- Change Windows network profiles between public and private - Wed, May 24 2023
- How to map a network drive with PowerShell - Wed, May 17 2023
- Troubleshooting no network or internet in VMware Workstation - Thu, May 4 2023
Use the Get-SmbShare cmdlet to see which shares a file server offers in the first step. If you invoke it without parameters, then it only shows the file shares of the local computer.
List shares on a remote server
However, if you want to display the shares of a remote server, it does not support the ComputerName parameter. Instead, you have to create a CIM session:
$cim = New-CimSession -ComputerName server1 -Credential user@contoso.com Get-SmbShare -CimSession $cim
In addition to user-specific shares, the output also contains administrative shares, such as c$ or ADMIN$ by default. This can be disabled with the Special parameter.
Get-SmbShare -Special $false
Alternatively, Get-FileShare is available for this purpose. It can capture not only SMB but also NFS shares:
Get-FileShare -CimSession $cim -Protocol NFS
Query share permissions
Before connecting, it is interesting to know what permissions are configured for a share:
Get-SmbShareAccess -Name PubDocs -CimSession $cim
This example queries the above remote server for access permissions to a share named PubDocs.
Connect to the network drive
If you want to see which mappings for network drives already exist, then invoke Get-SmbMapping without parameters. Alternatively, you can specify a drive letter to find out which share it is mapped to:
Get-SmbMapping u:
The whole thing also works the other way around by specifying the share with RemotePath to get the local drive letter.
Map drive letters
The New-SmbMapping cmdlet assigns a drive letter to a share. It expects the local path and that of the share. In addition, you can pass it the username and password of a different account. This is not done with a credentials object, as is usually the case, but in plain text:
New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -user contoso\user -password P@ssw0rd -SaveCredentials
If you do not want to reenter the credentials when creating another mapping, you can save them with the SaveCredentials switch.
The Persistent switch ensures that the drive mapping is preserved beyond the current session.
With the support for QUIC and compression of network traffic, Microsoft recently introduced two interesting SMB features. Both can be enabled with PowerShell:
New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -TransportType QUIC New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -CompressData $true
QUIC requires Azure Edition to be installed on the server.
Create mapping remotely
Theoretically, this operation can also be performed on a remote computer as follows:
$cim = New-CimSession -ComputerName Server1 -Credential user@contoso.com New-SmbMapping -LocalPath u: -RemotePath \\Server2\PubDocs -CimSession $cim -UserName contoso\user -Password P@ssw0rd
In this case, you set up a mapping on Server1 for a share that is on Server2. In practice, Get-SmbMapping will then probably show the status Unavailable for this mapping. The reason is a lack of permissions due to the second-hop problem.
Instead of configuring CredSSP, you can simply use Enter-PSSession to open an interactive remote session to Server1 and run New-SmbMapping in it.
Delete mapping
Finally, disconnect a drive mapping by using Remove-SmbMapping. The cmdlet only needs to know the local or remote path.
In addition, you can use UpdateProfile to make sure that Windows does not remap the drive after the next logon, but deletes it permanently:
Remove-SmbMapping x: -UpdateProfile
Summary
PowerShell provides the necessary cmdlets to display a server's existing shares and their permissions. With New-SmbMapping, you map them to a local drive letter.
Subscribe to 4sysops newsletter!
Remote use is somewhat cumbersome because the cmdlets do not support the ComputerName parameter, and you therefore have to deal with CIM sessions.
What if you want to label the mapped drive and not have the UNC remote path displayed?
I’ve actually found the Intune mapped drive generator website work best. It also supports Azure Files and item level targeting via SGs. Just input your desired drive letter, path URI or UNC, label or name, and the security group. Otis the PS1 file for you to download.
https://intunedrivemapping.azurewebsites.net/DriveMapping