Determine Domain and username used to map a network drive
-
03-12-2019 - |
Question
Using Windows 7 Enterprise with SP1, but I'm hoping to get a generic answer that would apply to Windows XP/2003/2008/Vista/7.
From a command prompt, I execute a net use
command to map the Z: drive to a share on another computer, but I don't use my current credentials, I specify a different domain and user to map the drive.
net use z: \\rd-pc2037\C_DRIVE password /user:rd-pc2037\Administrator
The command completes successfully. Now that the drive is mapped, how can I find what Domain and Username I used to successfully map the drive? I can't seem to find what I want with the net use
command.
C:\Users\rdomarat>net use New connections will not be remembered. Status Local Remote Network ---------------------------------------------------------------------------- OK Z: \\rd-pc2037\C_DRIVE Microsoft Windows Network The command completed successfully. C:\Users\rdomarat>net use Z: Local name Z: Remote name \\rd-pc2037\C_DRIVE Resource type Disk Status OK # Opens 0 # Connections 1 The command completed successfully.
Checking the properties of the share in Windows Explorer and looking at the security tab showed me what permissions different people would have, but I didn't see how which DOMAIN\User
I had used. I searched through the registry with limited success as well.
Any thought?
Solution
WMI is your friend:
> wmic netuse where LocalName="Z:" get UserName /value
UserName=rd-pc2037\Administrator
OTHER TIPS
None of these answers help when using alternate credentials. They only show the current, local user. That doesn't help.
To view all stored credentials, use...
rundll32.exe keymgr.dll, KRShowKeyMgr
According to http://technet.microsoft.com/en-us/library/cc957215.aspx the information you want is in the registry.
I have tried the wmic-command but it showed me the locally logged in user and not the "used DOMAIN\login"
The critical info from the link above:
Registry entry HKCU\Network\{Drive letter}\UserName
is a REG_SZ that specifies the username (including domain name) whose credentials were used when the network drive was mapped.