Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

mapped network folder won't stay mapped

Posted on 2013-01-02
21
Medium Priority
?
1,453 Views
Last Modified: 2013-02-01
Hi

I have seen issues similar to mine but none that match exactly and no answer that has solve my problem.

I have a 2003 AD network with XP Pro clients.
I use a member server as a file and printer sharing server.  I share out one folder, named “Y drive”, from this machine and map my clients to it using windows explorer. MAP NETWORK DRIVE.
This has worked for years with no issue.
Now we had a virus/malware that changed the attributes of the files in the folder and throughout the machine.  I have cleaned out the virus/malware from the machine.
I have moved the files to a new folder and fixed the attributes of the files and sub folders within and deleted the old “Y drive “folder.  This had to be done to clean up the virus/malware.
Now when I remap a client to this new folder it works until the client machine is rebooted, then the map is gone and I have to remap the folder again.

I have check the security settings for the fold compared to other folders that are shared and mapped and everything looks proper.
Any help would be great.

Thanks
0
Comment
Question by:KenBlessing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 2
  • +3
21 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 38737993
We use kixtart and run a script so every logon the drives are mapped.
0
 
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 38738136
to make it shure

try on  a machine  put a windows xp cd in to cd rom

go to command promt

sfc /scannow

it'll repair the system files...

it'll make sure that system files issue couse of that .. mostly.. when we run spyware tools or third party tools these kind of issues are common... and even you can check it by restoring the backup while you virus  removal delete time..

all the best
0
 

Author Comment

by:KenBlessing
ID: 38738576
do you know how long this scan should take?  i need to be sure it can be done while the users are out to lunch or i'll have to wait to do it after hours.

Thank you.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 6

Expert Comment

by:crash2000
ID: 38739625
Try mapping via command line with the /p switch (Make permanent)
net use  y: \\computer\sharename /p

Mark
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38739852
Are you checking the box that says "reconnect at logon" (using windows explorer)? Best way to deal with this though is to add it to your logon script then it will always be there and you can set your logon script to notify you if the network connection isn't made.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 38740225
Is the issue for a single client or for the all the client.
Are you sure you ahve select "reconnect at logon" option as said by Lionelmm.
SFC /Scannow will take few Mins (@ max 5-10mins)
0
 

Author Comment

by:KenBlessing
ID: 38741516
I have not had a chance yet to run the SFC /scannow.

The issue is for any client that had the virus/malware problem, not every client was infected.  my machine for example has no problem with the mapping.

yes, the reconnect at logon box is checked.

I do understand that i could write a script to map the drive at logon but that just covers over the problem and leaves what ever is broken still broken, and i really don't like to put bandaids on things.  they always come apart at the worst time.  So i would really like to find out what is broken and fix it properly so it dosn't bite me in the butt later.

Thanks
0
 

Author Comment

by:KenBlessing
ID: 38741994
ok now a new twist.  I went to boot the clients machine into safe mode to run the sfc scan, i get an error that the NTOSKRNL.exe is missing.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38742086
I totally missed that critical point (that its only happening to systems that were infected)--sorry about that. OK so have run boot time scans with a product like AVG rescue disk (this runs before you get into Windows)? As well as products like malwarebytes?
0
 

Author Comment

by:KenBlessing
ID: 38742096
i have run malwaarebytes and norton endpoint
0
 

Author Comment

by:KenBlessing
ID: 38812394
anyone else have any input on this?
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38812532
Did you run boot time scans or scans once logged onto Windows?
0
 

Author Comment

by:KenBlessing
ID: 38820830
i ran avg boot scan (no infected files) i ran malwarebytes (no issues) symantec endpoint (no viruses Detected)  but it will boot into safe mode now, i don't know what happened there.

so now what?
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38822009
It seem to me that at some point the time wasted trying to recover a drive attacked by a virus is best spent re-creating the system. However if you can get in via safe mode what error are you getting now for a normal boot--still the same? In safe mode check the event logs for errors and let us know what those are. I would instead make a clone of one of the systems that are working (instead of a doing a system by system reinstall) and clone the systems, run sysprep and go from there. If you are interested in this let me know, otherwise let me know what you find in safe mode--thanks.
0
 

Author Comment

by:KenBlessing
ID: 38828652
Hi Lionelmum
First, thank you for your help on this issue so far....but I think something has been lost in the post trail.
I am not tring to recover a drive on any machine.
The problem is that I have a shared folder no one of my servers and when I map that folder from a client machine the map does not stay on the client after a reboot.  it is not that the map is in active or can't connect it is just gone from the client and has to be remapped.
Now I understand that a script could be written to remap the drive at login but that does not explain why a map the used to stay now does not.

This only happens on some of the machines that that were on the network at the time of the virus, new machines have no issue.

going back to your last responce I get no Errors on the clients anywhere reguarding this issue.

again thanks for your help
Ken
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38829240
What I was trying to say is that if the only systems that are affected are the ones that were infected by the virus, then it may be best to think of starting new installs on those systems. It is very common for infected systems to be non-recoverable, unable to get them back to functioning normally.
0
 

Author Comment

by:KenBlessing
ID: 38833073
I agree that rebuilding the system is the foolproof easy way out of this and I have rebuilt a few machines but for some systems this is not a viable option for various reasons.

But I am getting the idea that this is something that no one knows how to fix.

So for now I am going to look for a Band-Aid (drive mapping script) to put on this until I can rebuild all the systems that have been affected.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 2000 total points
ID: 38833129
I can write a batch script for you; either to run during logon or which can be run manually or through scheduled tasks. Let me know.

The reason its so tough to "fix" is because if there are no errors in the event logs and 'all' the other systems are not doing it and only the ones that were infected means the virus did something. Some of these hackers are very, very smart and sometimes anti virus software simply stops the damage but its not always possible to know exactly what damage they do--my guess it there is some dll that has been affected but with nothing to guide us along its tough to say what or even if my guess is right.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 38833152
Quick Example

Rem Run "dir" to see if Y is still active or not
dir y:
If Errorlevel 1 goto NetUse
GoTo End

:NetUse
net use y: /d
net use Y: \\servername\sharename /p:y
If Errorlevel 1 goto Error
GoTo End

:Error
Echo There was an error creating a connection to Drive Y on Servername
Pause
(Or Net Send AdminComputerName Problem on %ComputerName% creating connection to drive Y)

:End
Rem Exit Remove REM once you are done testing so script will exit
0
 
LVL 6

Expert Comment

by:crash2000
ID: 38834281
As it's XP Pro, you could always boot from CDROM and go to reinstall, but choose repair.
That should fix the DLL's if there damaged.
After that, you would only need to reinstall the updates.
Might be worth trying that on one machine, to see if it works.
You wouldn't need to reinstall all the sofwtare.

Mark
0
 

Author Comment

by:KenBlessing
ID: 38836534
It is (fixed) for now with a script.   I tried the XP repair on an unimportant machine and lost the whole machine.
I will have to rebuild the machines as time allows.

Thanks for your help.
Ken
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question