How to allow specific group of users to access Storage Account Containers (Files) as mapped network drive with Windows / Azure AD credentials?

EnterpriseArchitect 4,741 Reputation points
2021-07-01T08:06:18.303+00:00

Hi All,

I need to find an alternative way to allow multiple / groups or users to open the Azure Files Storage that is mapped as a network drive in the computer & server.

Because the below script was provided by Azure, but it is not secure as the password is hardcoded in the script like below: 

$connectTestResult = Test-NetConnection -ComputerName securerepository.file.core.windows.net -Port 445  
if ($connectTestResult.TcpTestSucceeded)  
{  
    # Save the password so the drive will persist on reboot  
    cmd.exe /C "cmdkey /add:`"securerepository.file.core.windows.net`" /user:`"Azure\securerepository`" /pass:`"xasdihbSADhbdfswher24389uvsn=--()*8&#^8^*&T*&^%@$`""  
    # Mount the drive  
    New-PSDrive -Name S -PSProvider FileSystem -Root "\\securerepository.file.core.windows.net\cards" -Persist -Scope Global  
}  
else  
{  
    Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port."  
}

and using Group Policy Preference is not working due to: https://support.microsoft.com/en-us/topic/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevation-of-privilege-may-13-2014-60734e15-af79-26ca-ea53-8cd617073c30
110857-image.png

Thank you in advance.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,163 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,687 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,427 questions
Microsoft Entra
Accepted answer
  1. Sumarigo-MSFT 43,641 Reputation points Microsoft Employee
    2021-07-06T04:02:24.65+00:00

    @EnterpriseArchitect The script above I assumes you are using the storage account key instead of AD credentials. For users using AD they don’t need to save the password, it will connect on login automatically.

    Full instructions and a video here: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    --------------------------------------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest