Solved

Batch file on logon script in windows 8 nto working

Posted on 2013-06-17
15
798 Views
Last Modified: 2013-06-21
Hello guys,

I'm on a windows server 2003 dc and have user connecting to this dc (win xp, win7, win 8).

I have created a batch file on my server and have put it using group policy under Logon script (user configuration, windows settings, logon etc etc).

All my win xp and win7 client received their map drive but my win 8 client doesn't...

Can you please help?
Thanks
0
Comment
Question by:techlabtest
  • 6
  • 3
  • 3
  • +3
15 Comments
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 39255388
Disable securtity signature

Open shell with elevated privileges and type in:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force

and try again....
0
 

Author Comment

by:techlabtest
ID: 39255399
on my dc?
0
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 39255406
right
0
 

Author Comment

by:techlabtest
ID: 39255418
i need to install .netframework and restart the dc and install power shell..can i use it through regedit?
0
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 39255444
yes it works on power shell and you should make entry in login scripts....
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39255483
I think what they are saying is that from a Windows 8 client to a Windows 2003 server there can be problems mapping drives etc. due to this secure signing requirement for SMB3.  There is an MS knowledgebase on that I'll see if I can find in a mo.

No need to put powershell or anything else on your server.

You can use that powershell script, manually make the same change using regedit against the Window 8 machine or I presume there should be a policy in group policy for it which you could push down to the machines if needed.

Not looked yet as no-one wants to use Windows 8 machines in corporates I deal with, Windows 7 is a bit new fangled, and for the smaller companies XP is still new for some of them, moved one business from one 18 year old DOS machine to Windows 7 and internet the other day!

Had a quick search and this is MS document on the subject: http://support.microsoft.com/kb/2686098 and some more info:  http://www.adamfowlerit.com/2013/05/26/unable-to-map-drives-from-windows-8/
0
 

Author Comment

by:techlabtest
ID: 39255501
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force

i cant see: RequireSecureNegotiate !!!

Thanks
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 39255653
To change the default behavior, you need to define the registry key. If not present, its default value is “Required” in Windows 8 clients.

If not, add the registry key...
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecureNegotiate = 0


More info:
http://www.symantec.com/connect/forums/cant-map-network-storage-after-booting-ssr2013-recovery-disk
http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39256414
Have a look at below hotfix too.

Windows 8 and Windows Server 2012 update rollup: February 2013
http://support.microsoft.com/kb/2795944
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39258027
Quote the part of the batch file that does the mapping, please.  I never had to adjust anything on several win8 workstations in order to get "net use x: ..." running in a logon script.
Simply let the script echo to a file and quote the contents... or should we go on guessing?

Also read http://technet.microsoft.com/en-us/library/ee844140(v=ws.10).aspx if your test user is local admin.
Quote: When network shares are mapped, they are linked to the current logon session for the current process access token. This means that if a user uses the command prompt (cmd.exe) together with the filtered access token to map a network share, the network share is not mapped for processes that run with the full administrator access token.
0
 

Author Comment

by:techlabtest
ID: 39258342
thanks for your comments...

i have added the registry key and still not working...

Any idea...i got a lot users on windows 8..

Thanks
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39259533
You set the registry key... which one? Many suggestions contained one, which did you set? And if applicable, did you restart afterwards?
Then: I asked you to quote the part of the batch file that does the mapping, please - can you do it? And finally, you did not bother to follow my suggestion to have the script log to a file, did you? That way we could see what is going on. Like this for example:
net use x: \\server\share >\\logserver\share\%computername%.log
0
 

Author Comment

by:techlabtest
ID: 39262245
Sorry Mcknife...i was in a hurry yesterday and had not seen your comment....thanks for responding...

HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecureNegotiate = 0  (hav create RequireSecureNegociate and set the key to zero)

Batch file:
@echo off
net use x: \\serverone\FinanceDept /persistent:yes

Please eleborate for the example you gave..

Thanks
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 39264475
Set the regkey I linked and restart.
The example: Add >\\logserver\share\%computername%.log to that line of yours. It will log the result of your command to the textfile \\logserver\share\%computername%.log
Of course, you will have to supply a writable share \\logserver\share\, first.
0
 

Author Closing Comment

by:techlabtest
ID: 39265888
Thanks it works now...
0

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now