Questions

How can I save passwords to mapped drives on domain?

Tags:
+
0 Votes
Locked

How can I save passwords to mapped drives on domain?

DownRightTired
At our local office here I have a win2k3 domain set up. Most of the client PCs connect locally though because of complications with our database program. However they all have mapped network drives that are controlled by the domain. I know when I originally set these up it gave me the option to save the password. However the last couple days everytime the users log back in I have to go in, disconnect the network drive and put the password back in, and theres no option to save it. Is there a way Im missing to either save the user and password for these drives or maybe associate a local account w/ an active directory user and pwd? all except one of the local user accounts and pwds are the same as their corresponding domain login. Any ideas?
  • +
    0 Votes
    Litehouse

    My biggest concern would be that DB application. Why does it require you to be logged on as a local user account and not a domain account? It doesn't really make a lot of sense.

    +
    0 Votes
    DownRightTired

    trust me I know. These people have been using it for 6 years now though. I could probably make it work in AD but until I learn a little more about the program Im just letting it alone. It works and I can control file access, good enough.

    +
    0 Votes
    CG IT

    create a logon script for the user that connects to the drive and provides credentials.

    see microsoft's scripting center. http://www.microsoft.com/technet/scriptcenter/default.mspx

    +
    0 Votes
    DownRightTired

    what about what the poster below mentioned? this is what I was thinking, y I havnt gone that route. Was looking for a more direct way I guess to edit the properties on the network drive.

    +
    0 Votes
    CG IT

    to capture packets then try to break in.

    Since this is a domain, you can control the user experience and remove from users sight, the ability to look at settings that require access to the control panel and MMCs [such as logon scripts].

    you can create a mandatory domain profile stored on the server that invokes the logon script and setup in Active Directory Users and Computer\User Account Properties\profile.

    in there you can use the connect and list the mapped drive.

    just ideas.

    Nothing in IT is "safe" with the level of sophistication that hackers have and the tools available to them.

    +
    0 Votes
    DownRightTired

    i work at a small office (8 users locally). Which is why letting them log on to their pcs locally hasnt really bothered me that much. The majority of the administration I do deals with the other 95% of our organization thats spread out from central america to europe. So GP's applied to the computer rather than users provide enough control for me. So threats on the inside arent a big concern.
    Good suggestion though, thanks!

    +
    0 Votes
    dryflies

    Force them to fix the DB problem. For many reasons, not the least of which is controlling security policy, I do not support local logins accessing domain shares.

    I tried to add permissions for a computer\user account to a share and was unable to.

    Now, looking at the other side of the problem. Just what is the problem with the DB? It sounds (with the limited info given) thaqt there is a possibility it is a permissions problem. review all of the permissions for the DB and see if you can modify them to allow the users access the db using their domain logins instead of local logins. That is a win/win because you now have access over your security policy and the users have transparent access to their shares. not to mention getting rid of the headache of when a user changes their local login password and have to relogin to all the shares.
    Maybe not the answer you are looking for but this is the "best practices" answer.

    if this is helpful, tell TR

    +
    0 Votes

    DB

    DownRightTired

    it has to do with the way the database stores info in profiles and also to do w/ permissions. Ive managed to get it to somewhat work before but its fairly poorly designed and theres absolutely no chance theyll get rid of it. I plan on working out the issue, once I learn the program a little better (still figurin some things out). Ill have to do it under my bosses nose when I do it though, he gets nervous every time i bring it up.

    +
    0 Votes
    ugadata

    The NET USE command line option will allow you to save the username/password combination used to map a drive to a network share and could be used in a batch file or logon script.

    Keep in mind this is not secure. anyone who can view the batch file can see the username/password. They may even see it as it is executed.
    The authenication is sent as clear text (I think)and is also viewable over the network, if someone was "sniffing" around

    +
    0 Votes
    ugadata

    What about setting the permissions/security for the share to allow everyone.

    Again, it's not secure but sometimes you do what you must to keep the masses happy

    +
    0 Votes
    DownRightTired

    thats whats kind of confusing me, it is set that way. But it still asks for authentication, I guess for going from local machine to the domain. Does the eveyone group cover local users when set in security permissions or only 'domain everyones'?

    +
    0 Votes
    DownRightTired

    I think i figured out why I suddenly had problems authenticating. The pcs that suddently had problems authenticating where ones that had other folders mapped to the same pc. I think the 2 different drives were mapped w/ 2 different logon names saved, so after one authenticated, it wouldnt let the local machine authenticate with another users name. This sound right?

  • +
    0 Votes
    Litehouse

    My biggest concern would be that DB application. Why does it require you to be logged on as a local user account and not a domain account? It doesn't really make a lot of sense.

    +
    0 Votes
    DownRightTired

    trust me I know. These people have been using it for 6 years now though. I could probably make it work in AD but until I learn a little more about the program Im just letting it alone. It works and I can control file access, good enough.

    +
    0 Votes
    CG IT

    create a logon script for the user that connects to the drive and provides credentials.

    see microsoft's scripting center. http://www.microsoft.com/technet/scriptcenter/default.mspx

    +
    0 Votes
    DownRightTired

    what about what the poster below mentioned? this is what I was thinking, y I havnt gone that route. Was looking for a more direct way I guess to edit the properties on the network drive.

    +
    0 Votes
    CG IT

    to capture packets then try to break in.

    Since this is a domain, you can control the user experience and remove from users sight, the ability to look at settings that require access to the control panel and MMCs [such as logon scripts].

    you can create a mandatory domain profile stored on the server that invokes the logon script and setup in Active Directory Users and Computer\User Account Properties\profile.

    in there you can use the connect and list the mapped drive.

    just ideas.

    Nothing in IT is "safe" with the level of sophistication that hackers have and the tools available to them.

    +
    0 Votes
    DownRightTired

    i work at a small office (8 users locally). Which is why letting them log on to their pcs locally hasnt really bothered me that much. The majority of the administration I do deals with the other 95% of our organization thats spread out from central america to europe. So GP's applied to the computer rather than users provide enough control for me. So threats on the inside arent a big concern.
    Good suggestion though, thanks!

    +
    0 Votes
    dryflies

    Force them to fix the DB problem. For many reasons, not the least of which is controlling security policy, I do not support local logins accessing domain shares.

    I tried to add permissions for a computer\user account to a share and was unable to.

    Now, looking at the other side of the problem. Just what is the problem with the DB? It sounds (with the limited info given) thaqt there is a possibility it is a permissions problem. review all of the permissions for the DB and see if you can modify them to allow the users access the db using their domain logins instead of local logins. That is a win/win because you now have access over your security policy and the users have transparent access to their shares. not to mention getting rid of the headache of when a user changes their local login password and have to relogin to all the shares.
    Maybe not the answer you are looking for but this is the "best practices" answer.

    if this is helpful, tell TR

    +
    0 Votes

    DB

    DownRightTired

    it has to do with the way the database stores info in profiles and also to do w/ permissions. Ive managed to get it to somewhat work before but its fairly poorly designed and theres absolutely no chance theyll get rid of it. I plan on working out the issue, once I learn the program a little better (still figurin some things out). Ill have to do it under my bosses nose when I do it though, he gets nervous every time i bring it up.

    +
    0 Votes
    ugadata

    The NET USE command line option will allow you to save the username/password combination used to map a drive to a network share and could be used in a batch file or logon script.

    Keep in mind this is not secure. anyone who can view the batch file can see the username/password. They may even see it as it is executed.
    The authenication is sent as clear text (I think)and is also viewable over the network, if someone was "sniffing" around

    +
    0 Votes
    ugadata

    What about setting the permissions/security for the share to allow everyone.

    Again, it's not secure but sometimes you do what you must to keep the masses happy

    +
    0 Votes
    DownRightTired

    thats whats kind of confusing me, it is set that way. But it still asks for authentication, I guess for going from local machine to the domain. Does the eveyone group cover local users when set in security permissions or only 'domain everyones'?

    +
    0 Votes
    DownRightTired

    I think i figured out why I suddenly had problems authenticating. The pcs that suddently had problems authenticating where ones that had other folders mapped to the same pc. I think the 2 different drives were mapped w/ 2 different logon names saved, so after one authenticated, it wouldnt let the local machine authenticate with another users name. This sound right?