windows xp security model in workgroup setting

[Steve Mekhi]

hi, i have a customer with which I am optimizing a workgroup network
environment.

after the user logs on, a script runs and maps drive letters to shares
on other computers. the account used to map the shares exists on both
hosts but *is not* the same account that the locally logged on user
uses. a vary basic net use command is used.

net use j: \\machine\share /user:username password

when i browse in windows explorer, i can see the mapped drives. but when
i click to access them, it prompts for a user name & password again.

is there a way to disable that? the drive has already been mapped
meaning the account has already been verified by the recieving host, right?

thanks,
steve

 

[Steven L Umbach]

You might want to check the security log via Event Viewer on the computer
with the share to see if any logon failure is recorded or not that may give
a clue what is going on. Otherwise it may make sense to simply add a user
account with same logon/password to the computer with the share that matches
what the user logs onto their computer with and then you don't need to
specify any credentials in the logon script. Make sure that the user has
necessary permissions to the share for both share and folder/NTFS
permissions. The user [or someone who logs on as the user] can also create a
mapped drive with persistent alternate credentials via Windows
xplorer. --- Steve

 

[Bruce Chambers]

hi, i have a customer with which I am optimizing a workgroup network
environment.

after the user logs on, a script runs and maps drive letters to shares
on other computers. the account used to map the shares exists on both
hosts but *is not* the same account that the locally logged on user
uses. a vary basic net use command is used.

net use j: \\machine\share /user:username password

when i browse in windows explorer, i can see the mapped drives. but when
i click to access them, it prompts for a user name & password again.

Because you're mapping the drive with one set of credentials, but the
user is trying to access the files with his credentials.

is there a way to disable that?

Yes, map the drive using the name and password of the user who's logged
in to the computer. (Of course, that account will also need to exist on
the host computer, with the necessary permissions to the appropriate
shares.)


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[Steve Mekhi]

Yes, map the drive using the name and password of the user who's
logged in to the computer. (Of course, that account will also need to
exist on the host computer, with the necessary permissions to the
appropriate shares.)

Thank you. I understand. I don't want to beat this dead horse. But
explain it to me like I am a two year old.

Lets say we have 2 accounts:
- user
- share

And lets make them both admins for simplicity's sake.

Both hosts have the "share" account with same password.

The OS boots and the user logs in with credentials for "user".
Upon login, the script maps drives with account "share".

I checked the for any script error codes, and the scripts run without error.

When you open up Windows Explorer, you can actually see the mapped drives.

So at this point, the logged on user is "user" and the mapped drives
were mapped with "share".

But, when the user actually clicks on the mapped drive, it will prompt
for a user name and password, the user has to manually enter the
credentials for account "share" and the share will only then work.

Why, when the drive was already successfully mapped with account "share"
earlier on? Whats the difference between using "net use..." and actually
clicking on a share? It shouldn't have to ask for manual enter of
credentials a second time.

I am not too crazy on duping accounts on all machines. Mainly for
security. It's too easy to grab a copy of John and extract the
credentials and passwords.

SM