Files
claudetools/.claude/memory/reference_rmm_map_network_drive.md
Howard Enos 26f47fdd10 sync: auto-sync from HOWARD-HOME at 2026-07-02 09:08:36
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-07-02 09:08:36
2026-07-02 09:10:02 -07:00

2.1 KiB

name, description, metadata
name description metadata
reference_rmm_map_network_drive How to push a persistent mapped network drive to a machine via GuruRMM when net use fails with error 67 (double-hop)
type
reference

Pushing a persistent mapped drive to an endpoint via the GuruRMM agent (/rmm) fails when the target share is on a remote server:

  • Running net use in context: user_session impersonates the logged-on user, but that WTS-impersonated token has no network credential to make the second hop to the file server. Result: System error 67 (network name cannot be found) on net use and System error 1702 (binding handle is invalid) on net view — even with explicit /user:.. <pw>. This is the "SMB error 67 = RMM artifact" documented in wiki/clients/cascades-tucson.md (server + share are healthy; access works in a real interactive session).

Reliable workaround — plant the map so it mounts at the user's next real logon:

  1. cmdkey /add:<SERVER> /user:<DOMAIN\user> /pass:<pw> in user_session — this is a local write to the user's Credential Manager and DOES succeed.
  2. Write the persistent-map registry keys into the user's hive HKCU:\Network\<DriveLetter>: RemotePath (REG_SZ, \\SERVER\Share), UserName (REG_SZ, DOMAIN\user), ProviderName (Microsoft Windows Network), ProviderType (DWord 131072), ConnectionType (DWord 1), DeferFlags (DWord 4).
  3. At the user's next interactive logon / reboot, Windows reconnects the drive silently using the cmdkey credential. It will NOT appear in an already-open session — for immediate visibility, run net use <D>: "\\SERVER\Share" in the live interactive session (ScreenConnect), not through the RMM agent.

Non-domain-joined (workgroup) endpoints authenticate with DOMAIN\user + password saved via cmdkey — the domain account only needs to exist and be reachable, the client PC does not need to be joined.

PowerShell-in-RMM gotcha hit while doing this: a double-quoted string ending in a backslash ("W:\", "W:\\") breaks the parser — use bare path tokens (Test-Path W:\) or single quotes. See feedback_windows_quote_stripping.