Attempting to perform the InitializeDefaultDrives operation on the ‘FileSystem’ provider failed.

Published by Schakko on

Yesterday, one of our check_mk monitoring scripts based upon PowerShell failed, because the error Attempting to perform the InitializeDefaultDrives operation on the ‘FileSystem’ provider failed. showed up. The initial reason for this is unknown to me but it has to do with the New-PSDrive and Remove-PSDrive PowerShell commands we were using inside the check_mk scripts.

Symptoms for the problem are:

  • The network drive is shown as disconnected in the Windows Explorer but you can still open the network drive
  • The network drive can not be disconnected as you receive the error Drive is not connected or Access Denied
  • Get-PSDrive returns the network share
  • net use does not return the network share
  • The network drive can’t be removed with net use $YOUR_DRIVE /delete /y
  • The network drive can’t be removed with Remove-PSDrive
  • Restarting the Windows Explorer still shows the drive

To remove the network drive I tried to remove all registry keys which belonged to it, killing the check_mk agent, restarting the virtual machine and so on. In the end I fixed it by disabling the check_mk agent, restarting the VM and re-enabling the check_mk agent.

Update 2017-06-14: The error occurs because the check_mk agent runs under the Local System account. As a normal user or administrator you have no permission to remove the drive. A good indicator for this is the existence of the mapped network drive in the registry key HKEY_USERS\S-1-5-18\Network\$YOUR_DRIVE (S-1-5-18 is the Well Known SID for Local System account). You can delete the registry key but the drive still exists until you reboot the Windows instance. In some circumstances even then the drive still shows up.

Microsoft suggests to set the registry key HKLM\System\CurrentControlSet\Control\SessionManager\ProtectionMode from 1 to 0. This values allows an administrator to access system resources. Just don’t do it for the sake of security.

Luckily for us we can use Mark Russinovich’s psexec tool to gain Local System permissions. With this we can safely remove the drive without a reboot.

psexec64 -i -s powershell.exe 
# gain Local System permissions 
Remove-PSDrive -Name $YOUR_DRIVE 
# drive automatically disappears from Explorer and a Get-PSDrive execution as non-Local System
Categories: Windows

Related Posts

vpn
Netzwerk

Windows 10 LT2P/IPSec VPN connection fails silently

A few months ago I had a strange behaviour: Sometimes the L2TP/IPSec connection between my workstation at home and our company VPN silently failed. After clicking on the VPN connection icon in the tasktray it Read more…

Windows

Cross-domain migration from Windows Server 2008 R2 to Windows Server 2012 R2

In the first weeks of our company I made the mistake to set up the Active Directory domain with a .local suffix which caused a lot of problems with Windows and Linux-based clients in the longer run. Read more…

Windows

Unattended installation of Windows Server 2012 R2 in VirtualBox and getting an 0x80042565 error

Today I struggled with a working configuration for an autounattend.xml for 9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_DE-DE-IR3_SSS_X64FREE_DE-DE_DV9.ISO (Windows Server 2012 R2, Standard, Standard Core, Datacenter and Datacenter Core). The unattended installation inside VirtualBox always failed with an error 0x80042565 or did not Read more…