Forum Discussion

Vitor_Santos's avatar
5 years ago

UNC Path ability to impersonate specific user

Hello,

As an MSP we've the need to monitor a lot of directories/shares for the same client.
Some of those shares are accessible with the collector user, however, we've some clients that restrict their share to specific users (not the ones running the collector service).

I've tried to create a datasource that's a simple runas where we can pass the user/passwd as a parameter, however, that isn't possible to run from the collector level (confirmed by LM staff in a case that I've raised).
Can this be implemented? This feature would be very important (since we monitor +100 clients).

  • (not to discount the feature request)

    Tried looking at using PowerShell script with New-PSDrive to temp map the UNC path with a different credentials? I generally would request the shares be modified to include the monitoring account rather then store user credentials in LM and dealing with these users changing their passwords.

  • 7 minutes ago, Mike Moniz said:

    (not to discount the feature request)

    Tried looking at using PowerShell script with New-PSDrive to temp map the UNC path with a different credentials? I generally would request the shares be modified to include the monitoring account rather then store user credentials in LM and dealing with these users changing their passwords.

    Thanks for the feedback @Mike Moniz

    Totally got your point & makes sense!

    The share modify is an option, however, we've some picky clients that would consider that a security concern since some shares contain very sensitive information to the company & our service accounts are available for multiple people within our organization.
    Store the user credentials in LM would be more secure (from a manage point of view) because only a small number of engineers have permission to access the features that could retrieve those stored credentials.

    I'll explore the 'New-PSDrive' thing & see if it's possible to do what we want (which is essentially what UNC Path already does but, with a different user). I didn't thought on that, thanks for the suggestion!

     

  • @Vitor Santos, @Mike Moniz, thanks for the discussion. I did some digging in JIRA, as this has come up before. I think I found a DataSource that solves this, it just never found its way into core. I'll get this into a sprint for review so we can see about giving it a proper release. Code looks like this:

     

    def user = hostProps.get("win.user")
    def pass = hostProps.get("win.pass")
    
    def path = instanceProps.get("wildvalue")
    
    def command = "cmd /c dir ${path} /a | findstr \"File(s) Dir(s)\"";
    
    if(user && pass)
    {
    	command = "cmd /c net use ${path} /user:${user} ${pass} & dir ${path} /a | findstr \"File(s) Dir(s)\"";
    }
    
    def stdout = (command.tokenize()).execute().text;
    def result = stdout.readLines();
    
    def fileInfo = result[-2];
    def dirInfo = result[-1];
    
    def tokens = fileInfo.split();
    
    println("Files=${tokens[0]}");
    println("UsedSpace=${tokens[2].replace(',','')}");
    
    tokens = dirInfo.split();
    
    println("Folders=${tokens[0]}");
    println("FreeSpace=${tokens[2].replace(',','')}");
    
    return 0;

     

  • 18 hours ago, Michael Rodrigues said:

    @Vitor Santos, @Mike Moniz, thanks for the discussion. I did some digging in JIRA, as this has come up before. I think I found a DataSource that solves this, it just never found its way into core. I'll get this into a sprint for review so we can see about giving it a proper release. Code looks like this:

     

    
    def user = hostProps.get("win.user")
    def pass = hostProps.get("win.pass")
    
    def path = instanceProps.get("wildvalue")
    
    def command = "cmd /c dir ${path} /a | findstr \"File(s) Dir(s)\"";
    
    if(user && pass)
    {
    	command = "cmd /c net use ${path} /user:${user} ${pass} & dir ${path} /a | findstr \"File(s) Dir(s)\"";
    }
    
    def stdout = (command.tokenize()).execute().text;
    def result = stdout.readLines();
    
    def fileInfo = result[-2];
    def dirInfo = result[-1];
    
    def tokens = fileInfo.split();
    
    println("Files=${tokens[0]}");
    println("UsedSpace=${tokens[2].replace(',','')}");
    
    tokens = dirInfo.split();
    
    println("Folders=${tokens[0]}");
    println("FreeSpace=${tokens[2].replace(',','')}");
    
    return 0;

     

    Hello @Michael Rodrigues, thanks for sharing this!
    If possible, please advise once that gets published.

    In the meanwhile I've used this code (tweaked it a little bit) & created a DataSource for what we want.
    Downside here is, from what I tested it only works if the LM collector service is running as user (not as local system) but, I guess this does the trick (since we force that service to run as an admin account).

    Thank you!