PowerCLI

Hello,

I am trying to use PowerCLI to check if a VM is connected to a share drive (let's call it the F: drive, with UNC \\10.0.0.1\drive\share for example). When I log into the VM, the share is connected, and I have full access to it. When I run the following it returns True in both cases, indicating the drive is connected as well:

• "Test-Path -Path F:\\"
• "Test-Path -Path \\10.0.01\drive\share"

Also, if i run the following it also displays the F: drive and says it is "Okay" (connected)

• "net use"

However, when I run the Test-Path commands via Invoke-VMScript, it returns False... When I run the net use command via Invoke-VMScript it returns:

Status         Local Remote                       Network

-------------------------------------------------------------------------------
Unavailable F:        \\10.0.0.1\drive\share Microsoft Windows Network

Is there some reason why Invoke-VMScript cannot see or access these shares? Here is a simple example of my powershell code:

$CheckDriveScript = @{
ScriptText = "Test-Path -Path F:\\"
#ScriptText = "Test-Path -Path \\10.0.0.1\drive\share"
#ScriptText = "net use"
VM = $vmo
GuestUser = "User"
GuestPassword = ConvertTo-SecureString "Password" -AsPlainText -Force
ScriptType = 'PowerShell'
}
$Result = Invoke-VMScript @CheckDriveScript
Write-Host "Results of Check Drive Script:"
Write-Host $Result.scriptoutput

With the 'net use' command does it show anything?
I get the drive but with the Status 'unavailable' when that same user does not have an open session on the VM.

When I manually log into the VM with the same username/password as in my script, the net use command shows the following:


Status Local    Remote                        Network

-------------------------------------------------------------------------------
OK      F:          \\10.0.0.1\drive\share   Microsoft Windows Network

That same command when run with Invoke-VMScript the output shows:

Status         Local Remote                       Network

-------------------------------------------------------------------------------
Unavailable F:        \\10.0.0.1\drive\share Microsoft Windows Network

Network drives are mapped in the context of a user session.
The VMware Tools service, through which the Invoke-VMScript works, is not a user session.

The same behavior is seen when you try to access network drives via an SSH session.

Use the UNC path instead of the drive letter.

I can use the UNC path and get it to return true with Invoke-VMScript on this command after trying again:

ScriptText = Test-Path -Path \\10.0.0.1\drive\share

So you're correct that this must be the issue. Is there any way that I could create a user session? or is that impossible with Invoke-VMScript?

For context, I am working on a ransomware detection solution that runs on share drives to detect malicious activity and report/stop it. I want to be able to test this solution in an automated way by connecting to my test VM, making sure the share is connected, and then running the test binaries on the machine.

These binaries will of course need to interact with the share drive, but if there is no user session, they will never be able to detect or access it without a user session. Any help would be greatly appreciated.

I'm afraid that it is impossible via the Invoke-VMScript cmdlet to start a User Session.

Update: I just tested with a remote PS session (New-PSSession and Enter-PSSession), but that has the same limitations.