AppProfileSafe - Support Portal

Working with UNC Paths

AppProfileSafe supports UNC paths (e.g. \\server\share\folder\Manifest.xml) as the manifest file location for both exports and imports. When the manifest path is a UNC path, the application connects to the network share before the operation and disconnects afterward. Three credential methods are available.


How UNC Paths Are Detected

Any manifest file path starting with \\ is treated as a UNC path. The share root is extracted automatically — for example, \\server\share\projects\Manifest.xml yields the share root \\server\share. The share root is used for connection, disconnection, and credential lookup.


Credential Sources

Method How it works Best for
Current Windows session No credentials specified — the current user's session token is used. If the share is already accessible (e.g. via mapped drive or domain trust), no explicit authentication is needed. Domain-joined machines where the logged-in user has share access
Inline credentials (CLI) --unc-user "DOMAIN\admin" --unc-password "secret". Credentials are passed on the command line and used for this session only. One-off scripts or testing. Avoid in production due to password visibility in process lists.
Credential Manager (CLI) --unc-credential-store. Reads credentials from Windows Credential Manager using the share root as the target name. Scheduled tasks and automation. Store credentials once with cmdkey, then reuse without exposing passwords.
GUI dialog The GUI prompts for credentials when a UNC path is not accessible with the current session. Credentials are used for the current session only and optionally saved to Credential Manager. Interactive use


Setting Up Credential Manager for Scheduled Tasks

For automated scenarios, store credentials once under the account that will run the scheduled task:

:: Store credentials (run as the service account)
cmdkey /add:\\server\share /user:DOMAIN\svc_appprofile /pass:YourPassword

:: Verify
cmdkey /list:\\server\share

Then use the credentials in the CLI command:

AppProfileSafe.CLI.exe --export --manifestFile "\\server\share\Manifest.xml" --apps "Firefox" --unc-credential-store --silentMode

The CLI auto-derives the Credential Manager target from the manifest path's share root. Internally, AppProfileSafe also stores credentials with the prefix AppProfileSafe:UNC: followed by the share root.


Connection Lifecycle

When credentials are provided, the following sequence occurs:

  1. The share root is extracted from the manifest path.
  2. A connection is established using the Win32 WNetAddConnection2 API with a CONNECT_TEMPORARY flag.
  3. If a session credential conflict exists (a different user is already connected to the same share), the existing connection is disconnected and the new one is retried.
  4. The export or import operation runs.
  5. The connection is disconnected using WNetCancelConnection2 with force.

If reconnection is needed (e.g. after a transient network failure), the service retries up to 3 times with a 2-second delay between attempts.