Permanently Mounting an Azure File Share in a Windows VM

Microsoft Azure has a file share service called, Azure Files. The Azure Files service allows you to create file shares that live in Azure but are accessible to servers/computers in Azure or connected to the Internet (provided port 445 is accessible). A challenge I recently wanted to overcome was how to access an Azure File share on a server and have that file share persist after a reboot and be accessible to all users such that it didn’t require a user to log in and reconnect it each time.¬† I’m providing a list of references below that go into greater detail on this matter but this post should help streamline it.

You’ll need the following information:

  1. Your Azure storage account and files share pre-created. The path to your Azure Storage Account ( ACCOUNTNAME.files.core.windows.net) and the name of your shared folder: SHAREDFOLDER
  2. Your access key, found by clicking on the storage account and then on ‘access keys’, let’s call it MYKEY==
  3. psexec from the SysInternals Suite found here (https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite)

Here’s the commands you need to run:

      1. Open a dos window as administrator and execute the following:
        1. psexec -i -s cmd.exe
      2. Within that window execute the following to ensure it reports back you’re the system user
        1. whoami
      3. Now execute the following
        1. cmdkey /add:ACCOUNTNAME.file.core.windows.net /user:ACCOUNTNAME /pass:MYKEY==
      4. Next let’s create the file share
        1. net use M: \\ACCOUNTNAME.file.core.windows.net\SHAREDFOLDER /u:ACCOUNTNAME MYKEY== /persistent:yes
      5. Assuming we entered all of the above correctly, we’ll have a new mapped drive mounted on the server lettered M. It will show up as disconnected but it works. (remember this is a hack and not supported by Microsoft. Buyer beware)
      6. Next we need to make sure this folder is mounted each time the server is rebooted we’ll do that by opening the local group policy editor and under scripts -> startup scripts call a batch file that only has the command from step #4 in it. Save the setting and reboot
      7. Upon reboot the drive should show up mounted as drive M: and should be accessible by all users, services, etc.

Now if you made it this far, you need to know, this IS A HACK. It’s not supported by Microsoft and not something you’d want to run your business on. But it works!¬† Last thing to note, if you want to remove this file mount, you have to do it via PSEXEC.

Here’s a few resources for you that provide more in-depth¬†information:

  • https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
  • https://www.lifewire.com/net-use-command-2618096
  • https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
  • https://serverfault.com/questions/426288/permanently-mount-network-share-without-the-need-for-log-on-windows
  • https://www.ntweekly.com/2015/09/30/step-by-step-how-to-map-azure-file-storage-drive-to-windows-10/

 

Leave a Reply