Serverdaki paylasim klasorunuze anonim erisime izin verin
Kullanici makinelerinde registry ayarlarinda asagidaki lokasyona girip paylasim klasorlerine anonim olarak erisime izin vermek gerekiyor
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
DWord olusturun ve ona AllowInsecureGuestAuth ismini verip degerini 1 yapin.
Bu asagidaki ps1 dosyasini devices > scripts tabindan makinelere dagitin.
[CmdletBinding()]
Param()
###########################################################################################
# Start transcript for logging
###########################################################################################
Start-Transcript -Path $(Join-Path $env:temp "DriveMapping.log")
###########################################################################################
# Input values from generator
###########################################################################################
$driveMappingJson = '[{"Path":"\\\\10.126.128.6\\apps","DriveLetter":"S","Label":"SIMS","Id":0,"GroupFilter":""}]'
$driveMappingConfig = $driveMappingJson | ConvertFrom-Json -ErrorAction Stop
#used to create an array for groups
$driveMappingConfig = foreach ($d in $driveMappingConfig) {
[PSCustomObject]@{
Path = $($d.Path)
DriveLetter = $($d.DriveLetter)
Label = $($d.Label)
Id = $($d.Id)
GroupFilter = $($d.GroupFilter -split ",")
}
}
# If enabled all mounted PSdrives from filesystem except os drives get disconnected if not specified in drivemapping config
$removeStaleDrives = $true
#check if running as system
function Test-RunningAsSystem {
[CmdletBinding()]
param()
process {
return [bool]($(whoami -user) -match "S-1-5-18")
}
}
###########################################################################################
# Mapping network drives
###########################################################################################
#Get PowerShell drives and rename properties
if (-not (Test-RunningAsSystem)) {
$psDrives = Get-PSDrive | Where-Object { $_.Provider.Name -eq "FileSystem" -and $_.Root -notin @("$env:SystemDrive\", "D:\") } `
| Select-Object @{N = "DriveLetter"; E = { $_.Name } }, @{N = "Path"; E = { $_.DisplayRoot } }
#iterate through all network drive configuration entries
foreach ($drive in $driveMappingConfig) {
try {
#check if variable in unc path exists, e.g. for $env:USERNAME -> resolving
if ($drive.Path -match '\$env:') {
$drive.Path = $ExecutionContext.InvokeCommand.ExpandString($drive.Path)
}
#if label is null we need to set it to empty in order to avoid error
if ($null -eq $drive.Label) {
$drive.Label = ""
}
$exists = $psDrives | Where-Object { $_.Path -eq $drive.Path -or $_.DriveLetter -eq $drive.DriveLetter }
$process = $true
if ($null -ne $exists -and $($exists.Path -eq $drive.Path -and $exists.DriveLetter -eq $drive.DriveLetter )) {
Write-Output "Drive '$($drive.DriveLetter):\' '$($drive.Path)' already exists with correct Drive Letter and Path"
$process = $false
}
else {
# Mapped with wrong config -> Delete it
Get-PSDrive | Where-Object { $_.DisplayRoot -eq $drive.Path -or $_.Name -eq $drive.DriveLetter } | Remove-PSDrive -EA SilentlyContinue
}
if ($process) {
Write-Output "Mapping network drive $($drive.Path)"
$null = New-PSDrive -PSProvider FileSystem -Name $drive.DriveLetter -Root $drive.Path -Description $drive.Label -Persist -Scope global -EA Stop
(New-Object -ComObject Shell.Application).NameSpace("$($drive.DriveLetter):").Self.Name = $drive.Label
}
}
catch {
$available = Test-Path $($drive.Path)
if (-not $available) {
Write-Error "Unable to access path '$($drive.Path)' verify permissions and authentication!"
}
else {
Write-Error $_.Exception.Message
}
}
}
# Remove unassigned drives
if ($removeStaleDrives -and $null -ne $psDrives) {
$diff = Compare-Object -ReferenceObject $driveMappingConfig -DifferenceObject $psDrives -Property "DriveLetter" -PassThru | Where-Object { $_.SideIndicator -eq "=>" }
foreach ($unassignedDrive in $diff) {
Write-Warning "Drive '$($unassignedDrive.DriveLetter)' has not been assigned - removing it..."
Remove-SmbMapping -LocalPath "$($unassignedDrive.DriveLetter):" -Force -UpdateProfile
}
}
# Fix to ensure drives are mapped as persistent!
$null = Get-ChildItem -Path HKCU:\Network -ErrorAction SilentlyContinue | ForEach-Object { New-ItemProperty -Name ConnectionType -Value 1 -Path $_.PSPath -Force -ErrorAction SilentlyContinue }
}
###########################################################################################
# End & finish transcript
###########################################################################################
Stop-transcript
###########################################################################################
# Done
###########################################################################################
#!SCHTASKCOMESHERE!#
###########################################################################################
# If this script is running under system (IME) scheduled task is created (recurring)
###########################################################################################
if (Test-RunningAsSystem) {
Start-Transcript -Path $(Join-Path -Path $env:temp -ChildPath "IntuneDriveMappingScheduledTask.log")
Write-Output "Running as System --> creating scheduled task which will run on user logon"
###########################################################################################
# Create registry entry to allow ocnnection to drive map
###########################################################################################
$path = 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters'
Set-ItemProperty -Path $path -Name 'AllowInsecureGuestAuth' -Value 1 -Type DWord
###########################################################################################
# Get the current script path and content and save it to the client
###########################################################################################
$currentScript = Get-Content -Path $($PSCommandPath)
$schtaskScript = $currentScript[(0) .. ($currentScript.IndexOf("#!SCHTASKCOMESHERE!#") - 1)]
$scriptSavePath = $(Join-Path -Path $env:ProgramData -ChildPath "intune-drive-mapping-generator")
if (-not (Test-Path $scriptSavePath)) {
New-Item -ItemType Directory -Path $scriptSavePath -Force
}
$scriptSavePathName = "DriveMapping.ps1"
$scriptPath = $(Join-Path -Path $scriptSavePath -ChildPath $scriptSavePathName)
$schtaskScript | Out-File -FilePath $scriptPath -Force
###########################################################################################
# Create dummy vbscript to hide PowerShell Window popping up at logon
###########################################################################################
$vbsDummyScript = "
Dim shell,fso,file
Set shell=CreateObject(`"WScript.Shell`")
Set fso=CreateObject(`"Scripting.FileSystemObject`")
strPath=WScript.Arguments.Item(0)
If fso.FileExists(strPath) Then
set file=fso.GetFile(strPath)
strCMD=`"powershell -nologo -executionpolicy ByPass -command `" & Chr(34) & `"&{`" &_
file.ShortPath & `"}`" & Chr(34)
shell.Run strCMD,0
End If
"
$scriptSavePathName = "IntuneDriveMapping-VBSHelper.vbs"
$dummyScriptPath = $(Join-Path -Path $scriptSavePath -ChildPath $scriptSavePathName)
$vbsDummyScript | Out-File -FilePath $dummyScriptPath -Force
$wscriptPath = Join-Path $env:SystemRoot -ChildPath "System32\wscript.exe"
###########################################################################################
# Register a scheduled task to run for all users and execute the script on logon
###########################################################################################
$schtaskName = "IntuneDriveMapping"
$schtaskDescription = "Map network drives from intune-drive-mapping-generator."
$trigger = New-ScheduledTaskTrigger -AtLogOn
$class = cimclass MSFT_TaskEventTrigger root/Microsoft/Windows/TaskScheduler
$trigger2 = $class | New-CimInstance -ClientOnly
$trigger2.Enabled = $True
$trigger2.Subscription = ''
$trigger3 = $class | New-CimInstance -ClientOnly
$trigger3.Enabled = $True
$trigger3.Subscription = ''
#Execute task in users context
$principal= New-ScheduledTaskPrincipal -GroupId "S-1-5-32-545" -Id "Author"
#call the vbscript helper and pass the PosH script as argument
$action = New-ScheduledTaskAction -Execute $wscriptPath -Argument "`"$dummyScriptPath`" `"$scriptPath`""
$settings= New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries
$null = Register-ScheduledTask -TaskName $schtaskName -Trigger $trigger,$trigger2,$trigger3 -Action $action -Principal $principal -Settings $settings -Description $schtaskDescription -Force
Start-ScheduledTask -TaskName $schtaskName
stop-Transcript
}
###########################################################################################
# Done
###########################################################################################
#Remove-SmbMapping -LocalPath S: -Force -UpdateProfile
#Get-PSDrive S | remove-psdrive -Force
#New-PSDrive -PSProvider FileSystem -Name S -Root \\10.126.128.6\apps -Description SIMS -Persist -Scope Global -EA Stop
Bu script system olarak calisir ve tum kullanicilar icin bir scheduled task olusturur bunu da olusturdugu C:\ProgramData\intune-drive-mapping-generator klasore yazar ve task kullanici her logon oldugunda calisir.
Durum budur, kolay gelsin