Attempting to perform the InitializeDefaultDrives operation on the ‘FileSystem’ provider failed.

Published by Schakko on

Yesterday, one of our check_mk monitoring scripts based upon PowerShell failed, because the error Attempting to perform the InitializeDefaultDrives operation on the ‘FileSystem’ provider failed. showed up. The initial reason for this is unknown to me but it has to do with the New-PSDrive and Remove-PSDrive PowerShell commands we were using inside the check_mk scripts.

Symptoms for the problem are:

  • The network drive is shown as disconnected in the Windows Explorer but you can still open the network drive
  • The network drive can not be disconnected as you receive the error Drive is not connected or Access Denied
  • Get-PSDrive returns the network share
  • net use does not return the network share
  • The network drive can’t be removed with net use $YOUR_DRIVE /delete /y
  • The network drive can’t be removed with Remove-PSDrive
  • Restarting the Windows Explorer still shows the drive

To remove the network drive I tried to remove all registry keys which belonged to it, killing the check_mk agent, restarting the virtual machine and so on. In the end I fixed it by disabling the check_mk agent, restarting the VM and re-enabling the check_mk agent.

Update 2017-06-14: The error occurs because the check_mk agent runs under the Local System account. As a normal user or administrator you have no permission to remove the drive. A good indicator for this is the existence of the mapped network drive in the registry key HKEY_USERS\S-1-5-18\Network\$YOUR_DRIVE (S-1-5-18 is the Well Known SID for Local System account). You can delete the registry key but the drive still exists until you reboot the Windows instance. In some circumstances even then the drive still shows up.

Microsoft suggests to set the registry key HKLM\System\CurrentControlSet\Control\SessionManager\ProtectionMode from 1 to 0. This values allows an administrator to access system resources. Just don’t do it for the sake of security.

Luckily for us we can use Mark Russinovich’s psexec tool to gain Local System permissions. With this we can safely remove the drive without a reboot.

psexec64 -i -s powershell.exe 
# gain Local System permissions 
Remove-PSDrive -Name $YOUR_DRIVE 
# drive automatically disappears from Explorer and a Get-PSDrive execution as non-Local System
Categories: Windows

Related Posts

Task Scheduler overview
Windows

How to add a cron job or scheduled task on Windows

On Microsoft Windows’, cron jobs are known as Scheduled Tasks. They can be added through the Windows Task Scheduler user interface, by using PowerShell or with help of schtasks.exe. Running a task at specific time Read more…

Security policy settings
Microsoft

“The user has not been granted the requested logon type at this computer.” when accessing Windows 10 network resources

A few years ago, I stumbled upon the same issue with Windows 7 and already blogged about it. But the error “The user has not been granted the requested logon type at this computer.” can Read more…

vpn
Netzwerk

Windows 10 LT2P/IPSec VPN connection fails silently

A few months ago I had a strange behaviour: Sometimes the L2TP/IPSec connection between my workstation at home and our company VPN silently failed. After clicking on the VPN connection icon in the tasktray it Read more…