How To Map a Network Drive With Encrypted Password with PowerShell
Introduction
With the New-PSDrive cmdlet add to PowerShell 3, we can now mount any available PSProvder as a drive. This is great and simple to execute, but the real question is how can I do this and not send the password in clear text, but encrypted. The answer to that question is yes and in this post we will discuss how.
The Process
The first piece of the puzzle is to create a secure string password for our New-PSDrive to use. The commands needed for this feat must be run on each computer this needs to run on and cannot be included in the script.
Create the Secure String Password
Open a PowerShell session with administrator privileges. First piece is to create a variable and execute Get-Credential to popup a box for us to type in the credentials we need to connect.
$credential = Get-Credential
Next step is to write the secure string to a file for reference. You can change the location where you want to store the password. You will recieve a popup in which you will need to add the DOMAIN\username and password to access the share.
$credential.Password | ConvertFrom-SecureString | Set-Content c:\temp\password.txt
Map The Drive
Now we are ready to move forward and make the drive connection using the Secure-String password we setup.
First set the $encrypted variable to point to the location of the Secure-String password set earlier.
$encrypted = Get-Content c:\temp\password.txt | ConvertTo-SecureString
Now we are ready to define the $credential with the encrypted password to use to connect. Change credential to use different ID domain\user
$credential = New-Object System.Management.Automation.PsCredential("DOMAIN\username", $encrypted)
Now we are ready to map the drive. Change name variable to drive letter you want to use and Root should be UNC path for mapping. In this example we are mapping to G.
New-PSDrive -name "G" -PSProvider FileSystem -Root \\SERVER\share -Persist -Credential $credential
At this point we have mapped the drive and to verify type Get-PSDrive and you will now see all mounted drives available to the system.
Remove the Drive Mapping
If you want to remove a mapping just use the Remove-PSDrive cmdlet.
Remove-PSDrive -name "G" -Force
I need something like this, but would prefer it not to write to text. I would rather it prompt for the credentials and username. And is there a way to pull the domain from the computer membership and apply it into the script? I find most users don’t have a clue about which domain they are in.
Thanks!
This is clumsy. You have to specify the domain\user TWICE; once upon they type it in, then again in the script.
Beautiful. This worked like a charm.