- SystoLOCK in review: Logging in to Active Directory with multi-factor authentication without passwords - Tue, Dec 5 2023
- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
Use the Get-SmbShare cmdlet to see which shares a file server offers in the first step. If you invoke it without parameters, then it only shows the file shares of the local computer.
List shares on a remote server
However, if you want to display the shares of a remote server, it does not support the ComputerName parameter. Instead, you have to create a CIM session:
$cim = New-CimSession -ComputerName server1 -Credential firstname.lastname@example.org Get-SmbShare -CimSession $cim
In addition to user-specific shares, the output also contains administrative shares, such as c$ or ADMIN$ by default. This can be disabled with the Special parameter.
Get-SmbShare -Special $false
Alternatively, Get-FileShare is available for this purpose. It can capture not only SMB but also NFS shares:
Get-FileShare -CimSession $cim -Protocol NFS
Query share permissions
Before connecting, it is interesting to know what permissions are configured for a share:
Get-SmbShareAccess -Name PubDocs -CimSession $cim
This example queries the above remote server for access permissions to a share named PubDocs.
Connect to the network drive
If you want to see which mappings for network drives already exist, then invoke Get-SmbMapping without parameters. Alternatively, you can specify a drive letter to find out which share it is mapped to:
The whole thing also works the other way around by specifying the share with RemotePath to get the local drive letter.
Map drive letters
The New-SmbMapping cmdlet assigns a drive letter to a share. It expects the local path and that of the share. In addition, you can pass it the username and password of a different account. This is not done with a credentials object, as is usually the case, but in plain text:
New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -user contoso\user -password P@ssw0rd -SaveCredentials
If you do not want to reenter the credentials when creating another mapping, you can save them with the SaveCredentials switch.
The Persistent switch ensures that the drive mapping is preserved beyond the current session.
New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -TransportType QUIC New-SmbMapping -LocalPath x: -RemotePath \\ds\share1 -CompressData $true
QUIC requires Azure Edition to be installed on the server.
Create mapping remotely
Theoretically, this operation can also be performed on a remote computer as follows:
$cim = New-CimSession -ComputerName Server1 -Credential email@example.com New-SmbMapping -LocalPath u: -RemotePath \\Server2\PubDocs -CimSession $cim -UserName contoso\user -Password P@ssw0rd
In this case, you set up a mapping on Server1 for a share that is on Server2. In practice, Get-SmbMapping will then probably show the status Unavailable for this mapping. The reason is a lack of permissions due to the second-hop problem.
Instead of configuring CredSSP, you can simply use Enter-PSSession to open an interactive remote session to Server1 and run New-SmbMapping in it.
Finally, disconnect a drive mapping by using Remove-SmbMapping. The cmdlet only needs to know the local or remote path.
In addition, you can use UpdateProfile to make sure that Windows does not remap the drive after the next logon, but deletes it permanently:
Remove-SmbMapping x: -UpdateProfile
PowerShell provides the necessary cmdlets to display a server's existing shares and their permissions. With New-SmbMapping, you map them to a local drive letter.
Subscribe to 4sysops newsletter!
Remote use is somewhat cumbersome because the cmdlets do not support the ComputerName parameter, and you therefore have to deal with CIM sessions.