login problem to a persistent connection to a mapped drive

G

Guest

We have several Windows XP workstations in a workgroup configuration. They
have a persistent connection to a mapped drive on a domain-member server.
The users are trying to log in to a local account on that server.



Because the workstation password is different than the mapped-drive
password, that local account keeps getting locked out and the users have to
wait 30 minutes, after which time they can access it with no problem.
Barring that they can log in if we unlock the account. What we suspect is
happening is the Windows is attempting to connect to the drive with the local
account used to log onto the XP workstation and retrying a few times after
the password fails.



The following errors appear in the event log.



Event Type: Failure Audit

Event Source: Security

Event Category: Account Logon

Event ID: 681

Date: 4/22/2005

Time: 11:43:55 AM

User: NT AUTHORITY\SYSTEM

Computer: SERVER01

Description:

The logon to account: lsmith

by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

from workstation: WRK01

failed. The error code was: 3221225578

------------------------------------------------

Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 529

Date: 4/22/2005

Time: 11:43:55 AM

User: NT AUTHORITY\SYSTEM

Computer: SERVER01

Description:

Logon Failure:

Reason: Unknown user name or bad password

User Name: lsmith

Domain: WRK01

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: NTLM

Workstation Name: WRK01



We know the best solution would be to make them all members of a domain and
use domain accounts. Suffice it to say that is not an option. Increasing
the number of failed attempts before the account locks is also not an option.



What we think would be a good workaround is to find a registry fix that
would limit the number of login retries to 1, so the user would get prompted
with a password rather than the system retrying multiple times and locking
the account. Does anyone know how to do this?



Any other ideas would also be appreciated.



Thanks Dan
 
J

James Fabulous

Dan,

Have you considered using the "Map network drive" feature and specifying
a different username and password - Although this is something I'm currently
experiencing some odd behavior with (reconnection issues) the behavior
should work to solve your issues. Another solution is to use a local
loginscript - a simple batch file in the startup folder of the local user
mapping the drive with domain credentials.

Syntax of: net use [drive letter]: \\[member-servername]\[sharename]
password /user:[domainname]\[domain-username] /persistent:YES

Word of warning here that the password is kept in plain text - <MS guilt
trip> C'mon folks how long has the 'net use' command been around and we
still have to worry about plain text passwords? </MS guilt trip> so it is
inherently insecure - however I've found a couple of neat VBS scripts that
can prompt for username and/ or password that you can simply embed in the
batch files - users enter the password once and the drives are mapped.
(Great for users offsite with expired passwords).

VBS - search for userin.vbs and passin.vbs

Hope this helps,
JF
 
G

Guest

Thanks Jim

We tried the different user name but it still locked the account.

Here was our simple fix: Map the drive, create a short cut of the mapped
drive to the desk top, then disconnect the mapped drive. Any subsequent
time that the user logs in all they need to do is click the short cut and
they get a login screen.

W did attempt the login script which worked fine. We preferred the Gui login
box to the script command prompt box that many of our staff would not be
familiar with.

Dan

James Fabulous said:
Dan,

Have you considered using the "Map network drive" feature and specifying
a different username and password - Although this is something I'm currently
experiencing some odd behavior with (reconnection issues) the behavior
should work to solve your issues. Another solution is to use a local
loginscript - a simple batch file in the startup folder of the local user
mapping the drive with domain credentials.

Syntax of: net use [drive letter]: \\[member-servername]\[sharename]
password /user:[domainname]\[domain-username] /persistent:YES

Word of warning here that the password is kept in plain text - <MS guilt
trip> C'mon folks how long has the 'net use' command been around and we
still have to worry about plain text passwords? </MS guilt trip> so it is
inherently insecure - however I've found a couple of neat VBS scripts that
can prompt for username and/ or password that you can simply embed in the
batch files - users enter the password once and the drives are mapped.
(Great for users offsite with expired passwords).

VBS - search for userin.vbs and passin.vbs

Hope this helps,
JF

Dan said:
We have several Windows XP workstations in a workgroup configuration. They
have a persistent connection to a mapped drive on a domain-member server.
The users are trying to log in to a local account on that server.



Because the workstation password is different than the mapped-drive
password, that local account keeps getting locked out and the users have to
wait 30 minutes, after which time they can access it with no problem.
Barring that they can log in if we unlock the account. What we suspect is
happening is the Windows is attempting to connect to the drive with the local
account used to log onto the XP workstation and retrying a few times after
the password fails.



The following errors appear in the event log.



Event Type: Failure Audit

Event Source: Security

Event Category: Account Logon

Event ID: 681

Date: 4/22/2005

Time: 11:43:55 AM

User: NT AUTHORITY\SYSTEM

Computer: SERVER01

Description:

The logon to account: lsmith

by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

from workstation: WRK01

failed. The error code was: 3221225578

------------------------------------------------

Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 529

Date: 4/22/2005

Time: 11:43:55 AM

User: NT AUTHORITY\SYSTEM

Computer: SERVER01

Description:

Logon Failure:

Reason: Unknown user name or bad password

User Name: lsmith

Domain: WRK01

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: NTLM

Workstation Name: WRK01



We know the best solution would be to make them all members of a domain and
use domain accounts. Suffice it to say that is not an option. Increasing
the number of failed attempts before the account locks is also not an option.



What we think would be a good workaround is to find a registry fix that
would limit the number of login retries to 1, so the user would get prompted
with a password rather than the system retrying multiple times and locking
the account. Does anyone know how to do this?



Any other ideas would also be appreciated.



Thanks Dan
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Failed Logon Events [Event ID 4625; Logon Type 8; Procss Name: w3wp; Process: Advapi] 1
Failure audit recurs for Vista system being merged to Win 2K domai 1
Persistent mapped drive causing lockouts 1
Event Viewer - Security - Reports "Failure Audit" 2
Mac OS X cannot connect to Win2003 SFM shares 2
Who's trying to logon? 3
User account locked out 1
advapi failed login locking account 1

Top