1

This is a portion of my powershell script where I have to map a local folder to the S: Drive. I can't map New-PSDrive when my script 'Run as Admin'. If I do, it is not visible on 'My PC'. I have ran Get-PSDrive and it shows it is visible just not on 'MY PC'.

I have tried Net-Use within PS. I have tried New-SMBmapping

New-SMBmapping -localpath 'S:' -remotepath '\\$comName\pos' -persistent $true

My script needs to Run As Admin for the rest of my script. Currently this is the my script.

#Get Computer name
$comName = $computerNameCSV.ComputerName

#This will map folder to S drive
New-SmbShare -Name "SOP" -Path "C:\FolderShare" -FullAccess Everyone
New-PSDrive -Name "S" -Root "\\$comName\c$\FolderShare" -Persist -PSProvider "FileSystem"
havoc319
  • 11
  • 2
  • I believe behind the scenes Windows treats `Admin` vs `Non-Admin` drives differently. When you map a drive as an `Admin`, you will only see it in `Admin Mode`. Verify by opening PowerShell as Admin and seeing if the drive exists. There are ways around it but might be useful to know more about your scenario – Clayton Lewis Oct 31 '19 at 17:56
  • One way that might work is setting a task for the mapping of the drive and setting the `RunLevel` appropriately for `New-ScheduledTaskPrincipal` – Clayton Lewis Oct 31 '19 at 17:59
  • Yes, I've deduced this much. I should've included the drives become visible on 'MY PC' when I run the command without Admin Mode. However, the rest of my script needs to be ran in Admin Mode. Edit: For example I need Admin mode to execute New-SmbShare. – havoc319 Oct 31 '19 at 18:01
  • Would creating a task in Task Scheduler to run as non admin and then tell it to execute not work for ya? – Clayton Lewis Oct 31 '19 at 18:28
  • [This talks about removing elevation using Scheduled Tasks](https://stackoverflow.com/questions/40863475/starting-non-elevated-prompt-from-elevated-session) – Rich Moss Oct 31 '19 at 18:29
  • You could also launch PowerShell to begin with in `Non Admin` and then call the 2nd Script with this at the beginning of it `If (-Not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { $Arguments = "& '" + $MyInvocation.MyCommand.Definition + "'" Start-Process Powershell -Verb RunAs -ArgumentList $Arguments Break }` It can get weird depending on your `UAC` and `LUA` settings, etc. It will relaunch a script as `Admin` if it is not running as `Admin` – Clayton Lewis Oct 31 '19 at 18:31

2 Answers2

2

Short answer:

You can't.

Long answer:

The reason is all about the User Context. When you open a normal PowerShell console, you run that console under your current user context. That is why, when you run the command to map the share in PowerShell, it shows up in your currently logged in user context.

When you launch PowerShell via Run As Admin, you create a new user context. Running commands to map the share creates the mappings inside that context, which is different than your currently logged in user context. I.e. conceptually think about Running as Admin is as if you physically logged into the machine as a different user.

One workaround would be to separate the script into two parts, the first one runs under the current user context and maps the drive, and a second one that can be launched with Admin privileges to do what is needed. e.g. Inside your script you launch the second script as admin with:

Start-Process powershell -Verb runAs AdminScript.ps1
HAL9256
  • 12,384
  • 1
  • 34
  • 46
  • I feared as much. This would require me to write 3 different scripts just for 1 command. Would you know how I could Toggle between the 2 'modes'? I've tried writing one full script and a second script just to run that command. The one full script would run as admin and just call the second script hoping it would open without admin but that failed. If I had to run them manually, that would kill my project. – havoc319 Oct 31 '19 at 18:20
  • Why do you actually need to see the drive in your GUI? – Scepticalist Oct 31 '19 at 19:45
1

The visibility of mapped drives between admin and non-admin contexts is restricted by design. You can disable this behaviour using Group Policy or the registry, as described here:

Mapped drives are not available from an elevated prompt when UAC is configured to "Prompt for credentials" in Windows

boxdog
  • 7,894
  • 2
  • 18
  • 27