives/folders on the server to be mapped based on user groups if you want it?
Im at home now, but if you wait till Monday, i'll post the Kixstart script for it up for you. Very easy to edit. :).
 
Back
Top Bottom