I'm trying to figure out how to map a file share to a particular user that I created using a Powershell script that is meant to be a service account. The end result is that my service account should be able to access the UNC path at "\\storageaccount.file.core.windows.net\share"
Below is how I create a service account through Packer's powershell provisioner.
$password = ConvertTo-SecureString "ServiceAccountPassword" -AsPlainText -Force
New-LocalUser "ServiceAccount" -Password $password -FullName "ServiceAccount"
Add-LocalGroupMember -Group "Administrators" -Member "ServiceAccount"
Because Packer executes Powershell code using the Packer generated user, I create a scheduled task to run a batch file on start up on the SYSTEM account.
"net use Z: \\storageaccount.file.core.windows.net\share azurestorageaccesskey /user:Azure\storageaccount /persistent:yes" | Out-File -FilePath "C:\MapAzureFileShare.bat" -Encoding "ASCII"
$action = New-ScheduledTaskAction -Execute "C:\MapAzureFileShare.bat"
$trigger = New-ScheduledTaskTrigger -AtStartup -RandomDelay 00:00:30
$settings = New-ScheduledTaskSettingsSet -Compatibility "Win8"
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType "ServiceAccount" -RunLevel "Highest"
$task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger -Settings $settings -Description "Map Azure file share at startup"
Register-ScheduledTask -TaskName "MapAzureFileShare" -InputObject $task
The below script results in a network drive created for all users, unforunately, the network drive is a disconnected drive and inaccessible when I login as the service account I just created. It would say "The username or password is incorrect."
I also tried to create the scheduled task to run as the created user.
$action = New-ScheduledTaskAction -Execute "C:\MapAzureFileShare.bat"
$trigger = New-ScheduledTaskTrigger -AtStartup -RandomDelay 00:00:30
$settings = New-ScheduledTaskSettingsSet -Compatibility "Win8"
$task = New-ScheduledTask -Action $action -Trigger $trigger -Settings
$settings -Description "Map Azure file share at startup"
Register-ScheduledTask -TaskName "MapAzureFileShare" -InputObject $task -User "ServiceAccount" -Password "ServiceAccountPassword"
Nothing gets mapped and it doesn't seem like anything happens if I manually run this scheduled task. BUT if I switch the above scheduled task to Run Only When User is Logged On and execute the task manually, the network map does get created.
If I try to run the batch file as the user I just created, the file share is mapped just fine.
Is there anything else I can try?
I was able to figure out how to create the network mapping via scripts and have it persist.
So instead of doing it in a round about way, using Task Scheduler to run as identity, I was able to just use PsExec to runas the account I wanted to use.
First generate a two batch files, one to save the Windows Credentials to the account I want to map to and one to actually do the mapping.
echo "cmdkey /add:storageaccount.file.core.windows.net /user:Azure\storageaccount /pass:serviceaccountpassword" | Out-File -Append -FilePath "C:\Credential.bat" -Encoding "ASCII"
echo "net use Z: \\storageaccount.file.core.windows.net\share /persistent:yes" | Out-File -Append -FilePath "C:\Map.bat" -Encoding "ASCII"
I then execute the batch files as the account that I want to map the network file share to via PsExec. I won't get into details how I automated installation of this.
More info https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
.\PsExec.exe -u "ServiceAccount" -p "ServiceAccountPassword" -h "C:\Credential.bat" /accepteula
.\PsExec.exe -u "ServiceAccount" -p "ServiceAccountPassword" -h "C:\Map.bat" /accepteula
Now, there's a tricky issue that took me awhile and thanks to a very helpful article to figure out. With the build version of 1809 of Windows 10 (October 2018). Network map is not automatically reconnected even if the network map exists and credentials exists. I decided to use Windows 10 1803 as my base image which allows the drives to be automatically reconnected when spinning up the VM.
More info http://woshub.com/could-not-reconnect-mapped-network-drives/