Automatically mounting network share and TrueCrypt containers on Windows Server 2003.
Posted on 2011-09-07
We have a TrueCrypt container on a NAS containing a network share. The network share can be mounted using the Net Use command properly (the machine mounting it is running Windows Server 2003 Small Business Server). Permissions are, for now, set to all access for everyone for the share. The TrueCrypt container can be properly mounted through a single command-line command. We realize this is insecure; once we get this working, this is a temporary setup that will be secured, we just have to get this working for a brief time.
Mounting the share works properly with the net use command, and mounting the TrueCrypt container located on the share from the command line works properly. We want the share itself to be automatically mounted on boot and the TrueCrypt container on the share also mounted on boot (again, for security reasons, this is temporary but needs to be in place for a brief time). We have created a logon script (assigned through Group Policy to the Windows Server in question) that uses net use to mount the share then executes the TrueCrypt command to mount the TrueCrypt container.
If we disable the logon script (so that it doesn't run automatically on machine boot), log into the machine, and run the script manually, it works perfectly (mounts the share using net use, then mounts the TrueCrypt container using TrueCrypt.exe on the command line), indicating th script should work fine. However, if we assign it as a startup script, it doesn't work. When we assign the script as a Startup script to the machine, reboot the machine, log in, and check to see if everything mounted properly, the share itself will be mounted, but the TrueCrypt container won't.
We notice that when the known-good script is assigned as a Startup script to the machine, while the share does mount (and, again, the TrueCrypt container doesn't, despite the script being known-good), the share is listed as "Disconnected Network Drive". We can open Windows Explorer and navigate to it (and are able to view the files on the share, etc), but in Explorer the label associated with the drive (next to the drive letter) is "Disconnected Network Drive" and if "net use" is executed by itself at the command line (to list all currently attached network shares and the like), net use reports that no shares are mounted (despite the fact that we can navigate to it in Windows Explorer and see the files within.
We have tried setting a Group Policy parameter (under Administrative Templates) that is supposed to delay script execution until the network is initialized, but it seems to have no effect.
We assume the issue to be related to Windows not having the network fully initialized to properly and completely mount the share through a logon script. Is there a way to delay Windows to ensure that a net use command that mounts a network share will only execute when the network is fully initialized? Is whatever user context that Windows attempts to mount the share in (we assume it to be a System account) when executing the net use command in the logon script an issue, and if so, is there a way to specify what user account the logon script runs under?
Thank you very, very much in advance for your assistance. If further detail is required, I will be happy to post it.