Logon / Startup Script Scan Setup Azure Environments
The following describes how to create a network share in Azure storage to be able to deploy AIT to perform a network inventory scan via logon script when you have an Azure AD environment. This method is meant to replace the initial steps of storage creation for Logon/Startup script processes when endpoints are not reachable through the corporate network. It covers basic setup for the creation of the storage solution and making it reachable by all end clients that have internet access, further planning may be required depending on different components in your environment if needed.
To use an Azure file share with Windows, you must either mount it, which means assigning it mount point path to access it via its UNC path.
On a Azure storage account, create a share called ADSK to hold 2 folders 1 called ait and a folder to hold the collected data, called data, here is an of the share and the 2 folders created inside:
The Azure portal provides you with a script that you can use to mount your file share directly to a host. We recommend using this provided script.
To get this script:
- Sign in to the Azure portal.
- Navigate to the storage account that contains the file share you'd like to mount.
- Select File shares.
- Select the file share you'd like to mount.
- Select Connect.
- Select any drive letter to mount the share to, as we will not use it for the final setup.
- Copy the provided script.
- Autogenerated will look like this:
9. Please add the following lines to the Powershell script before saving
- Comment "#" the line highlighted below to avoid mapping the drive letter as it is not need
- Add "net use * \\myexampleaccount.file.core.windows.net\adsk" by copying the values in between the quotes in the New-PSDrive command from your storage account generated PS1, and pasting it after the net use * command as shown below
NOTE: Mapping the share directly without using a mapped drive letter. Some applications may not reconnect to the drive letter properly, so using the full UNC path may be more reliable
It should be something like this:
10. Save it to a file named ait.ps1 and add it to the logon/startup group policy created for scanning, as this will map the UNC path and credentials to each user that logs on or starts up their machine.
The File share should be reachable for all clients that have run the Powershell.