如何以编程方式添加映射网络密码 (WinXP)? [英] How to programatically add mapped network passwords (WinXP)?

查看:25
本文介绍了如何以编程方式添加映射网络密码 (WinXP)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在 WinXP (SP2) 中,您可以存储映射的网络密码...

开始->控制面板->用户帐户->选择一个然后从相关任务中选择管理我的网络密码".

我通常有大约 25-30 个服务器以这种方式映射到几个不同的帐户/域.问题是,在我们政策更新的某个时候,它们会被清除,而将它们全部重新添加回来是真正的 PITA.

有人知道如何使用某种脚本以编程方式添加它们吗?

澄清一下,最终目标不是映射驱动器,而是实际创建该部分中的条目.这允许我们使用 Windows 身份验证连接到我们的服务器(通过 Dameware、SSMS 等).

附录:

Mark 的 CredWrite 提示将我带到这里...

pinvoke.net -- CredWrite (advapi32)

这反过来又把我带到了这里......

对等频道博客 -- 应用程序密码安全

事实证明两者都非常有帮助.

解决方案

  • cmdkey.exe 是该工具的 CLI 版本 -但我相信它只包含在 Win2003+ 中.我怀疑复制到 XP 会起作用 - 但可能会违反您的 EULA.
  • 网络使用 也有一个 savecred 选项,如果你重新映射驱动器
  • 根据此相当详细的信息,CredMgr 将其数据库存储在2个地点.仅备份这些文件可能就足够了:
    • %APPDATA%\Microsoft\Credentials\%UserSID%\Credentials
    • %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials\%UserSID%\Credentials
  • 有一个 API 可以读取凭据,CredEnumerate - 但没有立即明显的方法来添加你自己的.几个候选人:
    • CredWrite 需要一个正常的 CREDENTIAL,但没有表示存储超过当前会话.
    • CredUIStoreSSOCredW 采用 bPersist 参数 -但指定领域"而不是服务器或网络位置.

哦.我错过了 CREDENTIAL 的 PERSIST 成员.它可以是以下值之一:

  • CRED_PERSIST_SESSION:凭据在登录会话的整个生命周期内都存在.同一用户的其他登录会话将看不到它.此用户注销并重新登录后,它将不存在.
  • CRED_PERSIST_LOCAL_MACHINE:对于同一台计算机上的所有后续登录会话,该凭据仍然存在.它对同一台计算机上同一用户的其他登录会话可见,而对其他计算机上该用户的登录会话不可见.(这是存储在本地设置文件中的内容)
  • CRED_PERSIST_ENTERPRISE:对于同一台计算机上的所有后续登录会话,该凭据仍然存在.它对同一用户在同一台​​计算机上的其他登录会话以及该用户在其他计算机上的登录会话可见.如果管理员或用户将用户帐户配置为不具有可漫游状态,则此选项可作为本地持久凭证实施.例如,如果用户没有漫游配置文件,则凭证将仅在本地保留.(这是存储在 AppData 中的内容)

看起来 CredWrite 是你想要的 API.

In WinXP (SP2) you can store mapped network passwords...

Start->Control Panel->User Accounts->Pick one then choose "Manage my network passwords" from Related Tasks.

I normally have about 25-30 servers mapped this way to a few different accounts/domains. The problem is that at some point during our policy updates they get wiped out and it's a real PITA to add them all back again.

Does anyone know how to add them programatically using some sort of script?

Just to clarify, the end goal is not to map drives, it's to actually create the entries in that section. This allows us to use Windows authentication for connecting to our servers (via Dameware, SSMS etc.).

Addendum:

Mark's CredWrite tip led me here...

pinvoke.net -- CredWrite (advapi32)

Which in turn led me here...

Peer Channel Blog -- Application Password Security

Both have proved very helpful.

解决方案

  • cmdkey.exe is the CLI version of the tool - but I believe it's only included on Win2003+. I'd suspect a copy to XP would work - but may violate your EULA.
  • net use also has a savecred option, if you're mapping drives
  • According to this fairly detailed info, the CredMgr stores it's database in 2 locations. It may be enough to just back up these files:
    • %APPDATA%\Microsoft\Credentials\%UserSID%\Credentials
    • %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials\%UserSID%\Credentials
  • There's an API to read the credentials, CredEnumerate - but no immediate obvious way to add your own. A couple of candidates:
    • CredWrite takes a normal CREDENTIAL, but nothing to indicate storing past the current session.
    • CredUIStoreSSOCredW takes a bPersist parameter - but specifies a "realm" instead of a server or network location.

Edit: D'oh. I missed the PERSIST member of CREDENTIAL. It can be one of the following values:

  • CRED_PERSIST_SESSION: The credential persists for the life of the logon session. It will not be visible to other logon sessions of this same user. It will not exist after this user logs off and back on.
  • CRED_PERSIST_LOCAL_MACHINE: The credential persists for all subsequent logon sessions on this same computer. It is visible to other logon sessions of this same user on this same computer and not visible to logon sessions for this user on other computers. (This is what's stored into the Local Settings file)
  • CRED_PERSIST_ENTERPRISE: The credential persists for all subsequent logon sessions on this same computer. It is visible to other logon sessions of this same user on this same computer and to logon sessions for this user on other computers. This option can be implemented as locally persisted credential if the administrator or user configures the user account to not have roam-able state. For instance, if the user has no roaming profile, the credential will only persist locally. (This is what's stored into AppData)

It looks like CredWrite is the API you want.

这篇关于如何以编程方式添加映射网络密码 (WinXP)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆