I've got one server in a DMZ which has limited access via SMB to another one in the internal network. A web server on that external machine needs access to a whole partition on that internal server.
I'm still using a quick and dirty solution. the web server still runs as a SYSTEM user. I managed to mount the share for that user.
The main problem: this setup is not reboot-safe. After a reboot the connection has to be re-established, because there's no way to save the credentials fot hat share.
P.s. the DMZ server is not in the windows domain
Best Answer
To clarify: the Web Server is a Windows machine in your DMZ, with IIS running under the SYSTEM account? Not ideal (as the SYSTEM account is not supposed to have access to network resources) but possibly doable, in a lab environment.
In any case, it sounds like you need to issue a
NET USEto the target server, under the context of the SYSTEM user.Scheduled Tasks can be run under the SYSTEM account.
Putting these together, how about creating a Scheduled Task with the following settings:
"%WINDIR%\system32\net.exe" USE \\TheSmbServer\TheNetworkShare /USER:TheDomain\TheUser Th3_P@55w0rdNT AUTHORITY\SYSTEM (use blank password -- Windows will manage)At system startupRun whether user is logged in or not;Run with highest privilegesThat should bind the necessary authentication credentials at (or close to) startup.
If it needs to be able to access all shares, try using
\\TheSmbServer\IPC$as the share.