Accessing Windows Network Shares via Command Line with Credentials Without Drive Mapping


2 views

As IT professionals, we often need to access numerous Windows network shares across different servers using various credentials. The traditional approach of mapping network drives becomes impractical when dealing with dozens of different servers daily. The constant drive letter assignment and removal creates administrative overhead and potential conflicts.

Windows provides several command-line methods to access shares without permanent mapping:

net use \\servername\share /user:domain\username password
explorer.exe \\servername\share

However, this still creates a temporary connection that needs to be cleaned up later. For a more elegant solution, we can use PowerShell:

$cred = Get-Credential
New-PSDrive -Name "Temp" -PSProvider FileSystem -Root "\\servername\share" -Credential $cred -Persist

Here's a more sophisticated PowerShell script that handles multiple shares efficiently:

function Open-NetworkShare {
    param(
        [string]$Server,
        [string]$Share,
        [string]$Domain,
        [string]$Username,
        [string]$Password
    )
    
    $fullPath = "\\$Server\$Share"
    $cred = New-Object System.Management.Automation.PSCredential ("$Domain\$Username", (ConvertTo-SecureString $Password -AsPlainText -Force))
    
    try {
        New-PSDrive -Name "TempShare" -PSProvider FileSystem -Root $fullPath -Credential $cred -Scope Global -ErrorAction Stop | Out-Null
        explorer.exe $fullPath
    }
    catch {
        Write-Warning "Failed to access share: $_"
    }
}

# Example usage:
Open-NetworkShare -Server "fileserver01" -Share "departments" -Domain "CORP" -Username "jdoe" -Password "P@ssw0rd123"

For more control, we can use P/Invoke to call Windows API functions directly. This C# example demonstrates how to authenticate and access shares programmatically:

using System;
using System.Runtime.InteropServices;

class NetworkShareAccess
{
    [DllImport("mpr.dll")]
    private static extern int WNetAddConnection2A(ref NETRESOURCEA lpNetResource, string lpPassword, string lpUsername, int dwFlags);

    [StructLayout(LayoutKind.Sequential)]
    private struct NETRESOURCEA
    {
        public int dwScope;
        public int dwType;
        public int dwDisplayType;
        public int dwUsage;
        public string lpLocalName;
        public string lpRemoteName;
        public string lpComment;
        public string lpProvider;
    }

    public static void ConnectToShare(string remotePath, string username, string password)
    {
        NETRESOURCEA nr = new NETRESOURCEA
        {
            dwType = 1, // RESOURCETYPE_DISK
            lpRemoteName = remotePath,
            lpLocalName = null
        };

        int result = WNetAddConnection2A(ref nr, password, username, 0);
        if (result != 0)
        {
            throw new System.ComponentModel.Win32Exception(result);
        }
    }
}

When implementing these solutions, consider:

  • Never store plaintext passwords in scripts
  • Use Windows Credential Manager for secure storage
  • Implement proper error handling for authentication failures
  • Consider using certificate-based authentication where possible

For those preferring simple batch files, here's a template that prompts for credentials:

@echo off
set /p server=Enter server name: 
set /p share=Enter share name: 
set /p domain=Enter domain: 
set /p username=Enter username: 
set /p password=Enter password: 

net use \\%server%\%share% /user:%domain%\%username% %password%
if %errorlevel% equ 0 (
    explorer.exe \\%server%\%share%
) else (
    echo Failed to connect to share
    pause
)

As IT professionals, we frequently encounter scenarios where we need to access multiple network shares using different credentials than our logged-in account. The traditional approach of mapping drives becomes impractical when dealing with dozens of servers and shares daily. Here's a smarter way to handle this.

The net use command is the standard way to access shares:

net use \\servername\share /user:domain\username Pa55w0rd!
explorer \\servername\share
net use \\servername\share /delete

While this works, it temporarily maps a drive letter (if not specified) and leaves connection artifacts.

$cred = Get-Credential
New-PSDrive -Name TempShare -PSProvider FileSystem -Root "\\server\share" -Credential $cred -Scope Global
explorer TempShare:\
Remove-PSDrive -Name TempShare

This creates a temporary mapped drive that disappears when the session ends.

For persistent credential handling without visible mappings:

runas /netonly /user:domain\username "explorer.exe \\servername\share"

You'll be prompted for the password, and Explorer will open with those credentials.

Create a reusable script to handle multiple servers:

@echo off
set /p server=Enter server name: 
set /p share=Enter share path: 
set /p domain=Enter domain: 
set /p username=Enter username: 

powershell -Command "$cred = Get-Credential -UserName '%domain%\%username%' -Message 'Enter password'; Start-Process 'explorer.exe' -ArgumentList '\\%server%\%share%' -Credential $cred"

For enterprise environments, these tools offer better solutions:

  • NetUse (command-line tool for persistent credential management)
  • Remote Desktop Connection Manager (for RDP sessions with different creds)
  • SessionBox (browser-based credential isolation)

When implementing these solutions:

  • Never store passwords in plain text
  • Consider using Windows Credential Manager for secure storage
  • Implement proper logging for audit purposes
  • Use minimal required permissions

The optimal approach depends on your specific environment and security requirements, but these methods eliminate the need for permanent drive mappings while maintaining efficient access to numerous network shares.