How to fix "Net use" in XPMode\DOS on Domain system error 5

I have a an old program running that requires an LPT printer. We have been using the net use command and it has worked for years.    Example: net use lpt1 \\computername\device /persistent:yes
We have Windows Server 2008 R2, Win 7 workstations running XP Mode. This week the server which had been little more than a glorified peer to peer server was converted to a active directory domain controller. This command no longer works. The startup file runs and prompts for a user and password. It doesn't matter what user/password combo that is used. Everything returns System error 5 Access denied. I have tried a standard domain user, the local pc user, and the system admin. Nothing works. I welcome suggestions to try.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The XP Mode system runs under a username.  I forget what it is, but essentially you need to create that username in the AD and give permissions to the printer.   I wish I had the steps I used, but it was over a year ago that I did this.  Exact same problem though.
David Paris VicenteSystems and Comunications  Administrator Commented:
This problem occurs because of the default behavior of the Allow cryptography algorithms compatible with Windows NT 4.0 policy on Windows Server 2008-based domain controllers. This policy is configured to prevent Windows operating systems and third-party clients from using weak cryptography algorithms to establish NETLOGON security channels to Windows Server 2008-based domain controllers.
This is by design.

You can try the following workaround mention in TechNet or you can follow this link or see the steps below.

1.Log on to a Windows Server 2008-based domain controller.
2.Click Start, click Run, type gpmc.msc, and then click OK.
3.In the Group Policy Management console, expand Forest: DomainName, expand DomainName, expand Domain Controllers, right-click Default Domain Controllers Policy, and then click Edit.
4.In the Group Policy Management Editor console, expand Computer Configuration, expand Policies, expand Administrative Templates, expand System, click Net Logon, and then double-click Allow cryptography algorithms compatible with Windows NT 4.0.
5.In the Properties dialog box, click the Enabled option, and then click OK.

Notes◦By default, the Not Configured option is set for the Allow cryptography algorithms compatible with Windows NT 4.0 policy in the following Group Policy objects (GPO):◾Default Domain Policy
◾Default Domain Controllers Policy
◾Local Computer Policy
By default, the behavior for the Allow cryptography algorithms compatible with Windows NT 4.0 policy on Windows Server 2008-based domain controllers is to programmatically prevent connections from using cryptography algorithms that are used in Windows NT 4.0. Therefore, tools that enumerate effective policy settings on a member computer or on a domain controller will not detect the Allow cryptography algorithms compatible with Windows NT 4.0 policy unless you explicitly enable or disable the policy.
◦      Windows 2000 Server-based domain controllers and Windows Server 2003-based domain controllers do not have the Allow cryptography algorithms compatible with Windows NT 4.0 policy. Therefore, pre-Windows Server 2008-based domain controllers accept security channel requests from client computers even if the client computers use the old cryptography algorithms that are used in Windows NT 4.0. If security channel requests are intermittently processed by Windows Server 2008-based domain controllers, you will experience inconsistent results.

6.Install third-party software updates that fix the problem, or remove client computers that use incompatible cryptography algorithms.
7.Repeat steps 1 through 4.
8.In the Properties dialog box, click the Disabled option, and then click OK.

And by the way did you try to run the command with elevated privileges?

Right click in cmd and then run as Administrator?

Hope it helps
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

jbcbussoftAuthor Commented:
David Paris Vicente - I will try this in the morning.

jkaios - I can log in to windows without a problem. My problem is that after joining the domain the net use command returns an error. This command is issued after the system is logged into.
jkaiosIT DirectorCommented:
The problem, as suggested by David and Bas, is authentication.  The default user that the XP Mode uses to log in to the XP Virtual Environment is NOT in your Active Directory, hence the error "access denied".

One of the tutorials I provided is to make the XP Mode log in "AS" some valid user in your AD or an Administrator that has the same password as the Administrator user in your AD.
jbcbussoftAuthor Commented:
jkaios - Removing XPMUser as the default user was done the day XP Mode was installed several months ago. XP Mode users were in the list of users on the server before the change to AD. They have since been elevated to domain users. In XP Mode they were the users that joined the domain. Their usernames are domain\username or username@domain so they have rights on the domain.
jkaiosIT DirectorCommented:
It could be that the Networking settings in your Virtual XP is set to the default Shared Networking (NAT).  If so, then try these steps on your Virtual XP:

1. log in to your Virtual XP (the default XPMUser is fine)
2. go to Tools and select Settings...
3. in the Windows XP Mode settings dialog box, click Networking
4. next to Adapter 1, select the actual network interface that is installed on your computer
5. click OK to save the changes
6. run a Command Prompt and try to ping a running PC on your network (if u see Reply from... then continue to step 7)
7. go to Computer Management -> Local Users and Groups
8. enable the built-in Administrator account
9. reset the Administrator account password to the password of your domain Administrator user
10. now try to browse any share on any computer on your network or try the NET USE command

If command completed successfully, then congratulations!
jkaiosIT DirectorCommented:
...forgot the additional steps...

10. log off the Virtual XP
11. log on with Administrator and your current password
12. now try to browse any share on any computer on your network or try the NET USE command

Please note that you can also join the Virtual XP to your domain if you can successfully log in with the Administrator account.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jbcbussoftAuthor Commented:
OK I will try these as well. I was unable to try the other suggestions today.
jkaiosIT DirectorCommented:
I can assure you that the 12 above steps I've just posted will work.  I tried them myself.  The key was step 4 (the networking adapter setting) AND steps 8 - 12.
jbcbussoftAuthor Commented:
Although my problem is not completely solved (yet), my question has been answered and it works. Thanks for your help.
jkaiosIT DirectorCommented:
I don't understand: The problem is not solved, but it works?

Does the NET USE command in XP Mode now work after following my 12 steps?  Or did you try something else and what was it?
jbcbussoftAuthor Commented:
I typed a comment before giving points but I must have not submitted it.
I made the policy change but I was unable to use the net use command without an error. I completed the  your 12 steps and was able to issue the command while logged in as the admin but when I returned to the normal user account I was unable to print. I can't have the domain admin logged in to resolve this problem on each workstation.  David Paris Vicente had suggested I use an elevated prompt. This works but only for the current session. If I shutdown XP Mode I lose the use of 'net use' even though I had included the '/persistent:yes' switch. If I close the XP Mode session and let it hibernate I also lose the statement. So I am left with having to issue this command each morning to get this to print.

So it works but not as I need it to.
jkaiosIT DirectorCommented:
OK point taken, thanks for clarifying.

In your XP Mode Settings, is the Undo Disks enabled or disabled?  This could cause the XP Mode to lose or not save its session data.

For my XP Mode, I closed it two days ago (so it was hibernated).  I even shut down my host Windows 7 last night before I went home.  But now as of this writing, after I ran XP Mode, all the programs I ran are still there.  The DOS command window I opened two days ago is still there in the virtual XP.  So obviously, all commands I used that day are still in effect.

Regarding the "persistent" switch in the NET USE command, I sort of recall that I used to have this kind of problem even when running on pure Windows XP machines.  We've upgraded our old DOS-based programs and no longer had to deal with the tedious NET USE LPT[n] command again, but I still remember that every morning we had to RE-run this command again on all the user workstations.  And this is why as described here;en-us;Q313644

I completely agree with you on the idea of not having to use a priveleged user (such as a domin admin) for security reason.

WORKAROUND: There are couple of methods you can use to circumvent this problem. Either one of the following can work, you don't have to do all of them.  And as usual, start with the first one first.

1. use a script (preferrably a batch file) that contains the NET USE command, and then put this file on the "Startup" folder in the XP Mode under the ALLUSERSPROFILE so that it runs for every user on that machine.

2. create a special domain user or group (with standard user privileges) and then assign that domain user/group to the local Power Users group on each XP Mode.  This helps saves the "persistent" setting.

3. change the program (if you have the original source code) to use or print to LPT2 port instead as port LPT1 is somewhat reserved by the OS or other processes as in this KB;en-us;Q313644
jbcbussoftAuthor Commented:
I will give this a whirl.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.