Net use per user ?

My main issue is, running this C# line of code Console.WriteLine(Properties.Settings.Default.GreetingText); throws this exception : 

System.ArgumentException: The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))
   at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(SafePEFileHandle peFile, SecurityZone& zone, StringHandleOnStack retUrl).

When the process using that line of code is started with user "A" from a mapped drive created by user "SYSTEM".

Note that the mapped drive created by SYSTEM is showing an X (disconnected) in explorer, but is still accessible by all users. This shows most probably that what I am trying to do is not supported by Microsoft. I was running several processes (C# or Native) without any problem until we used that particular process with that C# line of code. We tried to remove the line of code, but other C# line of codes are causing a similar problem.

I was looking into changing how the "net use" is created to use a supported way, but my research led to think that net use is PER USER ... but with the exception of SYSTEM user.

If I could create a S: mapped drive with SYSTEM and the same mapped drive S: with the logged in user, this would solve my problem, but its apparently impossible since the S: drive is seen in some way by the logged user even if doing "NET USE" doesn't show the S: drive.

Is it possible to run this C# code on a mapped drive by SYSTEM user ?
How can this problem be solved without having to define another letter ? Having to support 2 drive letter would have a huge impact on the scripts running all the processes because some are running SYSTEM, others are running as the logged user.

 

Question Info


Last updated May 25, 2018 Views 631 Applies to:

I was looking into changing how the "net use" is created to use a supported way, but my research led to think that net use is PER USER.

-> AFAIK you do need a user account when accessing a networked resource. The System account is not acceptable. Why not use an account that you create specifically for your C# session?

It's apparently impossible since the S: drive is seen in some way by the logged user even if doing "NET USE" doesn't show the S: drive.
->What makes you think so?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

We are using a several PCs with one master that shares a product. The client nodes gets the product from the mapped drive. Some of the PCs are not logged in and others are logged in. So, most of the processes are running SYSTEM account to be able to run on the not logged client nodes. The only processes running under the user account are the ones that have a GUIs. 

"Why not use an account that you create specifically for your C# session?"

The C# process is running with the USER that is logged in because its a GUI that need to be shown. We would like that process to start from a mapped drive done by SYSTEM (at boot time) or if possible on a mapped drive done by USER (at log on time) ... but with the same letter.

It's apparently impossible since the S: drive is seen in some way by the logged user even if doing "NET USE" doesn't show the S: drive.

"What makes you think so?"

Run the following commands to notice that you can't create a SYSTEM mapped drive and a USER mapped drive with the same letter.

1) psexec -s cmd.exe (from Systernals and from an admin account)

2) net use S: \\127.0.0.1\<localshare> (Creating a mapped drive with SYSTEM user)

3) net use (will show the S: drive mapped)

4) exit (exit from the session with system)

5) net use (wont show the S: drive mapped from the SYSTEM user)

6) net use S: \\127.0.0.1\<localshare> (this will fail with "The local device name is already in use.")

Doing the same commands with 2 different users other than SYSTEM will work.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

We are using a several PCs with one master that shares a product. The client nodes gets the product from the mapped drive. Some of the PCs are not logged in and others are logged in.
-> My experience in this area is limited (which is why you might want to post your question in a TechNet forum) but to my knowledge you need to use a service that runs under a specific account when accessing shared resources independently from the active account. This would mean that your process runs in a completely defined account context.

Run the following commands to notice that you can't create a SYSTEM mapped drive and a USER mapped drive with the same letter.

-> Here is the slightly condensed output from your command sequence. Please note the bolded section. I actually wonder what the purpose of the exercise is, seeing that the share is mapped to the local PC.

c:\>psexec -s cmd
Microsoft Windows [Version 10.0.14393]

C:\WINDOWS\system32>net use s: \\127.0.0.1\DriveE
The command completed successfully.

C:\WINDOWS\system32>exit
cmd exited on SPRING with error code 0.

c:\>net use
New connections will not be remembered.
There are no entries in the list.

c:\>dir s:
 Volume in drive S is Drivers
 Volume Serial Number is ECFB-9CF0
 Directory of S:\
22.11.2016  23:44    <DIR>          $RECYCLE.BIN
13.11.2016  13:25    <DIR>          Backup
17.01.2017  12:02    <DIR>          Drivers

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

My experience in this area is limited (which is why you might want to post your question in a TechNet forum) but to my knowledge you need to use a service that runs under a specific account when accessing shared resources independently from the active account. This would mean that your process runs in a completely defined account context

-> This would mean a major change in the way of accessing the files. I dont think we can go there. Can you put the link to the TechNet forum ?

Here is the slightly condensed output from your command sequence. Please note the bolded section. I actually wonder what the purpose of the exercise is, seeing that the share is mapped to the local PC.

-> Mapping with another PC or mapping with the local PC will result in the same problem I have in the end. So I am reducing the complexity of the problem. You are pretty close to reproducing the problem I am getting.

From there, you can notice that in explorer, you see an "Disconnected Network Drive S:" with a big red X. But like me, you noticed that its usable by doing the "DIR" command. I was able to use that drive by loading processes from that mapped drive for a while without any problems. Still, this is odd when the documentation says that NET USE command is per USER. How come we can use the mapped drive by SYSTEM with a named USER account ?

While searching for my problem, I found this post https://www.visualcron.com/forum.aspx?g=posts&t=3147. From there, there is a TestProcess.zip that can be downloaded (search for File Attachment) with all the code. If you run the TestProcess.exe from the S: drive you just created with your USER account, it will fail with the mentioned exception in my first post. If you run "psexec -s cmd.exe" and run the same process from the S: drive from the SYSTEM account, it will succeed. Its the simple line  Console.WriteLine(Properties.Settings.Default.GreetingText);  that throws the exception.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Can you put the link to the TechNet forum ?

This would be a good start: https://technet.microsoft.com/en-gb/ms772425

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.