(imported topic written by boostaz191)
substrings after “=” of (selects (“ProviderName from Win32_LogicalDisk where ProviderName =’\ServerName\Sharename’”)of WMI as string)
PS. this is for an analysis
(imported comment written by boostaz191)
Ok here is a problem:
Statement:
exists (substrings after “=” of (selects “ProviderName from WIN32_LogicalDisk” of WMI as string as lowercase)) whose( it contains ("\server\share" as lowercase))
In QNA this works fine in my analysis it does not
QNA Results:
Q: exists (substrings after “=” of (selects “ProviderName from WIN32_LogicalDisk” of WMI as string as lowercase)) whose( it contains ("\Server\Share" as lowercase))
A: True
Analysis Results:
System Name
HQZ0RC1 False
(imported comment written by jessewk)
probably a user context issue. Most likely that share doesn’t exist in the SYSTEM context. Just a guess though.
(imported comment written by boostaz191)
Ok? I unfortunately dont know the difference? can you elaborate…
(imported comment written by jessewk)
The relevance debugger will be running in your user context. The client runs in the SYSTEM context.
Your user has a share \server\share
The SYSTEM user does not have a share \server\share
I’m don’t know if you can get WMI to evaluate using a different context.
(imported comment written by boostaz191)
so could i use the run as current user option?
(imported comment written by BenKus)
Hey boostaz1,
I suppose you could make a Fixlet that ran an action like:
waithidden runascurrentuser.exe cmd.exe /C net share >> C:\sharelist.txt
And then write relevance to parse the file…
Ben