User Drive Mapping
Note
When drive mapping in Kiosk Mode has been configured, users that are members of the role added to the ExactAccess Drive Mapping application will have their configured drives mapped when they log into XA, and the drives will be unmapped when they log off of XA.
Requirements for Drive Mapping Support in Kiosk Mode:
Warning
Each Kiosk Mode client must have the registry value isXADriveMappingEnabled set to 0. This disables the drive mapping provided by the login dialog, as it has been replaced by a drive mapping notification plug-in xadrivemapping.exe
This value can be found in the following registry key: HKLM\Software\HealthCast\ExactAccess
The following key must be set to use the _scriptpath_ drive mapping parameters and environment variable expansion capabilities provided by the plug-in.
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\notification
xadrivemapping.clsXALoginNotification: reg_sz = "ExactAccess Kiosk Mode Drive Mapping"
The file xadrivemapping_server.xml must be registered with the XA server.
This will register a new application named “ExactAccess Drive Mapping”. This is accomplished in the same manner as registering a Library connector, and must be done with the indicated XML file.
Tip
The file provided with Client version 4.11 (or higher) must be registered even if you were using a previous version of drive mapping. This will add the additional _scriptpath_ parameter that was not present in previous versions.
Tip
For instructions on registering new applications, refer to the Registering an Application instructions in the Administrator Tool Guide
Note: the XADriveMapping_server.xml file is found in
C:\Program Files (x86)\HealthCast\ExactAccess
The ExactAccess Drive Mapping application and the Generic folder child item must be placed on the organization map.
Roles must be assigned to the new application.
Each user in the role must have their drive mapping set individually if the _scriptpath_ option is NOT used. The paths must be specified as \\server\share for each drive letter to be mapped
When using the _scriptpath_ option, set the control item default parameters to point to a script file that handles both login and logoff for all users. If a _scriptpath_ is set, it overrides all other drive map settings.
an example script is included with the install here:
C:\Program Files (x86)\HealthCast\ExactAccess\examples\login.bat
The example script maps drive L to a share that is based on the logged in user name by using the xanetuse.exe command installed with the ExactAccess client. The example demonstrates the available environment variables and command line parameters that will be passed to the script when it is executed.
Note
This script will need to be modified before it can be deployed, as the generic \\servers\users\%XAUserName% is used for demonstration purposes only.
If the login script is deployed to a server share example: \\mydc\netlogon then the generic kiosk mode Windows user must have read/execute permissions to this folder in order to run the batch file across the network.
Login.bat
@Echo Off cls rem -the command processor receives the MAPDRIVES or UNMAPDRIVES command as the first parameter rem -the command processor receives the XA Username and Domain as parameters rem -the command environment ALSO contains the XAUsername XAUserDomain environment variables rem -these can be BLANK if no previous user was logged in (at log-in, XA performs an UNMAP with no user) set XA_UserName=%2 set XA_UserDomain=%3 echo XA_Username is %XA_UserName% echo XA_UserDomain is %XA_UserDomain% echo XAUserName is %XAUserName% echo XAUserDomain is %XAUserDomain% echo XAINSTPATH is %XAINSTPATH% echo. if %1==MAPDRIVES goto MAP if %1==UNMAPDRIVES goto UNMAP echo -invalid parameters- goto done :UNMAP echo Performing %1 "%XAINSTPATH%xanetuse" l: /d echo Unmap complete goto done :MAP echo Performing %1 rem use variables to choose a drive in the script rem provide a valid share path in the line below "%XAINSTPATH%xanetuse" l: "\\server\users\%XAUserName%" echo. set el=%el% if "%el%" EQU "1219" ( echo ERROR SESSION CREDENTIAL CONFLICT ) else ( if "%el%" EQU "1202" ( echo ERROR DEVICE ALREADY REMEMBERED ) else ( if "%el%" EQU "85" ( echo ERROR ALREADY ASSIGNED ) else ( if "%el%" NEQ "0" ( echo failed to map drive - error %el% ) ) ) ) :done echo mapping complete
Direct Drive Parameters
If you are not using the _scriptpath_ entry to specify a script, you can assign drive paths directly to the drive letter parameters. You can specify drive paths using command line variables ( %XAUSERNAME% %XAUSERDOMAIN% and %XAINSTPATH% ) which will be expanded when the drive is mapped for the user.
Unsupported Functionality
Mapping to existing drive paths (C:\program files) is not supported.
Mapping drives for RunAs (user in a different security contexts) is not supported. (RunAs functionality is intended to be used for non-sso enabled applications that use the Windows user as the application user)
Warning
Windows requires that drives be mapped for EACH security contexts. This can be seen by running a command prompt as a different user, mapping a drive, then trying to access that drive from a command prompt of a third user - you will receive an error "The system cannot find the drive specified" This is expected and standard Windows behavior.
Example:
From a command prompt for the current Windows user:
net use x: \\server\share
Run a new command prompt as User2
attempt to access the x drive
Windows returns the indicated error - User2 doesn't have a drive mapped, so the following command will work in this context
net use x: \\differentserver\share2
Notice that there are 2 different shares mapped to drive x – starting a third command prompt as User3 results in the same error when attempting to access drive x, and would require mapping the drive in this security context for the third time - possibly to a completely different server and share.
Drives mapped from a RunAs will not display in Explorer of the generic Windows user (as indicated above, each context has its own set of drive mappings that cannot be seen from any other user context)
Tip
If you are using RunAs functionality, and need access to mapped drives, the drive must be mapped as part of running the application as the new user. This cannot be handled by ExactAccess, as the new security context does not have access to the currently logged in XA user information (again, prevented by Windows session security)