Accessing Network Drives Created in Services Under Windows NTLast reviewed: November 13, 1997Article ID: Q149984 |
The information in this article applies to:
SUMMARYThis article explains how to access network drives created in services. Even though network drives are global system resources, they can only be accessed by processes running under the security context which was used to establish the network connection. In fact the rule is very simple. A network connection is always made with a set of credentials (such as, domain name, user name, and password.) A process can access a network drive only if it has already validated the credentials used to establish the connection. This article can also be used to understand how to create pseudo-permanent connections with the scheduler.
MORE INFORMATIONFor the purpose of this article, assume the following configuration:
1.Network Connection made with Service1 2.Network Connection made with the option /USER 1.Network Connection made with Service1 When a network connection is established under "Service1," the "User1" credentials are used (such as, domain "DOMAIN," user "User1" and their password):
NET USE X: \\ASERVER\SHAREThe drive X: is mapped to \\ASERVER\SHARE and can only be used by Processes which have validated this credentials of DOMAIN\User1. Therefore only the following processes can access the network drive X:
When a network connection is made with NET USE /USER:'Domain\Auser', the redirector sends an Server Message Block (SMB) frame "C Session setup" to the server in order to validate the credentials of "Domain\Auser." The server creates an access token for this user and replies to the redirector with an SMB frame "R Session setup" including a user ID that will be used in all consecutive SMB frames related to the connection.
NET USE X: \\ASERVER\SHARE /USER:DOMAIN\AuserThe drive X: is mapped to \\ASERVER\SHARE and can only be used by processes which have validated the credentials of DOMAIN\AUser. Therefore only the following processes can access the network drive X:
ARTICLE-ID: Q115848 TITLE : Services and Redirected Drives ARTICLE-ID: Q103390 TITLE : Network Access Validation Algorithm and Example |
Additional query words: 4.00 prodnt
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |