subject: connecting to 98 shares with 2K/XP posted: Sat, 10 Jul 2004 23:08:59 +0100
Ever since my customers started buying machines with 2K and XP on
them, I have been trying to figure out how to get the 2K and XP
clients to connect to resources shared on Windows 98-based machines
without asking for a password every reboot. Sure they can connect
using Map Network Drive... but no matter whether "Reconnect at
Logon" is checked or not, they will not remember the password
associated with the connection.
I have not been able to find a good explanation for this - searching
on stuff like "98 2k mapped drive password" yields many unrelated
hits. I have concluded that M$ don't want me to map drives to 98
servers, because of course 98 has no limits on users. If I can map
25 XP machines to a single 98 server, I can skip paying a 25-user
license for XP server.
..So, I played around with it. I tried the following command:
net use h: \\server\share password /persistent:yes
and although it completed successfully, when I next rebooted it
prompted for a password! Persistent does not store the password,
only the mapping! Leaving persistent off means the connection itself
is not restored next reboot.
I have thus concluded the easy way around this problem is to make a
login script with the password in it (as above). Sure, this means
the password is lying around on the system, but 2K can XP can stop a
user from looking at it by setting the permissions to simply
'execute' ... right?? (unix can do this). Put the script on an NTFS
volume and it has that level of security as well.
So, the fix to the problem, which is that on reboot, 2K/XP machines
always forget the password to 98-based shares, at least for now, is
as follows:
1. if it does not exist, create the login script directory on the
2K/XP box: %systemroot%\system32\repl\import\scripts
2. create the login script containing the NET USE command:
net use h: \\server\share password
3. save the login script as MAP.BAT (or whatever) in the login script
directory created in step 1.
4. associate the login script with the user. This causes it to
execute each time the user logs in:
4.1. right-click My Computer
4.2. click Manage
4.3. expand 'Local users and groups'
4.4. click users
4.5. right-click the user needing the login script
4.6. click the Profile tab
4.7. in the logon script field, type the name of the script chosen in
step 3, eg. MAP.BAT
4.8. click OK
5. skip paying license for XP server
Note: the location of the login script is relative to the default
script directory, which is defined in step 1. Simply entering
MAP.BAT into the logon script field will cause 2K/XP to look for
%systemroot%\system32\repl\import\scripts\MAP.BAT
Note: don't put /persistent into the login script. This will just
confuse things! (Right?)
Note: drive H: has been used as an example. Substitute as
appropriate.
Note: %systemroot% is a variable. Consult your 2K/XP documentation
for more information. :)
Note: No, storing data used by 25 machines on a 98 box might not be
the securest solution on the planet. But at least it can't get
Blasted! In fact it can be locked down very tightly indeed (with the
use of an IDS and a firewall). In the right environment, a discreet
little 98 box can hit the spot.
If there's a better way to do this, I'd love to hear it!
Stu
---
* Origin: [adminz] tech, security, support (192.168.0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:12
search: