Mapping a Drive Across Domains


I have a few computers that need access a network location across domains. The best solution I came up with is mapping a drive.  Maybe you have a better idea.

The computers in question will be using the login username of "Student" on the MTSD domain.  Those computers need to access the VILLAB domain with the username lets say 10.  (The username 10 is not in the MTSD domain as a user.)

If I map a drive as a different user, it works but when the computer is restarted the user is prompted for the password each time.  

Is there a way to avoid typing in a password or is there a better solution to this problem?

P.S. The network admin does not want to add users from the VILLAB domain to the MTSD domain.

Who is Participating?
luv2smileConnect With a Mentor Commented:
If you create a trust between the domains then users between the two domains could authenticate in the other domain. You can set either a one way or two way trust......a one way trust would be only one way....users from domain A could authenticate in domain B,, but not vice versa (depending on the direction of the trust).

With a properly setup trust, the users wouldn't have to enter their password and the admin from the other domain wouldn't have to actually add users into their domain.  
rshooper76Connect With a Mentor Commented:
Yuo can create a trust between the 2 domains, however the user will need to hav an account on both domains.  Without a trust, or even an account on the other domain I don't think you can avoid having to enter the username and password each time you try to map a drive.  
"however the user will need to hav an account on both domains"

This is not correct. This is the whole point of a you don't have to have accounts on both domains to authenticate.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

kain21Connect With a Mentor Commented:
you could use a login script to map the drives each time a user logs on to their computer... here's a simple vbscript that would accomplish the task...

Dim objNetwork
Dim DriveLetter, RemotePath, Username, Password
Set objNetwork = CreateObject("WScript.Network")

DriveLetter = "L:"
RemotePath = "\\computername\share"
Username = "domainname\student"
Password = "password"

objNetwork.MapNetworkDrive DriveLetter, RemotePath, False, Username, Password

simply cut and paste the code above into a file named something.vbs... ofcourse change the driveletter, remotepath, username, and password variables to match your needed values... you can then use group policy to assign this script as a login script... this would map the drive each time on login with the specified credentials rather than the default logged on users credentials... prior to assigning the script make sure you delete the existing mapped drive from the users profile to prevent a resource conflict...

pcavenueConnect With a Mentor Commented:
I would forget the vbs script and just use a batch file

login.bat containing close to the same.

net use l: \\servername\sharename /user:domainname\username password /persistent:no /y

Of course storing a password in plain text is very unsecure and would create much more of a security risk in my opinion than in implementing a trust between the domains. Just my opinion.....
I would agree with the one way trust being more secure if it were reversed... from the question it sounds like the VILLAB domain is concerned with users from the MTSD domain gaining access to his resources other than the share... this could happen if a one-way trust was to allow the VILLAB domain to trust the MTSD domain...
this would allow users of the MTSD domain to authenticate in the VILLAB domain and possibly gain access to resources...

However, if the situation were reversed and the share was located on the MTSD domain he could create a one-way trust to allow the MTSD domain to trust the VILLAB domain... he could then grant access to the share to users in the VILLAB domain and MTSD domain and the VILLAB network admin could rest assured that no users in the MTSD domain could access resources on the VILLAB domain with their MTSD credentials.... this would be the most secure method... in regards to resources on the VILLAB domain...

the way suggested through the scripts above would store the password in plain text but the VILLAB domain admin would be able to lock the account down so they would only be able to access the share and no other resources...
I thought with a domain trust you needed an account on both domain, that with the trust if the account on domain A was also on domain B then you did not need to authenticate.  If you don't mind can you clarify this for me luv2smile.  If I was wrong here I appoligize.
WallsyConnect With a Mentor Commented:
Also, if you don't want to automate this with a batch file or vbscript (for one or two users):

When you create the drive mapping, check the "Reconnect at logon" box and then click on the "different user name" text to access the "Connect As..." window. Type the VILLAB\10 user name in but leave the password box blank.

When you click the "Finish" button back in the "Map Network Drive" window, you will be prompted for the password, and you will also have a "Save Password" check box available. This will stop future password prompts as long as the password isn't changed.

We use this as we have a centralised logon script that won't let us create drive mappings with different credentials.



when you create a trust between domains.... the trusting domain will allow users from the trusted domain to authenticate using their credentials (username/password)... no duplicate accounts are needed... they would simply login to the trusting domain resources with the trusted domain credentials... i.e. username: MTSD\student or

Kain21 provided a good explanation. For domain has a trust with another domain. My users can connect to resources in the other domain without being prompted for a password and these users have no accounts on the other domain. This is why we have a there isn't a need for 2 redudant user names and passwords
jdolan2587Author Commented:
Thanks for all of your comments.

I am trying with the easiest first(for me at least)  

I tried your solution and the mapping works but I didn't see the checkbox for "Save Password"   Is this a function of Windows XP?  It sounds great but I can't find the elusive checkbox.  Running Win 2000.

jdolan2587Author Commented:
Thanks for all of your input.  It appears I might have to wait a little because our servers are being upgraded.  I will share the points accordingly.

Thanks again
Hi jdolan2587,

Thanks for the points! I'm not sure about Windows 2000 - I'm on a pure XP site - but I will investigate and if I find the answer I'll let you know!


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.