Need non-admin way to convert UNC path to local path using remote powershell

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 4 years, 1 month ago.

  • Author
    Posts
  • #6578
    Profile photo of BillFriedmann
    BillFriedmann
    Participant

    I need to pass a UNC path arg to a invoke-command script, such that when the script runs on the remote computer, I can get the local path equivalent of the UNC path (the UNC path references a file local to the remote computer being remoted to), using non admin credentials to the remote computer.

    For example, if the user who executes this command is not an admin on computer remoteA, but has been given remote powershell access and has WRITE perm access to the file share on remoteA, I need the following command to convert the UNC path to a local path.

    Any help would be greatly appreciated.  I have been trying all kinds of methods from web searching for 3 days now and none have worked.

    invoke-command -computer remoteA { param($uncPath) $localPath = SomeFunc($uncPath) } -ArgumentList "\\remoteA\shareB\SomeFolder"

     

  • #6582
    Profile photo of Don Jones
    Don Jones
    Keymaster

    There's no real shortcut way to do this. I suspect you'll have to write a script that parses the UNC path, and then on the local computer looks up its shared folders until it finds a match, and then looks at the properties of that match to determine the underlying path.

    This question does come up a lot. "resolve unc to path" is a good search term, if you haven't tried that. http://www.xtremevbtalk.com/archive/index.php/t-172276.html has a VBScript function you could possibly rewrite in PowerShell. It basically takes the approach I suggested.

  • #6583
    Profile photo of BillFriedmann
    BillFriedmann
    Participant

    Thanks for the suggestions DonJ.  I actually tried use "get-wmiobject -computer localhost win32_share" in the remoting script block, which does enumerate the file shares, but only if the user is an admin on the remote computer.  This approach in addition to the "net share" command approach, both fail with "access denied" if the credential used is a non admin.

    I am in need of a non-admin way to enumerate the shares on  a remote computer where the user has remote powershell access but does not have admin access to the remote computer.

  • #6589
    Profile photo of Don Jones
    Don Jones
    Keymaster

    I'm not actually certain there is such a thing. Enumerating share properties is a privileged operation.

    What you might be looking for instead is a custom remoting endpoint (I cover them in Secrets of PowerShell Remoting, one of our free ebooks here). You control who remotes in, such as your non-admin user, but you set a different credential to run the actual commands. Kinda like a "remote runas" if you will. Your user doesn't gain any additional permissions, and you can lock down what commands are permitted in the endpoint, to restrict what they can do.

You must be logged in to reply to this topic.