- DarkLight
- PDF
When drive mapping in Kiosk Mode has been configured, users that are members of the role added to the ExactAccess Drive Mapping application will have their configured drives mapped when they log into XA, and the drives will be unmapped when they log off of XA.
Valid shares for mapping to a drive
- Type the following into an explorer window address bar and hit Enter:
- \server
- You should see a list of shares on the machine named “server”.
- Select the file share you would like to map, any name that appears here that is a FILE share may be used (the above command may also show shared printers, and scheduled tasks).
- Only File shares are supported with the xanetuse command.
- If the name does not appear in this list, it cannot be used as a root share name, and is not supported.
- example: if "share" does not exist on "server" then \server\share is not a valid share name and a drive will not be mapped.
- sub-folders of a share may be used for a mapped drive - if a folder named mydrive is under the share folder on the server as in "\server\share\mydrive" then it can be mapped to a local drive letter
- If a drive that is mapped is already in use by the local system (example: C:\ drive, or any drive that has already been mapped by the generic user), the share will not be mapped.
Requirements for Drive Mapping Support in Kiosk Mode:
Each Kiosk Mode client must have the registry value isXADriveMappingEnabled set to 0. This disables the drive mapping provided by the login dialog, as it has been replaced by a drive mapping notification plug-in xadrivemapping.exe
This value can be found in the following registry key: HKLM\Software\HealthCast\ExactAccess
The following key must be set to use the scriptpath drive mapping parameters and environment variable expansion capabilities provided by the plug-in.
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\notification
xadrivemapping.clsXALoginNotification: reg_sz = "ExactAccess Kiosk Mode Drive Mapping"
- The file xadrivemapping_server.xml must be registered with the XA server.
- This will register a new application named “ExactAccess Drive Mapping”. This is accomplished in the same manner as registering a Library connector, and must be done with the indicated XML file.
The file provided with Client version 4.11 (or higher) must be registered even if you were using a previous version of drive mapping. This will add the additional scriptpath parameter that was not present in previous versions.
For instructions on registering new applications, refer to the Registering an Application instructions in the Administrator Tool Guide
Note: the XADriveMapping_server.xml file is found in
C:\Program Files (x86)\HealthCast\ExactAccess
The ExactAccess Drive Mapping application and the Generic folder child item must be placed on the organization map.
Roles must be assigned to the new application.
Each user in the role must have their drive mapping set individually if the scriptpath option is NOT used. The paths must be specified as \server\share for each drive letter to be mapped
When using the scriptpath option, set the control item scriptpath to point to a script file that handles both login and logoff for all users. If a scriptpath is set, it overrides all other drive map settings.
- an example script is included with the install here:
- C:\Program Files (x86)\HealthCast\ExactAccess\examples\login.bat
- The example script maps drive L to a share that is based on the logged in user name by using the xanetuse.exe command installed with the ExactAccess client. The example demonstrates the available environment variables and command line parameters that will be passed to the script when it is executed.
- an example script is included with the install here:
This script will need to be modified before it can be deployed, as the generic \servers\users%XAUserName% is used for demonstration purposes only.
If the login script is deployed to a server share example: \mydc\netlogon then the generic kiosk mode Windows user must have read/execute permissions to this folder in order to run the batch file across the network.
@Echo Off
cls
rem -the command processor receives the MAPDRIVES or UNMAPDRIVES command as the first parameter
rem -the command processor receives the XA Username and Domain as parameters
rem -the command environment ALSO contains the XAUsername XAUserDomain environment variables
rem -these can be BLANK if no previous user was logged in (at log-in, XA performs an UNMAP with no user)
set XA_UserName=%2
set XA_UserDomain=%3
echo XA_Username is %XA_UserName%
echo XA_UserDomain is %XA_UserDomain%
echo XAUserName is %XAUserName%
echo XAUserDomain is %XAUserDomain%
echo XAINSTPATH is %XAINSTPATH%
echo.
if %1==MAPDRIVES goto MAP
if %1==UNMAPDRIVES goto UNMAP
echo -invalid parameters-
goto done
:UNMAP
echo Performing %1
"%XAINSTPATH%xanetuse" l: /d
echo Unmap complete
goto done
:MAP
echo Performing %1
rem use variables to choose a drive in the script
rem provide a valid share path in the line below
"%XAINSTPATH%xanetuse" l: "\\server\users\%XAUserName%"
echo.
set el=%el%
if "%el%" EQU "1219" (
echo ERROR SESSION CREDENTIAL CONFLICT
) else (
if "%el%" EQU "1202" (
echo ERROR DEVICE ALREADY REMEMBERED
) else (
if "%el%" EQU "85" (
echo ERROR ALREADY ASSIGNED
) else (
if "%el%" NEQ "0" (
echo failed to map drive - error %el%
)
)
)
)
:done
echo mapping complete
Direct Drive Parameters
If you are not using the scriptpath entry to specify a script, you can assign drive paths directly to the drive letter parameters. You can specify drive paths using command line variables ( %XAUSERNAME% %XAUSERDOMAIN% and %XAINSTPATH% ) which will be expanded when the drive is mapped for the user.
Unsupported Functionality
- Mapping to existing drive paths (C:\program files) is not supported.
- Mapping drives for RunAs (user in a different security contexts) is not supported. (RunAs functionality is intended to be used for non-sso enabled applications that use the Windows user as the application user)
Windows requires that drives be mapped for EACH security contexts. This can be seen by running a command prompt as a different user, mapping a drive, then trying to access that drive from a command prompt of a third user - you will receive an error "The system cannot find the drive specified" This is expected and standard Windows behavior.
Example:
From a command prompt for the current Windows user:
net use x: \server\share
Run a new command prompt as User2
attempt to access the x drive
Windows returns the indicated error - User2 doesn't have a drive mapped, so the following command will work in this context
net use x: \differentserver\share2
Notice that there are 2 different shares mapped to drive x – starting a third command prompt as User3 results in the same error when attempting to access drive x, and would require mapping the drive in this security context for the third time - possibly to a completely different server and share.
- Drives mapped from a RunAs will not display in Explorer of the generic Windows user (as indicated above, each context has its own set of drive mappings that cannot be seen from any other user context)
If you are using RunAs functionality, and need access to mapped drives, the drive must be mapped as part of running the application as the new user. This cannot be handled by ExactAccess, as the new security context does not have access to the currently logged in XA user information (again, prevented by Windows session security)