logon script fails to run after former admin user disabled

fftfoam
fftfoam used Ask the Experts™
on
Hi, we have a logon bat file that runs to map drives when users logon.  It was created by a former admin.  When I disable his account, the mapped drives won't map.  They only prompt for a username and password.

Thanks for any help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
I don't believe that the BAT file is causing any thing.  Can you check the Security settings under the Scheduled Tasks.  Systems must have Full Control.  Also, who else is there?
There must be something in the script mapping to a resource using his credentials.  If true, this is a VERY bad idea.

Can you post the script?  If not serach the script for any NET USE commands and just post those.

Commented:
Alan,  yes, using NET USE could embedded the username and password there...  Good catch....  I would not do that but I know that others would use it....  Batch file is basically clear text.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
Here is the script:

@echo off

echo You are accessing the network from %COMPUTERNAME%

if '%COMPUTERNAME%'=='CTXSERVER1' goto skipica
if '%COMPUTERNAME%'=='CTXSERVER2' goto skipica
if '%COMPUTERNAME%'=='CTXSERVER3' goto skipica
if '%COMPUTERNAME%'=='CTXSERVER4' goto skipica
if '%COMPUTERNAME%'=='CTXSERVER5' goto skipica
REM if exist "%userprofile%\Desktop\Citrix Desktop.ica" goto skipica
REM copy "\\domain.com\netlogon\Citrix Desktop.ica" "%userprofile%\Desktop"
:skipica

if '%COMPUTERNAME%'=='TERMSERVER2' goto termserver2
if '%COMPUTERNAME%'=='CTXSERVER1' goto ctxfarm
if '%COMPUTERNAME%'=='CTXSERVER2' goto ctxfarm
if '%COMPUTERNAME%'=='CTXSERVER3' goto ctxfarm
if '%COMPUTERNAME%'=='CTXSERVER4' goto ctxfarm
if '%COMPUTERNAME%'=='CTXSERVER5' goto ctxfarm

REM net time \\<DOMAINCTRLR> /set /yes

DEL /S /Q %TEMP%\*.BAK
DEL /S /Q %TEMP%\*.DBF
DEL /S /Q %TEMP%\*.FXP
DEL /S /Q %TEMP%\*.TMP
DEL /S /Q %TEMP%\*.CDX
DEL /S /Q %TEMP%\*.FPT
DEL /S /Q %TEMP%\*.DAT

:ctxfarm
@net use g: /d
net use h: /d
net use o: /d
net use g: \\fileserver1\appfolder
net use h: \\fileserver2\datafolder
net use o: \\fileserver1\sharedfolder
net use p: \\fileserver1\%username%$ /PERSISTENT:YES
net use m: /d
net use t: /d
net use m: \\fileserver3\appfolder /PERSISTENT:YES
goto end

:termserver2
@net use g: /d
net use h: /d
net use o: /d
net use g: \\fileserver1\appfolder
net use h: \\fileserver2\datafolder
net use o: \\fileserver1\sharedfolder
net use p: /home
net use m: /d
net use t: /d
net use t: \\fileserver3\appfoldertest /PERSISTENT:YES
:end

Author

Commented:
If I try to manually map the drive from the users workstation with the admin's account disabled, I get a auth prompt that has his <local fileserver name>\<former admin username> pre populated in the login box.
Is this just happening for one user?

If so, I reckon that at one point in time the former admin has mapped the drive manually and put in their credentials.  So in effect the user has been accessing the mapped drive using the admin's account.  

Can you see which of the drives is failing to map?
Can you check permissions on the share?
As the User, do a NET USE <driveletter> /D  (eg NET USE H: /D) and also do a NET USE \\server\share /D to remove and remembered connection to the server.

Author

Commented:
It does only seem to be one user so far.  

I cannot map the drive with net use, even though the permissions allow read/execute on the folder.  

Now when I try to add a printer from the server 2003 print server to the same workstation, the same username prompt shows up.  

Commented:
I would assume when you add the printer, you are using your profile and it is Domain Admins profile?

From another PC, can test the admin profile using Windows Explorer with this \\computer_name\admin$?  Can you see anything?

Author

Commented:
Nope, not a domain admins profile.  I am adding the printer as a standard user profile who is a local admin on the PC.  I can add the printer/mapped drives as domain admin with no problem.  I was able to add a new printer from a different print server as the regular user.
Commented:
Yes I can see the admin$ share as domain admin.
Commented:
I got this one figured out myself.  I had to remove the pc from the domain and re-add it.  Then, I tried to map the drive via the Tools->map network drive.  I was re-prompted with the credentials, and I input the users domain credentials.  They were accepted and I was able to map the drive.  I deleted all the drives and re-ran the script and it ran with no issues.
Commented:
The printers were added successfully as well.

Author

Commented:
Figured this one out on my own.  Thanks for the help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial