Launch script without existing network connections?

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 3 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
rhymasaurusRex
Posts: 2
Last visit: Mon Apr 25, 2022 9:08 am

Launch script without existing network connections?

Post by rhymasaurusRex »

I have a script that needs to be run as the logged in user. It gathers information about the user and saves the data to a shared location. The user can't have read or write access to the shared folder. When I create a new-psdrive for the connection:
  1. $secpassword = ConvertTo-SecureString 'xxxxx' -asplaintext -Force
  2. $credential = New-Object System.Management.Automation.PSCredential("xxxxx", $secpassword)
  3. New-PSDrive -Name Staging -PSProvider filesystem -Root "<path to shared folder>" -Credential $credential
I get an error:
  1. New-PSDrive : Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again
I've tried mapping to the IP address and FQDN of the server (and the dfs name) as well as creating a new shared folder on the server. I've also tried using invoke-command and new-pssession, but the domain account I'm using doesn't appear to have the necessary rights on the PC to allow it.

I tried including the user info in the build settings, but it won't work with smart card enforcement enabled on the PC (which we have).

Ultimately, I'd prefer to launch the gui in a new space where existing network connections are not remembered.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Launch script without existing network connections?

Post by jvierra »

The user already has a connection to that server. You cannot create two connections with different credentials. THis is a base Windows restriction and has nothing to do with PowerShell.


The way to do this is to give users read and write access to a single folder on a server so the user account can update the files. If the user creates the file they will be the owner. Properly setting the permissions will make the user the only one with access to the file and any admins you want to allow.

You also do not want a script to run under a user account that has a plain text password as it can be easily stolen by anyone with access to the script.
User avatar
rhymasaurusRex
Posts: 2
Last visit: Mon Apr 25, 2022 9:08 am

Re: Launch script without existing network connections?

Post by rhymasaurusRex »

jvierra wrote: Fri Nov 30, 2018 9:15 am The user already has a connection to that server. You cannot create two connections with different credentials. THis is a base Windows restriction and has nothing to do with PowerShell.


The way to do this is to give users read and write access to a single folder on a server so the user account can update the files. If the user creates the file they will be the owner. Properly setting the permissions will make the user the only one with access to the file and any admins you want to allow.

You also do not want a script to run under a user account that has a plain text password as it can be easily stolen by anyone with access to the script.
I found a workaround:

The script will be deployed via SCCM, so this works for me. I configured the build settings to run as the account with the permissions on the share drive. I included another package in SCCM to disable smart card enforcement before this package runs. It's not ideal, but it's working.

Thanks for the reply. BTW, regarding the plain text password, I totally agree with you. Since I'm packaging the script and using Alternate Credentials in the build settings, I think that's as secure as it'll get. At least the password isn't in plain text in the source script. It's also far more secure that the current solution.
This topic is 5 years and 3 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked