使用此信息的风险自负。(我已经在XP和Server 2008 x64 R2上进行了测试)

对于这个hack，你将需要SysinternalsSuite由Mark Russinovich:

第一步: 打开提升的cmd.exe提示符(以管理员身份运行)

第二步: 使用PSExec.exe再次提升到根目录: 导航到包含SysinternalsSuite的文件夹并执行以下命令 Psexec -i -s cmd.exe 您现在处于nt authority\系统的提示符中，您可以通过键入whoami来证明这一点。需要使用-i是因为驱动器映射需要与用户交互

第三步: 使用以下命令将持久映射驱动器创建为SYSTEM帐户 Net使用z: \\servername\sharedfolder /persistent:yes

就是这么简单!

警告:您只能从SYSTEM帐户中删除与创建映射相同的映射。如果您需要删除它，请按照步骤1和步骤2执行，但将步骤3中的命令更改为net use z: /delete。

注意:新创建的映射驱动器现在会出现在这个系统的所有用户面前，但他们会看到它显示为“断开连接的网络驱动器(Z:)”。别被名字骗了。它可能声称是断开连接的，但它对每个人都适用。这就是为什么你可以告诉这个黑客是不支持的M$。

而不是依赖于一个持久驱动器，你可以设置脚本映射/取消映射驱动器每次你使用它:

net use Q: \\share.domain.com\share 
forfiles /p Q:\myfolder /s /m *.txt /d -0 /c "cmd /c del @path"
net use Q: /delete

这对我很有用。

The reason why you are able to access the drive in when you normally run the executable from command prompt is that when u are executing it as normal exe you are running that application in the User account from which you have logged on . And that user has the privileges to access the network. But , when you install the executable as a service , by default if you see in the task manage it runs under 'SYSTEM' account . And you might be knowing that the 'SYSTEM' doesn't have rights to access network resources.

这个问题有两种解决方案。

To map the drive as persistent as already pointed above. There is one more approach that can be followed. If you open the service manager by typing in the 'services.msc'you can go to your service and in the properties of your service there is a logOn tab where you can specify the account as any other account than 'System' you can either start service from your own logged on user account or through 'Network Service'. When you do this .. the service can access any network component and drive even if they are not persistent also. To achieve this programmatically you can look into 'CreateService' function at http://msdn.microsoft.com/en-us/library/ms682450(v=vs.85).aspx and can set the parameter 'lpServiceStartName ' to 'NT AUTHORITY\NetworkService'. This will start your service under 'Network Service' account and then you are done. You can also try by making the service as interactive by specifying SERVICE_INTERACTIVE_PROCESS in the servicetype parameter flag of your CreateService() function but this will be limited only till XP as Vista and 7 donot support this feature.

希望这些解决方案对你有帮助。如果这对你有用，请告诉我。

ForcePush,

注意:新创建的映射驱动器现在会出现在这个系统的所有用户面前，但他们会看到它显示为“断开连接的网络驱动器(Z:)”。别被名字骗了。它可能声称是断开连接的，但它对每个人都适用。这就是为什么你可以告诉这个黑客是不支持M$…

It all depends on the share permissions. If you have Everyone in the share permissions, this mapped drive will be accessible by other users. But if you have only some particular user whose credentials you used in your batch script and this batch script was added to the Startup scripts, only System account will have access to that share not even Administrator. So if you use, for example, a scheduled ntbackuo job, System account must be used in 'Run as'. If your service's 'Log on as: Local System account' it should work.

What I did, I didn't map any drive letter in my startup script, just used net use \\\server\share ... and used UNC path in my scheduled jobs. Added a logon script (or just add a batch file to the startup folder) with the mapping to the same share with some drive letter: net use Z: \\\... with the same credentials. Now the logged user can see and access that mapped drive. There are 2 connections to the same share. In this case the user doesn't see that annoying "Disconnected network drive ...". But if you really need access to that share by the drive letter not just UNC, map that share with the different drive letters, e.g. Y for System and Z for users.

您既不想从“System”更改服务运行的用户，也不想找到一种狡猾的方式将映射运行为System。

有趣的是，这可以通过使用“at”命令，简单地将您的驱动器映射安排到未来一分钟，它将在系统帐户下运行，使驱动器对您的服务可见。

我发现了一个解决方案，它与使用psexec的解决方案类似，但不需要额外的工具就可以工作，并且可以在重新启动后继续工作。

只需添加一个计划任务，在“作为运行”字段中插入“system”，并使用简单的命令将任务指向一个批处理文件

net use z: \servername\sharedfolder /persistent:yes

然后选择“在系统启动时运行”(或类似的，我没有英文版本)，你就完成了。