Login script error

I have a 2003 Server with AD and a few login scripts.
Some uses map a drive to another server (across the country) that is not in the same domain but connected through a hardware VPN connection.
I created a user on the foreign server with full access to a network share so in my login script, I enter the following.
NET USE L: /DELETE
net use L: \\foreignserver\\common password /user:domain\username
The L drive shows up but when a user clicks on the drive, they are prompted with a username and password box to login. If they use the exact credentials passed along in script, it maps the drive and works.
Secondly, If I open a DOS prompt and type in the commands verbatim from the script, it also works so I know the syntax in the script is correct but just can't figure out why it won't automatically just map the drive without user intervention.
Thanks,

Jim


jcianciaAsked:
Who is Participating?
 
jordibartrinaCommented:
Hello again,

If  this key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System is set to 0, execution of explorer and logon script runs simultaneously, then you can't assure what finishes before, and result is unpredictable, logon script can disconnect and connect at same time that explorer. For assure end of logon script and execution of explorer (and then obtain desktop) you need to change this value to 1 (via GP can be done), but... the solution above has a little benefit: is GP independent and works for me.
0
 
MSE-dwellsCommented:
How did you deploy the logon script ... through Group Policy?  If so, where did you link the policy?
0
 
jcianciaAuthor Commented:
I didn't use Group Policy. I just entered logon script batch filename in users AD profile.
It maps all other network shares fine. Just the ones outside the domain don't work.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
jordibartrinaCommented:
Hello,

It's a problem of syncronization. If you wait until L: is disconnected and then continues with net use L: \\server\shared ....
it will work.
For solve this you can do:
wait some seconds in a loop and test connection, when dropped, continue. for example

:up
if not exist \\server\shared\test.txt goto ok
wait 3 (you can use any little sleep program)
goto up
:ok
net use l: \\server\shared\.....


HTH
0
 
MSE-dwellsCommented:
jordibartrina - I'm not following, the 'net use' statement won't return control to the script until such time as it either succeeded or failed ... so what is it we're waiting for?
0
 
oBdACommented:
That could be a problem with the password. Avoid any of these characters in a password that you're using in a batch script:
% ^ " & | < > ( )
0
 
jcianciaAuthor Commented:
The password is very simple, short and basic, and works fine when typed in manually.
0
 
MSE-dwellsCommented:
It seems like we need to interact with the logon script, I'd suggest that you add "cmd" to the script on the line before the mapping, logon, restore the window and have a look around ... try -

net use
... to see what's already mapped

net use l: \\server\share password /u:domain\user
... to see if it maps for you from within the logon script

etc ...
0
 
MSE-dwellsCommented:
jordibartrina - ahhh, you're not saying the script proceeds too quickly -- you're saying that the Desktop is rendered prior to the script's completion due to policy ... mmm, seems possible but I wouldn't have expected the problem to occur so often (though I suppose the bandwidth may be limited causing the slowness).  Fair enough -- however, if I am now understanding you correctly, I believe the registry key and value to control that is -

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

value: RunLogonScriptSync (REG_DWORD

0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.

---

jciancia - are you able to determine if the script has finished executing? (you should be able to see the minimized command prompt around the Start button)

If it does appear to be a race condition, set the registry value key/value above to 1 and retry ...
0
 
jcianciaAuthor Commented:
Are you saying that this registry value needs to be on each workstation?
The script does finish executing.
I assume this is a manually created key as I don't see it in the workstation registry?
You are also saying to set this to "1" to make sure the script completes, yes?
0
 
MSE-dwellsCommented:
Correct on both counts re: the registry.

I would still suggest that you first modify the script per my earlier suggestion ...
0
 
jordibartrinaCommented:
Hello again,

MSE-dwells: Yes, in low bandwidth or big bandwidth but very loaded, the logon scripts fails on my sites, and we found this solution.
jciancia: you can force with group policy for all your users/machines  (or you can define OUs for this purpose) this key to enable (1), i will try with a policy asigned to a site. If I'm distant of the server, my group policy assigns 0 to me, if I'm in the subnet of the server, group policy can assign 1 to me and speed up my connections.
0
 
michaelhooperCommented:
why not just assign share permissions on the common share to an AD group.....then put the users in the group and take username and password out of the login script?
0
 
jcianciaAuthor Commented:
Because it is in a seperate domain and AD
0
 
RobSampsonCommented:
Hi, this may be off track, but if you're re-prompted for the Resouce credentials when connecting to a mapped drive, is it possible that you have cached credentials to that Resource?
Click Start --> Control Panel --> Users --> Advanced --> Manage Passwords
and see if some saved credentials are there for that resource.  If so, delete them.

Regards,

Rob.
0
 
jcianciaAuthor Commented:
Actually, ever since I made the change to the registry to make sure the login scripts finished before the desktop opened, it's been working.
I also used the /DELETE option to the front of the script to remove all mapped drives before remapping.

eg.
net use j: /DELETE
net use k: /DELETE
net use j: \\server\share
net use k: \\server\share2

Not sure which really fixed it but since it's working, I don't plan on messing with it now.
This issue is closed.
0
 
MSE-dwellsCommented:
Which registry setting panned out for you?
0
 
jcianciaAuthor Commented:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

value: RunLogonScriptSync (REG_DWORD

0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.
Used VALUE 1
0
 
MSE-dwellsCommented:
C'est la vie ... that's as I thought and not a problem ... but it leaves me confused as to why you awarded points based on the wrong registry key?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.