Batch file to return UNC drive

I have a client environment where installation packages are installed from a server through a service account. Users have a drive mapped to their local distribution server. However, the service account doesn't map any drives. This improves portability amongst the servers, but can trip up packages (and packagers) that assume that the drive mapping is there.

Consequently, I wrote this little batch file that will determine where the package is running from and will return (in the variable _uncshare) the UNC path of the drive. This works whether the batch file is run from a mapped drive or a UNC path. If the batch file is running from a local drive, it just returns the drive letter.

set _drive=
set _uncshare=
set _drive=%~d0
if "%_drive%"=="\\" (
for /f "tokens=1,2 delims=\" %%a in ("%~dp0") do set _uncshare=\\%%a\%%b
) ELSE (
for /f "tokens=2,3" %%a in ('net use') do if /i "%%a"=="%_drive%" set _uncshare=%%b
)
:: Below handles case where we are not running off a mapped drive - 
:: just return drive
if NOT DEFINED _uncshare set _uncshare=%_drive%
echo %_uncshare%

How to obscure passwords in batch files

I came up with this one the other day for a client. Suppose you are creating a user account from a batch file, as follows:

  net user NewAdmin MyPassword /ADD

Now, of course, having such a line in a batch file is a Really Bad Idea^TM because you have the password in clear text. The client asked if there was a way that I could obscure the password. I told him that it wouldn't be really secure, and he replied that that was fine; he just wanted to "keep honest people honest."

So here, then is the KHPH method of obscuring passwords in batch files:

Tools needed: Microsoft Script Encoder.

1. Create a one line VBScript that echoes your password, like this:
   wscript.echo "MyPassword"
   Save it as “Pass.vbs”
2. Encode Pass.vbs using the Microsoft Script Encoder:
   screnc.exe Pass.vbs Pass.vbe
   
3. Open Pass.vbe in Notepad. Copy out the entire line. Here is what it looks like for the script I wrote above:
   #@~^GQAAAA==Akm.bwDR+1tK~JtXKlk/AGMNJVgkAAA==^#~@
   
4. Now, go through the string and find all the DOS reserved characters. According to this page, the DOS reserved characters are
   & | ( ) < > ^
   For each of these characters, you have to escape them out with a carat (^) symbol, like this:
   #@~^^GQAAAA==Akm.bwDR+1tK~JtXKlk/AGMNJVgkAAA==^^#~@
5. Now take this string, and add it to the echo command in this batch file fragment:
   

   set _data=%TEMP%\~dt%RANDOM%.vbe
   echo #@~^^GQAAAA==Akm.bwDR+1tK~JtXKlk/AGMNJVgkAAA==^^#~@>%_data%
   for /f %%a in ('cscript "%_data%" //NOLOGO') do set _t=%%a
   del %_data%
   net user NewAdmin %_t% /ADD
   set _t=

   
   

What this does is echo the encrypted VBScript to a file and run it, capturing the output to the variable “_t”. The //NOLOGO is important, so that you only get the output of the Wscript.echo command. Remember to set _t= at the end to clear the value.

Note: This isn’t real secure – all someone has to do is create and run the vbe file themselves to see what the password is. But it should keep out the non-technical curious.