Drive mappings when connecting through a VPN client

  • Thread starter Frustrated Network Admin
  • Start date
F

Frustrated Network Admin

Hi,
Does anyone have ideas how to solve this issue I am
having..?

We have a Windows 2000 AD domain structure. We also have
a Cisco VPN solution for remote access. Many of our users
have laptops that use the Cisco VPN client to connect back
to the office. On the client you can configure a program
(batch file in this case) to be executed after connecting
to the network. Currently we are using a simple batch file
similar to the following:

net use x: \\server\share /USER:mydomain\user1 password

The problem with this is that the user's password is part
of the script and can be seen by anyone who can see the
script. Not to mention if the user's domain password get's
changed it must also get changed on this batch file. We
tried not including a password in the batch and let it
prompt the user for thier password, however some of our
users feel this is too complicated and only want to enter
thier password once (when authenticating with the VPN
client). In the office this is obviously not a problem
since the user logs on directly to the domain from the
start. Remote users first log on locally and then use the
VPN client to connect to the network.

Any ideas..?

Thanks in advance....
 
D

David Wang [Msft]

I presume that these laptops are also joined to the W2K AD, in which case
after you VPN, you should just do:
NET USE X: \\server\share

to automatically using the current logged in credentials via NTLM.

It's when you do a local login and then VPN that you have this problem, so
don't allow it. If you must use a local login and then VPN, then you must
accept having to login again -- because there is no trust between the local
login and the domain in question.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
message Hi,
Does anyone have ideas how to solve this issue I am
having..?

We have a Windows 2000 AD domain structure. We also have
a Cisco VPN solution for remote access. Many of our users
have laptops that use the Cisco VPN client to connect back
to the office. On the client you can configure a program
(batch file in this case) to be executed after connecting
to the network. Currently we are using a simple batch file
similar to the following:

net use x: \\server\share /USER:mydomain\user1 password

The problem with this is that the user's password is part
of the script and can be seen by anyone who can see the
script. Not to mention if the user's domain password get's
changed it must also get changed on this batch file. We
tried not including a password in the batch and let it
prompt the user for thier password, however some of our
users feel this is too complicated and only want to enter
thier password once (when authenticating with the VPN
client). In the office this is obviously not a problem
since the user logs on directly to the domain from the
start. Remote users first log on locally and then use the
VPN client to connect to the network.

Any ideas..?

Thanks in advance....
 
E

Ed Siff

Two possible solutions:

1. Restrict access to the script.

2. Leave the password out of the script and educate your users about security
issues.

Ed
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN server without domain controller 0
VPN Authenticates, but not Outlook 3
VPN Connection 1
CISCO VPN Client Not Connecting 12
Remote Desktop over VPN 2
Unable to connect- XP VPN Client 1
Cisco VPN Client 5.0 2
Outlook 2003 prompts for logon credentials when connected over aCisco VPN 10

Top