How can i access a file on a share drive with different credentials

Started by polleduc69, October 04, 2018, 06:48:44 AM

Previous topic - Next topic

polleduc69

HI
I am trying to find a way to open a PDF files that is located on a share drive that is not accessible to the user that will start the batch.
Is there a way to access a file with a diferent credential then the one that is log in on an AD network?


Thanks!



td

There is no one answer to your question.  It all depends on what types of users have access to the share, the local group membership of the AD user on the machine running the script, the version of Windows the script is executing on, and the version of Windows share is hosted on (assuming it is a Windows machine.)  All of the above variables are the main reason Microsoft recommends that you set up a group that is specific to one or more shares and add users to that group when you want to grant them access to one or more shares.

The basic problem is running with different user credentials without running afoul of UAC and some versions of Windows' habit of stripping elevated users' admin token before accessing shares. You could take a look a the function wntRunAsUser with login-type 6, the RunWithLogon function, or a combination of RunWithLogon and ShellExecute to create your own version of a kind of ShellExecutionWithLogon function(there is an example in the Tech Database.)  You will also need to consider what elevation level your script will need to execute at.  The elevation level could be asInvoker, highestAvailable, or requiresAdministrator. 

Here is a link to the Tech Database article illustrating a way to create a ShellExecutionWithLogon function which may or may not be useful in your case:

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/UAC+RunWithLogon~and~UAC.txt
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

polleduc69

Thanks for your quick reply td

I have computers with windows 7/10 that will be logged in with AD credentials that does not have permissions to a share folder that resides on a SAN.
I would like to create a batch that will use another AD credential that have this permission to access the files in that same folder.

td

This is all well and good but that isn't enough information to prescribe a specific solution.  For example, you haven't indicated the local account group membership of either the user running the script or the user account you wish to impersonate nor the UAC settings of the Windows 7 and Windows 10 systems. 

You should consider looking at the aforementioned functions in the Consolidated WIL Help file and Tech Database article.  Note that you will need to have the Network Extender installed to view the help information for the wntRunAsUser function.

You may also want to read some of the articles in the Tech Database related to UAC and RunWithLogon.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

polleduc69

I will try to be more specific and less complicated

I have 2 users(Peter and John) on a windows 10 PC.  Both users are members of the group "Users"

While logged in as Peter, I want to run a batch that will open a PDF files that is located the John's desktop by using John's credentials in the batch.


I hope this is more clear!

td

The problem wasn't that you are or were being "complicated".  You seem to be assuming that there is just one solution but that is not the case.  There are several approaches and the one you need to use is dependent on the varying details that you did not provide.  The one approach that covers the most bases is the first one mentioned.  Create an AD group for users that have to access the share and then add and remove users to that group as access requirements dictate.  You can use the ADSI extender to do this using a scripting solution.  Short of that read the documentation for the functions mentioned. You will have to do some experimentation get things to work in your environment. 
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade