We have a couple of services on our NT 4.0 SP6a workstations that show up as logged on users when the service starts on the system (Norton AV, SMS, etc). Then when the user logs in, all accounts that are used for various services try to go out and authenticate against the user’s persistent drive mappings, causing the servers that house those shares to log event ID 529 in the security log as a failed logon attempt (not all service accounts are domain admin accounts, and some users map drives toresource domains where the service accounts have no permissions). Is there a way to prevent the workstations from trying to authenticate to mapped drives with accounts used on services running, or is this just a feature that we have to live with? The users can get to the shares O.K. after logging in, I just don’t like to see all the logon failures show up in our servers’ security logs and would like to keep the service accounts from even trying to authenticate if possible. Thanks for the help.
Arlo McCalla
arlo.mccalla@afpc.randolph.af.mil