Announcement

Collapse
No announcement yet.

net view

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • net view

    Hello,

    Pls is it possilbe to dissable Net view by domain policy? I cannot deny net.exe because |I am using "net use" for maping network drives.

    Thanks
    Thanks

    Caspi

  • #2
    Re: net view

    No, sorry, you can't. Policy can stop a particular EXE from being loaded into memory by comparing it to certain criteria. It cannot stop you passing a particular PARAMETER to a command because that parameter is only passed to the command, nowhere else. Now - if the command prompt environment were INTEGRATED into Windows (like the old Amiga command Shell was) or the actual OS was a command prompt environment (like UNIX) which can have a GUI bolted on top, then maybe it could be done. But not with Windows.
    Last edited by Stonelaughter; 2nd March 2007, 18:29.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: net view

      If he used a vbs script instead for mapping the drives, couldn't he then blitz the whole net command? Just a wild thought....
      Best wishes,
      PaulH.
      MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

      Comment


      • #4
        Re: net view

        And a good one at that. You offering to write up a prototype?
        Cheers,

        Rick

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

        Comment


        • #5
          Re: net view

          I need look no further than brian873 on our favourite forum archive:http://forums.petri.com/archive/index.php?t-9607.html

          Dim objNetwork
          Set objNetwork = WScript.CreateObject("WScript.Network")
          strLocalDrive = "L:"
          strRemoteShare = "\\server\share_name"
          strPer = "FALSE"
          strUsr = "username"
          strPas = "password"
          objNetwork.MapNetworkDrive strLocalDrive, strRemoteShare, strPer, strUsr, strPas
          Best wishes,
          PaulH.
          MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

          Comment


          • #6
            Re: net view

            An other option could be to use a computer startupscript that renames 'net.exe' to 'CopyNet.exe' or something.
            Or create a fake net.com. Or delete the local net.exe and use it from a share.
            After one of these things, you need to modify the logon batch a bit.

            And Paul's idea to translate the net.exe command from the batch to a vbscript is a good one.
            Originally posted by PaulH
            I need look no further than brian873 on our favourite forum archive:http://forums.petri.com/archiv...hp?t-9607.html
            Yes that's it. But normaly you don't have to use 'strUsr', 'strPas' in the script for accessing the share (and you don't want to show credentials in the logonscript). You can leave that part out.

            If you need to map more than only one drive, then use a subroutine in the script, that way you have to write the routine only one time.

            Put this routine, like this, at the bottom of the script;
            Code:
            '----------------------------------------------------------
             Sub MapDrive(sDriveLetter ,sFolderShare,sAlias)
                Set objNet = WScript.CreateObject("WScript.Network")
                objNet.MapNetworkDrive sDriveLetter, sFolderShare, False
               Set oShell = CreateObject("Shell.Application")
               oShell.NameSpace(sDriveLetter).Self.Name = sAlias
             End Sub
            '----------------------------------------------------------
            Then you can use as much of these line below as you need drive mappings in the script;
            Code:
            MapDrive "J:","\\server\share","friendlyName"
            MapDrive "K:","\\server\share","friendlyName"
            MapDrive "L:","\\server\share","friendlyName"
            MapDrive "M:","\\server\share","friendlyName"
            (An extra feature here is that you can give the mapping an 'Alias', so users don't longer see the server\sharename in Explorer but a 'friendlyname' instead. you can leave that out from the subroutine if you don't want it)

            I am affraid that the original logon batch is doing more than only mapping drives right now? Then you have to change all the other functions to the vbscript too, or use the vbscript as a seperate logonscript, runned before or after the batch.

            \Rem
            Last edited by Rems; 3rd March 2007, 14:21.

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment


            • #7
              Re: net view

              why not just deny access to net.exe for local users but allow system?
              This message represents the official view of the voices in my head

              Comment


              • #8
                Re: net view

                Logon scripts run as the user, not system. So if net.exe was used there, it wouldn't work.
                Cheers,

                Rick

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                Comment


                • #9
                  Re: net view

                  Originally posted by rvalstar View Post
                  Logon scripts run as the user, not system. So if net.exe was used there, it wouldn't work.
                  So, can we do what Graycat says, and map the drives in a startup script rather than a logon script? Just a thought.
                  Best wishes,
                  PaulH.
                  MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                  Comment


                  • #10
                    Re: net view

                    I don't know if users inherit drives mapped to System. I suspect not.
                    Cheers,

                    Rick

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                    Comment


                    • #11
                      Re: net view

                      Very good point, Rick, as always.

                      In which case, perhaps the best prevailing idea is to map the drives using VBScript and get rid of (or rather, deny completely) net.exe
                      Best wishes,
                      PaulH.
                      MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                      Comment


                      • #12
                        Re: net view

                        Not disagreeing. Just replying to graycat. Thought you and Rems had it worked out that way already.

                        BTW, gratuitous arse kissing gets you no where w/ me.
                        Last edited by rvalstar; 13th March 2007, 18:27. Reason: Don't ==> Not
                        Cheers,

                        Rick

                        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                        Comment


                        • #13
                          Re: net view

                          Originally posted by rvalstar View Post

                          BTW, gratuitous arse kissing gets you no where w/ me.
                          Oh. Just being polite.
                          Best wishes,
                          PaulH.
                          MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                          Comment


                          • #14
                            Re: net view

                            Polite is always good. Maybe Italy is rubbing off on me.

                            As always, a pleasure to be in your presence.
                            Cheers,

                            Rick

                            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                            2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                            Comment


                            • #15
                              Re: net view

                              Originally posted by rvalstar View Post
                              I don't know if users inherit drives mapped to System. I suspect not.
                              This one's been nagging at me in my tiny brain, so I just thought I would test this one out because Rick's notion is interesting and I want to find out more. I created a mapDrive.cmd script which was simply
                              Code:
                              net use x: \\server\share
                              and made it a User Configuration startup script.

                              I logged on as the user and the drive was correctly mapped! The drive letter had the privileges of the logged in user, rather than the SYSTEM account.

                              Then I removed the "Execute" privilege on the file net.exe from the user, and I could not run net use... from the command line when logged in as that user. Objective achieved? Well, sadly not, because as soon as you remove the Execute privilege from the user for net.exe, the map drive script does not work because of access denied. Now, I am puzzled because I thought startup scripts ran in the context of SYSTEM, but perhaps that's only computer startup scripts, wheras this one is a user config startup script, therefore is running as the user, therefore net is denied!

                              Sorry that I'm flogging a dead horse...
                              Last edited by PaulH; 20th March 2007, 22:39.
                              Best wishes,
                              PaulH.
                              MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                              Comment

                              Working...
                              X