• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 15404
  • Last Modified:

I need to map the shared drive of windows 2003 server from dos network boot diskette

Hi,

I installed W2003server. I have 2 laptops and I would like to create their disk images from time to time and save them on server big disks (just 0in case).

I created dos network boot disk, no problem message during boot up, DHCP address was obtained.

Then I wanted to logon, it asked me for name - I answered administrator, then password I entered correct administrator password from windows 2003 and OK, I was succesfully logon.

But when I entered command net view \\server - I received error that it is denied.

The same it was when I entered net use t: \\server\y (y is big server disk), it said that password is not correct to fulfil the command and asked for new password. So I repeated adminstrator's password of windows 2003 and received answer 5: Access is denied.

Could you plz help me what is wrong?

Best regards


Vladimir
0
vladobb
Asked:
vladobb
1 Solution
 
WiiredCommented:
Did you set the drive "y" to be shared on the 2k3 server? You must share the drive and give everyone who will connect to it permissions to access the share.
0
 
scraig84Commented:
Try specifying the username and password in the net use command:

net use t: \\server\y password /USER:domain\user
0
 
vladobbAuthor Commented:
net use t: \\server\y password /USER:domain\user

this is not correct syntax

can anyone of you help that I use microsoft client basic redirector version 3.11, this is what I see when I type net ver


as for wiired question I shared drive Y as put all the rights to cro/administrator (cro is domain name)

V.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
scraig84Commented:
Have you tried doing

net use /?

to see what options are available to you?  Can you post them here?  I know what I typed will work from my pc, but it may be slightly different with that redirector.  

Otherwise - usually you would allow "Everyone" full rights at the share level and then have specific rights at the folder level.  For the purposes of getting a drive mapped, I would think you may want to try this approach.
0
 
WiiredCommented:
net use \\server\y password /USER:cro\administrator is the correct syntax

I have just tried to duplicate your problem, but mine worked just fine...The only difference was that I used "Bart's Network boot disk" found at http://www.nu2.nu/bootdisk/network/

0
 
scraig84Commented:
>>net use \\server\y password /USER:cro\administrator is the correct syntax

That's exactly the syntax I said...
0
 
WiiredCommented:
-Comment from vladobb
-Date: 10/22/2003 01:19PM PDT  Author Comment  

-net use t: \\server\y password /USER:domain\user

-this is not correct syntax  

I was just aggreeing with you scraig84  :-)
0
 
scraig84Commented:
Well, when you put it that way...

:)
0
 
qwaleteeCommented:
Vague recollection... isn't there a limit on user name length in the LANMAN stacks?  Try creating a user name with 8 chars that has admin rights, double-check that you can connect using a standard Win32 client to that resource using those credentials, then retry from DOS
0
 
qwaleteeCommented:
Oh, and don't bother with domain\user... try just /USER:user
0
 
bkoehler-mprCommented:
Universal (works in all versions I've used)
net use \\servername\sharename

Modern syntax (doesn't work with older MS redirectors)
net use \\servername\sharename /user:domain\user password

I think the redirector that ships with NT4 didn't allow the /user switch.  Just use the full redirector when logging on and you can circumvent this issue.

In my experience LANMAN has the same issues as NetBIOS with special characters, anything over 14 characters, and things that start with a number.
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Make sure that the W2K3 server had netBIOS over tcp/ip enabled on it's network connection.
net connection > properties> tcp/ip> advanced> wins tab

D
0
 
vladobbAuthor Commented:
Hi all,

I tried to use your suggestions but was not succesful. I created Bart¨s network boot floppy, everything goes well but I am not able to use the drive.

Generally it asks me about 2 passwords.

First password is user password and second password is password for domain. I do not know what is the difference?

I use administrator name and password so I should be able to map server's drives.

But when I try to do

net use x: \\server\x

the computer either say that password for x is incorrect and do not accept administrator's password

or second variant which also happened to me is that the command is executed succesfully but then I try to see mapped drive it says

Drive has no label
Error 5: Access is denied

It is really crazy, I would like to save the ghost image on server but I do not know how.

Plz help
0
 
John Gates, CISSPSecurity ProfessionalCommented:
If you are using Norton/Symantec Ghost there is a boot wizard that will guide you through creating a network boot floppy.  

D
0
 
bkoehler-mprCommented:
On the server:
Verify NetBIOS over TCP/IP is enabled.  Windows 2003 Server is the first server OS to have this disabled by default.

On the workstation:
Using Bart's disk enter Administrator as your username, your domain password, and your domain when prompted.  By entering the domain name you are prompted a second time for the domain administrator password.

Once at a command prompt type the following:

C:\>net use x: \\servername\sharename

This will pass the username and password of the administrator account we used earlier to logon to the domain.
0
 
mfehrmannCommented:
Which version of ghost are you using?  
0
 
DavidCulbertsonCommented:
Symantec Tech support says that you need to create an "MS DOS" boot diskette, not a "PC-DOS" diskette.  This is not as easy as it sounds.  You need support files from Windows for Workgroups!  I'm still lookig for those files.
0
 
GreenclockCommented:
Disable digitally sign communications - found in

Start > 
         Admin tools > 
                    Local Security policy > 
                                         Security Settings > 
                                                   Local Policies > 
                                                             Security Options
       
Make the following change  "Microsoft network server:Digitally sign communications (always)" to "Disabled" This should fix the problem.  Got this from another forum, so cant really take the credit.  

If you are in a domain or on a domain controller the policy location is different.  Check the Domain Policy, Domain controller policy and also any GPO's that are enforced by active directory.

Let us know how you get on.  

0
 
jmcgrewCommented:
As it is a DC you will need to adjust the GPO on the domain controller.

The following GPO's must be disabled.

Microsoft network server:Digitally sign communications (always)

and

Domain member:  Digitally sign communications (always)
0
 
driesmansCommented:
Hi all,

I just had the same problem, using Bart's Network Boot disk and Ghost for cloning the disks.

Changed Three parameters on the 2003 ADS server and login works perfect:

This is what i changed:

-> My Network Places, Properties
-> Right click on LAN Connection, choose Properties
-> Choose Internet Protocal (TCP/IP), click on Properties button
-> Click Advanced
-> choose tab WINS
-> At the bottom NetBIOS setting, select  option “Enable netbios over TCP/IP”
-> click OK, OK, Close
-> Restart the server

-Start, Programs, Administrative tools, Domain Controller security policy

-> Choose Security Settings, Local Policies, Security Options
-> Doubleclick on  Policy “Microsoft network server: Digitally sign communications (always)
-> Set this Disabled and click Apply
-> Doubleclick Policy “Microsoft network client: Digitally sign communications (always)
-> Set this Disabled and click Apply

Wait for 5 to 10 minutes so thats the local GPO is activated and try it, it works...

Johan
0
 
GreenclockCommented:
Disable digitally sign communications & Lan Manger Hash
Start > 
         Admin tools > 
                    Domain Controller Security policy > 
                                         Security Settings > 
                                                   Local Policies > 
                                                             Security Options
       
Make the following changes:--
       "Microsoft network server:Digitally sign communications (always)" to "Disabled"
       "Microsoft network Client:Digitally sign communications (always)" to "Disabled"
       "Network security:Do not store Lan Manager Hash value on next password change" to "Disabled2
       "Network security:Lan Manager Authentication Level" to "Send Lm & NTLM - use NTLMv2 session ......"

Important: You need to Change the password of the account you are using to connect via the Boot Disk
=======

This should fix the problem.  

good luck!!  
0
 
Hypo11Commented:
Just wanted to confirm that Johan's procedure worked perfectly for me.  I didn't have to change the Lan Manager Hash or authentication level as suggested in Greenclock's post.  The simpler the better I always say.

Oh, and here's a good tip to add since there is no "local security policy" in Server 2003 Admin Tools anymore (at least there wasn't for me).  In my experience, the Domain Controller Security Policy did NOT have the offending security policies set.  It was just in the LOCAL security policy for that particular Server 2003 DC.  Use the following to access the local security policy in Server 2003 instead:

-Open an mmc (mmc in run box)
-Add the "Group Policy Object Editor" snapin, and leave it set to open the Local Computer Policy.
-Click OK to get back to the main mmc window and you'll see the local policy...
-Expand "Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options" to find the security settings that Johan discusses.

Hope that helps!

--
Hypo11

0
 
cbp25Commented:

HI All ! ..
The not logged in / Not been verified By a server
PROBLEM .... on 2003 server.
using a net use boot disk or a disk createt in Norton Ghost ent 7.5.


the comment:
Comment from Greenclock
Date: 03/07/2004 01:17PM PST

I WORKS !!!!

I did this:

1. “Enable netbios over TCP/IP”

2. Admin tools > 
 Domain Controller Security policy > 
 Security Settings > 
 Local Policies > 
 Security Options
       
Make the following changes:--
       "Microsoft network server:Digitally sign communications (always)" to "Disabled"
       "Microsoft network Client:Digitally sign communications (always)" to "Disabled"
       "Network security:Do not store Lan Manager Hash value on next password change" to "Disabled2
       "Network security:Lan Manager Authentication Level" to "Send Lm & NTLM - use NTLMv2 session ......"

Important: You need to Change the password of the account you are using to connect via the Boot Disk


THX a lot to Greenclock....

Ciao
Carsten
0
 
waltermisCommented:
Just ran into this one....a month after we upgraded to Server 2003.

Thanks alot fellas!
0
 
TeamPyroCommented:
I also want to commend Johan. His proceedures worked great!!!!

Here they are again for everyone:

My Network Places, Properties
-> Right click on LAN Connection, choose Properties
-> Choose Internet Protocal (TCP/IP), click on Properties button
-> Click Advanced
-> choose tab WINS
-> At the bottom NetBIOS setting, select  option “Enable netbios over TCP/IP”
-> click OK, OK, Close
-> Restart the server

-Start, Programs, Administrative tools, Domain Controller security policy

-> Choose Security Settings, Local Policies, Security Options
-> Doubleclick on  Policy “Microsoft network server: Digitally sign communications (always)
-> Set this Disabled and click Apply
-> Doubleclick Policy “Microsoft network client: Digitally sign communications (always)
-> Set this Disabled and click Apply

Wait for 5 to 10 minutes so thats the local GPO is activated and try it, it works...



Thanks!!!!
0
 
ejmeadoCommented:
In addition to Johans solution.  when we changed password of the account accessing the server from the boot disk - we were getting access denied errors.  The problem was caused by a security setting on the local machine policy - Network Secuity, Do not store LAN manager hash value on next password change.  We had it enabled - you need to have it disabled to use a network boot disk.

Tks

Ed
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now