Vitor Santos

UNC Path ability to impersonate specific user

Recommended Posts

Hello,

As an MSP we've the need to monitor a lot of directories/shares for the same client.
Some of those shares are accessible with the collector user, however, we've some clients that restrict their share to specific users (not the ones running the collector service).

I've tried to create a datasource that's a simple runas where we can pass the user/passwd as a parameter, however, that isn't possible to run from the collector level (confirmed by LM staff in a case that I've raised).
Can this be implemented? This feature would be very important (since we monitor +100 clients).

  • Upvote 4

Share this post


Link to post
Share on other sites

(not to discount the feature request)

Tried looking at using PowerShell script with New-PSDrive to temp map the UNC path with a different credentials? I generally would request the shares be modified to include the monitoring account rather then store user credentials in LM and dealing with these users changing their passwords.

Share this post


Link to post
Share on other sites
7 minutes ago, Mike Moniz said:

(not to discount the feature request)

Tried looking at using PowerShell script with New-PSDrive to temp map the UNC path with a different credentials? I generally would request the shares be modified to include the monitoring account rather then store user credentials in LM and dealing with these users changing their passwords.

Thanks for the feedback @Mike Moniz

Totally got your point & makes sense!

The share modify is an option, however, we've some picky clients that would consider that a security concern since some shares contain very sensitive information to the company & our service accounts are available for multiple people within our organization.
Store the user credentials in LM would be more secure (from a manage point of view) because only a small number of engineers have permission to access the features that could retrieve those stored credentials.

I'll explore the 'New-PSDrive' thing & see if it's possible to do what we want (which is essentially what UNC Path already does but, with a different user). I didn't thought on that, thanks for the suggestion!

 

Share this post


Link to post
Share on other sites

@Vitor Santos, @Mike Moniz, thanks for the discussion. I did some digging in JIRA, as this has come up before. I think I found a DataSource that solves this, it just never found its way into core. I'll get this into a sprint for review so we can see about giving it a proper release. Code looks like this:

 

def user = hostProps.get("win.user")
def pass = hostProps.get("win.pass")

def path = instanceProps.get("wildvalue")

def command = "cmd /c dir ${path} /a | findstr \"File(s) Dir(s)\"";

if(user && pass)
{
	command = "cmd /c net use ${path} /user:${user} ${pass} & dir ${path} /a | findstr \"File(s) Dir(s)\"";
}

def stdout = (command.tokenize()).execute().text;
def result = stdout.readLines();

def fileInfo = result[-2];
def dirInfo = result[-1];

def tokens = fileInfo.split();

println("Files=${tokens[0]}");
println("UsedSpace=${tokens[2].replace(',','')}");

tokens = dirInfo.split();

println("Folders=${tokens[0]}");
println("FreeSpace=${tokens[2].replace(',','')}");

return 0;

 

Share this post


Link to post
Share on other sites
18 hours ago, Michael Rodrigues said:

@Vitor Santos, @Mike Moniz, thanks for the discussion. I did some digging in JIRA, as this has come up before. I think I found a DataSource that solves this, it just never found its way into core. I'll get this into a sprint for review so we can see about giving it a proper release. Code looks like this:

 


def user = hostProps.get("win.user")
def pass = hostProps.get("win.pass")

def path = instanceProps.get("wildvalue")

def command = "cmd /c dir ${path} /a | findstr \"File(s) Dir(s)\"";

if(user && pass)
{
	command = "cmd /c net use ${path} /user:${user} ${pass} & dir ${path} /a | findstr \"File(s) Dir(s)\"";
}

def stdout = (command.tokenize()).execute().text;
def result = stdout.readLines();

def fileInfo = result[-2];
def dirInfo = result[-1];

def tokens = fileInfo.split();

println("Files=${tokens[0]}");
println("UsedSpace=${tokens[2].replace(',','')}");

tokens = dirInfo.split();

println("Folders=${tokens[0]}");
println("FreeSpace=${tokens[2].replace(',','')}");

return 0;

 

Hello @Michael Rodrigues, thanks for sharing this!
If possible, please advise once that gets published.

In the meanwhile I've used this code (tweaked it a little bit) & created a DataSource for what we want.
Downside here is, from what I tested it only works if the LM collector service is running as user (not as local system) but, I guess this does the trick (since we force that service to run as an admin account).

Thank you!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.