Solved

W2k3 SBS R2 Map Drive authentication issues when using non domain member PC's.

Posted on 2007-04-05
13
488 Views
Last Modified: 2010-08-05
I'm new to this...so I hope that this makes sense.  

I have a small dentist office that's has deployed a w2k3 Small Business Server.  They brought with them from their old office a mishmash of operating systems that including a few Win2000 systems, an XP Home, and a bunch of XP Pro's.  

Here's my problem.  Their EMR system is very picky, and I've mapped network drives to Z: manually on each workstation to make it work.  Since it's such a mishmash, and they're not members of the domain...they're getting a ton of error messages every few hours or when the connection between the server and the client times out.  

The only way they can fix the problem is to open a share folder on the server, enter their credentials, then double click the map drive to re-populate the folder listing.  

Is there a way that I can keep them from having to do this process over and over again without adding every machine to the domain?  Since it's SBS there's a DC configured, however no PC's have been added to the domain due to the client's wishes of not paying for the extra CAL's associated.  

Any help would be great.  

Thanks!
0
Comment
Question by:cdharris2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18862598
SBS comes with 5 CALs so by your logic, at least 5 machines should be able to join the domain.  

Unfortunately, that's not how Microsoft licensing works - you need a CAL if the clients are going to access the server AT ALL - it doesn't matter if they are members of the domain or not.  So your making your life difficult AND violating licensing terms.
0
 
LVL 1

Author Comment

by:cdharris2005
ID: 18862605
Ugh, I figured someone was going to say that.  My only concern at the moment is that they're under a crunch for time to get this office open on Monday.  As a temporary solution does anyone have any ideas?  I can get more cals and add the machines to the domain next week sometime after hours.  

0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18862617
How many machines do you have?  As I said, you can add 5 right now.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 1

Author Comment

by:cdharris2005
ID: 18862624
I know it comes standard with 5 out of the box.  Client has a total of 11 PC's on the network.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18862638
So he needs to buy 10 more CALs (sold in 5 packs only).  

As for a connection timeout, I actually think you have another problem - I've not seen any kind of timeout on connections for file sharing. I've left things connected for WEEKS without problems.  What are your event log errors?
0
 
LVL 1

Author Comment

by:cdharris2005
ID: 18862658
Ironically, I have nothing out of the ordinary in the event logs.  It doesn't even mention any accesses by client PC's that aren't members of the domain.  

Gone ahead and added the 5 most critical machines to the domain,  just have to move over the local profile to it's respective domain user.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18862663
didn't you use the http://servername/connectcomputer/ wizard to join the computers to the domain?  that allows you to migrate the users profiles as well.
0
 
LVL 1

Expert Comment

by:Nishant_pritam
ID: 18863648
I have an ad hock solution for you, on your client machine delete existing mapping logoff and re-login, create a new network map and click on connect using different user name provide a domain user name which have permission on that share in the format of username@fullyQualifiedDomainName provide password and click on save password. Also check reconnect on logon. Now every time a user open that mapping it is open with domain cardinals.

Nishant kumar

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 18864810
Since you said one or some of the workstaitons are XP Home you can actually get them to authenticate on the domain even though they really need to be upgraded at some point.

To get this to work, you need to name the WORKGROUP of the XP Machine the Same as your domain's NETBIOS name (without the .local), then create a LOCAL user account for the user assigned to that machine which has the SAME NAME and SAME PASSWORD as their domain user account.  They will then log on to the workstation with these credentials... and those will in turn be passed through to the shared folder which will accept them.

But the Windows 2000 and XP Pro machines MUST be members of your domain if you want things to work properly.  If you only currently have the 5 Server CALs but need to get this going, that should be no problem at all either.  Just make sure that when you run the Add User Wizard you DO NOT also add computers within that wizard.  You should then run the Add Client Computers wizard separately.

When you join the workstaitons to the domain using the http://<servername>/connectcomputer wizard do NOT assign a user to the workstations.  Let the connectcomputer wizard finish out, and then log on with a domain administrator account and add the Domain User to the LOCAL Administrator's Group.  Log back on as that user and Outlook will configure automatically.

The reason to do these separately is because otherwise SBS will map the users to the computers and will immediately recognize that there are more than 5.  Keeping them separate during this process will give you enough time to get the proper CALs before SBS figures it out.

Jeff
TechSoEasy

0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18864868
> ... do NOT assign a user to the workstations.

But won't that make migrating the profiles far more difficult?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18865338
Yes, it will.. but the choice then has to be made whether to get things going with a limited amount of CALs.  Profiles can be migrated with the Files and Settings Transfer Wizard in XP.  For the Win2K machines... they'll have to be manually copied.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:cdharris2005
ID: 18868394
Everyone, thank you muchly for your help.  I followed leew's advice and just went ahead and purchased the CAL's.  I'll be adding them to the domain early next week.  

Hindsight is always 20/20 in this case as I went ahead and added the initial 5 workstations and immediately so a drastic increase of speed in regard to applications finding their appropriate network paths to the server.

This is a place I will definitely be calling upon again and again.  

Once again, thank you all for your help...it was muchly appreciated. =)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2011 File Replication Services Question 3 72
AD architecture diagram 5 82
SBS 2011 Server CPU Utilization 33 51
robocopy fails- error 53 - network path not found 5 88
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Resolve DNS query failed errors for Exchange
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question