If you want to assign a drive letter to file shares via the command line, you can use PowerShell instead of net.exe. The SmbShare module's cmdlets can display, connect, and disconnect shared drives. PowerShell also supports newer SMB features, such as QUIC and Compression.

Use the Get-SmbShare cmdlet to see which shares a file server offers in the first step. If you invoke it without parameters, then it only shows the file shares of the local computer.

List shares on a remote server

However, if you want to display the shares of a remote server, it does not support the ComputerName parameter. Instead, you have to create a CIM session:

$cim = New-CimSession -ComputerName server1 -Credential user@contoso.com
Get-SmbShare -CimSession $cim

In addition to user-specific shares, the output also contains administrative shares, such as c$ or ADMIN$ by default. This can be disabled with the Special parameter.

Get-SmbShare -Special $false
Display shares on a remote computer

Display shares on a remote computer

Alternatively, Get-FileShare is available for this purpose. It can capture not only SMB but also NFS shares:

Get-FileShare -CimSession $cim -Protocol NFS

Query share permissions

Before connecting, it is interesting to know what permissions are configured for a share:

Get-SmbShareAccess -Name PubDocs -CimSession $cim

This example queries the above remote server for access permissions to a share named PubDocs.

Query access rights on a remote share

Query access rights on a remote share

Connect to the network drive

If you want to see which mappings for network drives already exist, then invoke Get-SmbMapping without parameters. Alternatively, you can specify a drive letter to find out which share it is mapped to:

Get-SmbMapping u:

The whole thing also works the other way around by specifying the share with RemotePath to get the local drive letter.

Map drive letters

The New-SmbMapping cmdlet assigns a drive letter to a share. It expects the local path and that of the share. In addition, you can pass it the username and password of a different account. This is not done with a credentials object, as is usually the case, but in plain text:

New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -user contoso\user -password P@ssw0rd -SaveCredentials
Create new drive mapping with New SmbMapping

Create new drive mapping with New SmbMapping

If you do not want to reenter the credentials when creating another mapping, you can save them with the SaveCredentials switch.

The Persistent switch ensures that the drive mapping is preserved beyond the current session.

With the support for QUIC and compression of network traffic, Microsoft recently introduced two interesting SMB features. Both can be enabled with PowerShell:

New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -TransportType QUIC
New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -CompressData $true

QUIC requires Azure Edition to be installed on the server.

Create mapping remotely

Theoretically, this operation can also be performed on a remote computer as follows:

$cim = New-CimSession -ComputerName Server1 -Credential user@contoso.com
New-SmbMapping -LocalPath u: -RemotePath \\Server2\PubDocs -CimSession $cim -UserName contoso\user -Password P@ssw0rd
Run New SmbMapping from a CIM session

Run New SmbMapping from a CIM session

In this case, you set up a mapping on Server1 for a share that is on Server2. In practice, Get-SmbMapping will then probably show the status Unavailable for this mapping. The reason is a lack of permissions due to the second-hop problem.

Instead of configuring CredSSP, you can simply use Enter-PSSession to open an interactive remote session to Server1 and run New-SmbMapping in it.

Delete mapping

Finally, disconnect a drive mapping by using Remove-SmbMapping. The cmdlet only needs to know the local or remote path.

In addition, you can use UpdateProfile to make sure that Windows does not remap the drive after the next logon, but deletes it permanently:

Remove-SmbMapping x: -UpdateProfile

Summary

PowerShell provides the necessary cmdlets to display a server's existing shares and their permissions. With New-SmbMapping, you map them to a local drive letter.

Subscribe to 4sysops newsletter!

Remote use is somewhat cumbersome because the cmdlets do not support the ComputerName parameter, and you therefore have to deal with CIM sessions.

avataravatar
1 Comment
  1. Greg McCullough 2 weeks ago

    What if you want to label the mapped drive and not have the UNC remote path displayed?

    I’ve actually found the Intune mapped drive generator website work best. It also supports Azure Files and item level targeting via SGs. Just input your desired drive letter, path URI or UNC, label or name, and the security group. Otis the PS1 file for you to download.

    https://intunedrivemapping.azurewebsites.net/DriveMapping

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account