Client not having prilivages to map drive from remote location / Sometimes?

[Dennis Burgess]

I have a remote officed connected via L2TP network conneciton. I don't
block anything as far as ports. We have good network connnectivity between
their and the main office. They do have a file server down there, but it is
not a DC.

When they are sometimes logging in, the login script runs (from the main
office) and it tries to map the main office file server drive and their file
server drive. It comes up with a error sometimes:

Client does not have priliviages to this resource

or something to that affect, somtimes, a reboot, and all the drives are
back? sometims, 3 -4 reboots, same error, come back the next day, works
fine?

Suggestions?

Dennis

 

[Phillip Windell]

Of course they don't have the permissions. The login used to establish the
VPN does only that and nothing but that,..it only establishes the VPN
connection. It does not "authenticate" the user to anything else, that has
to be done after-the-fact.

The script will not succeed unless the script itself contain in some way the
proper credentials to establish the mapping,...and hard coding credentials
into a script is always a bad idea.

I would think the best way it to have the user manually create the mapping
using the Explorer GUI and give it the credentials to "connect using a
different username". Then set it to reconnect at logon.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

 

[Dennis Burgess]

We use L2TP network to network, the client workstations do not create a
connection, it is transparent L2TP connection between routers.

Dennis

Of course they don't have the permissions. The login used to establish the
VPN does only that and nothing but that,..it only establishes the VPN
connection. It does not "authenticate" the user to anything else, that has
to be done after-the-fact.

The script will not succeed unless the script itself contain in some way
the
proper credentials to establish the mapping,...and hard coding credentials
into a script is always a bad idea.

I would think the best way it to have the user manually create the mapping
using the Explorer GUI and give it the credentials to "connect using a
different username". Then set it to reconnect at logon.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

I have a remote officed connected via L2TP network conneciton. I don't
block anything as far as ports. We have good network connnectivity between
their and the main office. They do have a file server down there, but it is
not a DC.

When they are sometimes logging in, the login script runs (from the main
office) and it tries to map the main office file server drive and their file
server drive. It comes up with a error sometimes:

Client does not have priliviages to this resource

or something to that affect, somtimes, a reboot, and all the drives are
back? sometims, 3 -4 reboots, same error, come back the next day, works
fine?

Suggestions?

Dennis

 

[Phillip Windell]

L2TP isn't relevant, but if it is a site-to-site vpn (router-to-router vpn),
that matters.

If that is the case the forget about the whole idea that it is a VPN link or
any kind of WAN link at all. Troubleshoot it by treating it as if it was
simply multiple normal subnets on a normal LAN. So it would simply involve
Domain Design and Layer3 Routing, but it sounds like the Routing works, so
it would leave you with Domain Design and how the users are autheticating
and what accounts (domain vs domain, trusts, etc) and what type of accounts
(domain vs local) they are using.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

We use L2TP network to network, the client workstations do not create a
connection, it is transparent L2TP connection between routers.

Dennis

Of course they don't have the permissions. The login used to establish the
VPN does only that and nothing but that,..it only establishes the VPN
connection. It does not "authenticate" the user to anything else, that has
to be done after-the-fact.

The script will not succeed unless the script itself contain in some way
the
proper credentials to establish the mapping,...and hard coding credentials
into a script is always a bad idea.

I would think the best way it to have the user manually create the mapping
using the Explorer GUI and give it the credentials to "connect using a
different username". Then set it to reconnect at logon.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

I have a remote officed connected via L2TP network conneciton. I don't
block anything as far as ports. We have good network connnectivity between
their and the main office. They do have a file server down there, but

it
is

not a DC.

When they are sometimes logging in, the login script runs (from the main
office) and it tries to map the main office file server drive and their file
server drive. It comes up with a error sometimes:

Client does not have priliviages to this resource

or something to that affect, somtimes, a reboot, and all the drives are
back? sometims, 3 -4 reboots, same error, come back the next day, works
fine?

Suggestions?

Dennis

 

[Dennis Burgess]

Just one domain

L2TP isn't relevant, but if it is a site-to-site vpn (router-to-router
vpn),
that matters.

If that is the case the forget about the whole idea that it is a VPN link
or
any kind of WAN link at all. Troubleshoot it by treating it as if it was
simply multiple normal subnets on a normal LAN. So it would simply
involve
Domain Design and Layer3 Routing, but it sounds like the Routing works, so
it would leave you with Domain Design and how the users are autheticating
and what accounts (domain vs domain, trusts, etc) and what type of
accounts
(domain vs local) they are using.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

We use L2TP network to network, the client workstations do not create a
connection, it is transparent L2TP connection between routers.

Dennis

Of course they don't have the permissions. The login used to establish the
VPN does only that and nothing but that,..it only establishes the VPN
connection. It does not "authenticate" the user to anything else, that has
to be done after-the-fact.

The script will not succeed unless the script itself contain in some
way
the
proper credentials to establish the mapping,...and hard coding credentials
into a script is always a bad idea.

I would think the best way it to have the user manually create the mapping
using the Explorer GUI and give it the credentials to "connect using a
different username". Then set it to reconnect at logon.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



I have a remote officed connected via L2TP network conneciton. I
don't
block anything as far as ports. We have good network connnectivity
between
their and the main office. They do have a file server down there, but it
is
not a DC.

When they are sometimes logging in, the login script runs (from the main
office) and it tries to map the main office file server drive and
their
file
server drive. It comes up with a error sometimes:

Client does not have priliviages to this resource

or something to that affect, somtimes, a reboot, and all the drives
are
back? sometims, 3 -4 reboots, same error, come back the next day, works
fine?

Suggestions?

Dennis

 

[Phillip Windell]

Then you have to troubleshoot it as a single Domain running over multiple
subnets. I don't really have anything "specific" to suggest,..it is just
too "broad" of an area.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

Just one domain

L2TP isn't relevant, but if it is a site-to-site vpn (router-to-router
vpn),
that matters.

If that is the case the forget about the whole idea that it is a VPN link
or
any kind of WAN link at all. Troubleshoot it by treating it as if it was
simply multiple normal subnets on a normal LAN. So it would simply
involve
Domain Design and Layer3 Routing, but it sounds like the Routing works, so
it would leave you with Domain Design and how the users are autheticating
and what accounts (domain vs domain, trusts, etc) and what type of
accounts
(domain vs local) they are using.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

We use L2TP network to network, the client workstations do not create a
connection, it is transparent L2TP connection between routers.

Dennis

Of course they don't have the permissions. The login used to

establish
the

VPN does only that and nothing but that,..it only establishes the VPN
connection. It does not "authenticate" the user to anything else,

that
has

to be done after-the-fact.

The script will not succeed unless the script itself contain in some
way
the
proper credentials to establish the mapping,...and hard coding credentials
into a script is always a bad idea.

I would think the best way it to have the user manually create the mapping
using the Explorer GUI and give it the credentials to "connect using a
different username". Then set it to reconnect at logon.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



I have a remote officed connected via L2TP network conneciton. I
don't
block anything as far as ports. We have good network connnectivity
between
their and the main office. They do have a file server down there,

but
it

is
not a DC.

When they are sometimes logging in, the login script runs (from the main
office) and it tries to map the main office file server drive and
their
file
server drive. It comes up with a error sometimes:

Client does not have priliviages to this resource

or something to that affect, somtimes, a reboot, and all the drives
are
back? sometims, 3 -4 reboots, same error, come back the next day, works
fine?

Suggestions?

Dennis