?
Solved

Login script error

Posted on 2007-10-09
19
Medium Priority
?
388 Views
Last Modified: 2010-04-16
I have a 2003 Server with AD and a few login scripts.
Some uses map a drive to another server (across the country) that is not in the same domain but connected through a hardware VPN connection.
I created a user on the foreign server with full access to a network share so in my login script, I enter the following.
NET USE L: /DELETE
net use L: \\foreignserver\\common password /user:domain\username
The L drive shows up but when a user clicks on the drive, they are prompted with a username and password box to login. If they use the exact credentials passed along in script, it maps the drive and works.
Secondly, If I open a DOS prompt and type in the commands verbatim from the script, it also works so I know the syntax in the script is correct but just can't figure out why it won't automatically just map the drive without user intervention.
Thanks,

Jim


0
Comment
Question by:jciancia
  • 7
  • 6
  • 3
  • +3
19 Comments
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20043067
How did you deploy the logon script ... through Group Policy?  If so, where did you link the policy?
0
 

Author Comment

by:jciancia
ID: 20043090
I didn't use Group Policy. I just entered logon script batch filename in users AD profile.
It maps all other network shares fine. Just the ones outside the domain don't work.
0
 
LVL 4

Expert Comment

by:jordibartrina
ID: 20043097
Hello,

It's a problem of syncronization. If you wait until L: is disconnected and then continues with net use L: \\server\shared ....
it will work.
For solve this you can do:
wait some seconds in a loop and test connection, when dropped, continue. for example

:up
if not exist \\server\shared\test.txt goto ok
wait 3 (you can use any little sleep program)
goto up
:ok
net use l: \\server\shared\.....


HTH
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20043134
jordibartrina - I'm not following, the 'net use' statement won't return control to the script until such time as it either succeeded or failed ... so what is it we're waiting for?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 20043228
That could be a problem with the password. Avoid any of these characters in a password that you're using in a batch script:
% ^ " & | < > ( )
0
 

Author Comment

by:jciancia
ID: 20043240
The password is very simple, short and basic, and works fine when typed in manually.
0
 
LVL 4

Accepted Solution

by:
jordibartrina earned 500 total points
ID: 20043273
Hello again,

If  this key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System is set to 0, execution of explorer and logon script runs simultaneously, then you can't assure what finishes before, and result is unpredictable, logon script can disconnect and connect at same time that explorer. For assure end of logon script and execution of explorer (and then obtain desktop) you need to change this value to 1 (via GP can be done), but... the solution above has a little benefit: is GP independent and works for me.
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20043291
It seems like we need to interact with the logon script, I'd suggest that you add "cmd" to the script on the line before the mapping, logon, restore the window and have a look around ... try -

net use
... to see what's already mapped

net use l: \\server\share password /u:domain\user
... to see if it maps for you from within the logon script

etc ...
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20043445
jordibartrina - ahhh, you're not saying the script proceeds too quickly -- you're saying that the Desktop is rendered prior to the script's completion due to policy ... mmm, seems possible but I wouldn't have expected the problem to occur so often (though I suppose the bandwidth may be limited causing the slowness).  Fair enough -- however, if I am now understanding you correctly, I believe the registry key and value to control that is -

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

value: RunLogonScriptSync (REG_DWORD

0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.

---

jciancia - are you able to determine if the script has finished executing? (you should be able to see the minimized command prompt around the Start button)

If it does appear to be a race condition, set the registry value key/value above to 1 and retry ...
0
 

Author Comment

by:jciancia
ID: 20043483
Are you saying that this registry value needs to be on each workstation?
The script does finish executing.
I assume this is a manually created key as I don't see it in the workstation registry?
You are also saying to set this to "1" to make sure the script completes, yes?
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20043525
Correct on both counts re: the registry.

I would still suggest that you first modify the script per my earlier suggestion ...
0
 
LVL 4

Expert Comment

by:jordibartrina
ID: 20043706
Hello again,

MSE-dwells: Yes, in low bandwidth or big bandwidth but very loaded, the logon scripts fails on my sites, and we found this solution.
jciancia: you can force with group policy for all your users/machines  (or you can define OUs for this purpose) this key to enable (1), i will try with a policy asigned to a site. If I'm distant of the server, my group policy assigns 0 to me, if I'm in the subnet of the server, group policy can assign 1 to me and speed up my connections.
0
 
LVL 2

Expert Comment

by:michaelhooper
ID: 20044213
why not just assign share permissions on the common share to an AD group.....then put the users in the group and take username and password out of the login script?
0
 

Author Comment

by:jciancia
ID: 20044249
Because it is in a seperate domain and AD
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20070312
Hi, this may be off track, but if you're re-prompted for the Resouce credentials when connecting to a mapped drive, is it possible that you have cached credentials to that Resource?
Click Start --> Control Panel --> Users --> Advanced --> Manage Passwords
and see if some saved credentials are there for that resource.  If so, delete them.

Regards,

Rob.
0
 

Author Comment

by:jciancia
ID: 20070841
Actually, ever since I made the change to the registry to make sure the login scripts finished before the desktop opened, it's been working.
I also used the /DELETE option to the front of the script to remove all mapped drives before remapping.

eg.
net use j: /DELETE
net use k: /DELETE
net use j: \\server\share
net use k: \\server\share2

Not sure which really fixed it but since it's working, I don't plan on messing with it now.
This issue is closed.
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20070893
Which registry setting panned out for you?
0
 

Author Comment

by:jciancia
ID: 20070955
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

value: RunLogonScriptSync (REG_DWORD

0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.
Used VALUE 1
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20071029
C'est la vie ... that's as I thought and not a problem ... but it leaves me confused as to why you awarded points based on the wrong registry key?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question