I need to map the shared drive of windows 2003 server from dos network boot diskette

Hi,

I installed W2003server. I have 2 laptops and I would like to create their disk images from time to time and save them on server big disks (just 0in case).

I created dos network boot disk, no problem message during boot up, DHCP address was obtained.

Then I wanted to logon, it asked me for name - I answered administrator, then password I entered correct administrator password from windows 2003 and OK, I was succesfully logon.

But when I entered command net view \\server - I received error that it is denied.

The same it was when I entered net use t: \\server\y (y is big server disk), it said that password is not correct to fulfil the command and asked for new password. So I repeated adminstrator's password of windows 2003 and received answer 5: Access is denied.

Could you plz help me what is wrong?

Best regards


Vladimir
vladobbAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WiiredCommented:
Did you set the drive "y" to be shared on the 2k3 server? You must share the drive and give everyone who will connect to it permissions to access the share.
0
scraig84Commented:
Try specifying the username and password in the net use command:

net use t: \\server\y password /USER:domain\user
0
vladobbAuthor Commented:
net use t: \\server\y password /USER:domain\user

this is not correct syntax

can anyone of you help that I use microsoft client basic redirector version 3.11, this is what I see when I type net ver


as for wiired question I shared drive Y as put all the rights to cro/administrator (cro is domain name)

V.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

scraig84Commented:
Have you tried doing

net use /?

to see what options are available to you?  Can you post them here?  I know what I typed will work from my pc, but it may be slightly different with that redirector.  

Otherwise - usually you would allow "Everyone" full rights at the share level and then have specific rights at the folder level.  For the purposes of getting a drive mapped, I would think you may want to try this approach.
0
WiiredCommented:
net use \\server\y password /USER:cro\administrator is the correct syntax

I have just tried to duplicate your problem, but mine worked just fine...The only difference was that I used "Bart's Network boot disk" found at http://www.nu2.nu/bootdisk/network/

0
scraig84Commented:
>>net use \\server\y password /USER:cro\administrator is the correct syntax

That's exactly the syntax I said...
0
WiiredCommented:
-Comment from vladobb
-Date: 10/22/2003 01:19PM PDT  Author Comment  

-net use t: \\server\y password /USER:domain\user

-this is not correct syntax  

I was just aggreeing with you scraig84  :-)
0
scraig84Commented:
Well, when you put it that way...

:)
0
qwaleteeCommented:
Vague recollection... isn't there a limit on user name length in the LANMAN stacks?  Try creating a user name with 8 chars that has admin rights, double-check that you can connect using a standard Win32 client to that resource using those credentials, then retry from DOS
0
qwaleteeCommented:
Oh, and don't bother with domain\user... try just /USER:user
0
bkoehler-mprCommented:
Universal (works in all versions I've used)
net use \\servername\sharename

Modern syntax (doesn't work with older MS redirectors)
net use \\servername\sharename /user:domain\user password

I think the redirector that ships with NT4 didn't allow the /user switch.  Just use the full redirector when logging on and you can circumvent this issue.

In my experience LANMAN has the same issues as NetBIOS with special characters, anything over 14 characters, and things that start with a number.
0
John Gates, CISSPSecurity ProfessionalCommented:
Make sure that the W2K3 server had netBIOS over tcp/ip enabled on it's network connection.
net connection > properties> tcp/ip> advanced> wins tab

D
0
vladobbAuthor Commented:
Hi all,

I tried to use your suggestions but was not succesful. I created Bart¨s network boot floppy, everything goes well but I am not able to use the drive.

Generally it asks me about 2 passwords.

First password is user password and second password is password for domain. I do not know what is the difference?

I use administrator name and password so I should be able to map server's drives.

But when I try to do

net use x: \\server\x

the computer either say that password for x is incorrect and do not accept administrator's password

or second variant which also happened to me is that the command is executed succesfully but then I try to see mapped drive it says

Drive has no label
Error 5: Access is denied

It is really crazy, I would like to save the ghost image on server but I do not know how.

Plz help
0
John Gates, CISSPSecurity ProfessionalCommented:
If you are using Norton/Symantec Ghost there is a boot wizard that will guide you through creating a network boot floppy.  

D
0
bkoehler-mprCommented:
On the server:
Verify NetBIOS over TCP/IP is enabled.  Windows 2003 Server is the first server OS to have this disabled by default.

On the workstation:
Using Bart's disk enter Administrator as your username, your domain password, and your domain when prompted.  By entering the domain name you are prompted a second time for the domain administrator password.

Once at a command prompt type the following:

C:\>net use x: \\servername\sharename

This will pass the username and password of the administrator account we used earlier to logon to the domain.
0
Info TechIT DepartmentCommented:
Which version of ghost are you using?  
0
DavidCulbertsonCommented:
Symantec Tech support says that you need to create an "MS DOS" boot diskette, not a "PC-DOS" diskette.  This is not as easy as it sounds.  You need support files from Windows for Workgroups!  I'm still lookig for those files.
0
GreenclockCommented:
Disable digitally sign communications - found in

Start > 
         Admin tools > 
                    Local Security policy > 
                                         Security Settings > 
                                                   Local Policies > 
                                                             Security Options
       
Make the following change  "Microsoft network server:Digitally sign communications (always)" to "Disabled" This should fix the problem.  Got this from another forum, so cant really take the credit.  

If you are in a domain or on a domain controller the policy location is different.  Check the Domain Policy, Domain controller policy and also any GPO's that are enforced by active directory.

Let us know how you get on.  

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmcgrewCommented:
As it is a DC you will need to adjust the GPO on the domain controller.

The following GPO's must be disabled.

Microsoft network server:Digitally sign communications (always)

and

Domain member:  Digitally sign communications (always)
0
driesmansCommented:
Hi all,

I just had the same problem, using Bart's Network Boot disk and Ghost for cloning the disks.

Changed Three parameters on the 2003 ADS server and login works perfect:

This is what i changed:

-> My Network Places, Properties
-> Right click on LAN Connection, choose Properties
-> Choose Internet Protocal (TCP/IP), click on Properties button
-> Click Advanced
-> choose tab WINS
-> At the bottom NetBIOS setting, select  option “Enable netbios over TCP/IP”
-> click OK, OK, Close
-> Restart the server

-Start, Programs, Administrative tools, Domain Controller security policy

-> Choose Security Settings, Local Policies, Security Options
-> Doubleclick on  Policy “Microsoft network server: Digitally sign communications (always)
-> Set this Disabled and click Apply
-> Doubleclick Policy “Microsoft network client: Digitally sign communications (always)
-> Set this Disabled and click Apply

Wait for 5 to 10 minutes so thats the local GPO is activated and try it, it works...

Johan
0
GreenclockCommented:
Disable digitally sign communications & Lan Manger Hash
Start > 
         Admin tools > 
                    Domain Controller Security policy > 
                                         Security Settings > 
                                                   Local Policies > 
                                                             Security Options
       
Make the following changes:--
       "Microsoft network server:Digitally sign communications (always)" to "Disabled"
       "Microsoft network Client:Digitally sign communications (always)" to "Disabled"
       "Network security:Do not store Lan Manager Hash value on next password change" to "Disabled2
       "Network security:Lan Manager Authentication Level" to "Send Lm & NTLM - use NTLMv2 session ......"

Important: You need to Change the password of the account you are using to connect via the Boot Disk
=======

This should fix the problem.  

good luck!!  
0
Hypo11Commented:
Just wanted to confirm that Johan's procedure worked perfectly for me.  I didn't have to change the Lan Manager Hash or authentication level as suggested in Greenclock's post.  The simpler the better I always say.

Oh, and here's a good tip to add since there is no "local security policy" in Server 2003 Admin Tools anymore (at least there wasn't for me).  In my experience, the Domain Controller Security Policy did NOT have the offending security policies set.  It was just in the LOCAL security policy for that particular Server 2003 DC.  Use the following to access the local security policy in Server 2003 instead:

-Open an mmc (mmc in run box)
-Add the "Group Policy Object Editor" snapin, and leave it set to open the Local Computer Policy.
-Click OK to get back to the main mmc window and you'll see the local policy...
-Expand "Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options" to find the security settings that Johan discusses.

Hope that helps!

--
Hypo11

0
cbp25Commented:

HI All ! ..
The not logged in / Not been verified By a server
PROBLEM .... on 2003 server.
using a net use boot disk or a disk createt in Norton Ghost ent 7.5.


the comment:
Comment from Greenclock
Date: 03/07/2004 01:17PM PST

I WORKS !!!!

I did this:

1. “Enable netbios over TCP/IP”

2. Admin tools > 
 Domain Controller Security policy > 
 Security Settings > 
 Local Policies > 
 Security Options
       
Make the following changes:--
       "Microsoft network server:Digitally sign communications (always)" to "Disabled"
       "Microsoft network Client:Digitally sign communications (always)" to "Disabled"
       "Network security:Do not store Lan Manager Hash value on next password change" to "Disabled2
       "Network security:Lan Manager Authentication Level" to "Send Lm & NTLM - use NTLMv2 session ......"

Important: You need to Change the password of the account you are using to connect via the Boot Disk


THX a lot to Greenclock....

Ciao
Carsten
0
waltermisCommented:
Just ran into this one....a month after we upgraded to Server 2003.

Thanks alot fellas!
0
TeamPyroCommented:
I also want to commend Johan. His proceedures worked great!!!!

Here they are again for everyone:

My Network Places, Properties
-> Right click on LAN Connection, choose Properties
-> Choose Internet Protocal (TCP/IP), click on Properties button
-> Click Advanced
-> choose tab WINS
-> At the bottom NetBIOS setting, select  option “Enable netbios over TCP/IP”
-> click OK, OK, Close
-> Restart the server

-Start, Programs, Administrative tools, Domain Controller security policy

-> Choose Security Settings, Local Policies, Security Options
-> Doubleclick on  Policy “Microsoft network server: Digitally sign communications (always)
-> Set this Disabled and click Apply
-> Doubleclick Policy “Microsoft network client: Digitally sign communications (always)
-> Set this Disabled and click Apply

Wait for 5 to 10 minutes so thats the local GPO is activated and try it, it works...



Thanks!!!!
0
ejmeadoCommented:
In addition to Johans solution.  when we changed password of the account accessing the server from the boot disk - we were getting access denied errors.  The problem was caused by a security setting on the local machine policy - Network Secuity, Do not store LAN manager hash value on next password change.  We had it enabled - you need to have it disabled to use a network boot disk.

Tks

Ed
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.