Local Account, DriveMap and its problem

[poundesville]

Hi guys,

The script that i'm writing is to keep an exact replica (like backup style) of certain files from one server to another server.

Both servers are running Windows Server 2003 and in both servers we created a Local Account.

So the big problem i'm having his now I cannot "driveMap" the target server eventhough I put all the all the necessary ingredients. Thus, I tested to use "net use" command and that's where the problem is:

I cannot connect to the \\server2\c$ using the local account from the server2.

The net use command i use is

net use M: \\server2\c$ /user:server2\user_name <password>

I tried to replace the "c$" with the "ipc$" but that didn't work. and the error return is always

System Error 1326 has occured. Logon failure: unknown user name or bad password

I can remote desktop to these server using the local account (once again the local account is part of the admin groups). So I am guessing something is set in the server that does not allow a local account to connect to the Default share (C$) or the IPC$.

How do I set the server to allow the connection?

Thanks a bunch

ps: search google for some explanations and found plenty; but i guess everyone just say it should work but not on my servers

[zac23]

this is batch script for one not autoit but i will help none the less

Can u map to the drive using the windows? like right click mycomputer in start menu/ map network drive..

Autoit dose it useing drivemapadd and you can chose weather it will prompt for the password or not

give that a try and let us know how it goes

[poundesville]

this is batch script for one not autoit but i will help none the less

Can u map to the drive using the windows? like right click mycomputer in start menu/ map network drive..

Autoit dose it useing drivemapadd and you can chose weather it will prompt for the password or not

give that a try and let us know how it goes

Hi,

You're right. This is a batch question but if this work, then I can go back and use the "DriveMapAdd" (which was the main problem I have).

If I use Windows and map network drive (in explorer -> Tools->Map Network drive) and then choose the "connect using different username", it will not work either. A window will appear and prompt me to enter the username and the password again. In this window, i entered

a. domain\username ; e.g. server2\username

b. username@domain ; e.g. username@server2

Neither of them works. I put the DOMAIN as the Server name here since this is a local account.

If I connect using my own Active Directory username (where the server is also located in the same domain); then it works.

So the main problem here is: local account can be use in remote desktop, but can't be used to connect to map the network drive.

Edited July 1, 2009 by poundesville

[rudi]

Hi.

You propably have an access rights issue.

1st of all use the server you want to run the script from, GUI.

start, run, \\server\<share>, [OK]

What happens? A auth dialog box should pop up. Try the local "Administrator" of the destination system.

If this is fine, try the user you wanna use.

If even "administrator" fails, check at the server you want to connect to:

start, run, CMD.

net share

now you should see all the shares (if there are any)

Now try to

net use localhost <one-of-the-listed-share-names>

regards, Rudi.

<edit: typo>

Edited July 1, 2009 by rudi

[poundesville]

Hi.

You propably have an access rights issue.

1st of all use the server you want to run the script from, GUI.

start, run, \\server\<share>, [OK]

What happens? A auth dialog box should pop up. Try the local "Administrator" of the destination system.

If this is fine, try the user you wanna use.

If even "administrator" fails, check at the server you want to connect to:

start, run, CMD.

net share

now you should see all the shares (if there are any)

Now try to

net use localhost <one-of-the-listed-share-names>

regards, Rudi.

<edit: typo>

Hi Rudi,

Actually this local account is a member of the administrators group in the server2. On top of that my NT Username is also a member of the same group.

The only difference is that my username is member of the my Company Network Domain while the Local Account is only found in the server2.

With that in mind. Let me feedback the test that you've asked

1. \\server2\c$

The result: no windows will ask for any username or password. Simply because my username is used and sent to Server2 for login credentials. I checked this in server2 in the Security Event log

2. in server2 : run NET SHARE

The result: the "default share - C$" and the "remote Admin - IPC$" are found in server2 (the one where I intend to access the share folder)

3. Net use Server2\<one of the local shared folder>

The result: it will work also due to same reason as "1" - that is: my own username is used for credential here in server2. If I tried to use the local account username; it will fail with the error message 1326.

[poundesville]

Ladies & gentlemen,

The problem is answered although it is not solved. I approach the IT person who used to maintain servers for us and when I ask him if local account could access a shared folder. His reply was a cool one-liner "Local account is used only to do stuff locally".

arrrrrgggggh - should have tried the Net Use before starting to write the script..

Now, have to find the workaround... back to the drawing board.

Thank you all for the replies..

[rudi]

Hi.

His reply was a cool one-liner "Local account is used only to do stuff locally".

What a smart and helpful answer!

So try this:

net use \\server\ipc$ /user:Domain\user-on-server-SAM <clear-text-password>

Do clarify a bit:

If a Win WS accesses a server ressource, it will:

1.) try to use the current logon's credetials.

A.) If these are sufficent to access a server ressource this can have two sources:

A.1) your current logon already *IS* based on a AD user account.

A.2) your current logon is based on a local SAM's user account, but there exists a *SEPARATE* user account with the exact same user name and password on the server hosting the service you want to access. (so A.2 basically is an "ABUSE" of the local credetials for a "Shot in the dark, Server side")

B.) If A.) is not fact, you should see

B.1) a prompt asking for password, or a GUI box asking for user/password.

B.2) an error message. That basically means you are even not allowed to "see" the service, or something with you browser list / WINS / Workgroup Names is messed up.

Regards, Rudi.