Windows XP lockouts from auto-reconnect

[gbiello]

Hello all,
We have several Windows XP workstations in a workgroup configuration. They have a persistent connection to a mapped drive on a domain-member server. The users are trying to log in to a local account on that server.

Because the workstation password is different than the mapped-drive password, that local account keeps getting locked out and the users have to wait 30 minutes, after which time they can access it with no problem. Barring that they can log in if we unlock the account. What we suspect is happening is the Windows is attempting to connect to the drive with the local account used to log onto the XP workstation and retrying a few times after the password fails.

The following errors appear in the event log.

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 681
Date: 4/22/2005
Time: 11:43:55 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER01
Description:
The logon to account: lsmith
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: WRK01 failed. The error code was: 3221225578

------------------------------------------------

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 4/22/2005
Time: 11:43:55 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER01
Description:
Logon Failure:
Reason: Unknown user name or bad password

User Name: lsmith
Domain: WRK01
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: WRK01

We know the best solution would be to make them all members of a domain and use domain accounts. Suffice it to say that is not an option. Increasing the number of failed attempts before the account locks is also not an option (security compliance).

What we think would be a good workaround is to find a registry fix that would limit the number of login retries to 1, so the user would get prompted with a password rather than the system retrying multiple times and locking the account. Does anyone know how to do this?

Any other ideas would also be appreciated.

Thanx

 

[bcastner]

What happens when you pass the credentials in the Net Use statement itself?

Net use
Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections. The command also controls persistent net connections. Used without parameters, net use retrieves a list of network connections.

Syntax
net use [{DeviceName | *}] [\\ComputerName\ShareName[\volume]] [{Password | *}]] [/user:[DomainName\]UserName] [/user:[DottedDomainName\]UserName] [/user: [UserName@DottedDomainName] [/savecred] [/smartcard] [{/delete | /persistent:{yes | no}}]

net use [DeviceName [/home[{Password | *}] [/delete:{yes | no}]]

net use [/persistent:{yes | no}]

Parameters
DeviceName
Assigns a name to connect to the resource or specifies the device to be disconnected. There are two kinds of device names: disk drives (that is, D: through Z and printers (that is, LPT1: through LPT3. Type an asterisk (*) instead of a specific device name to assign the next available device name.

\\ComputerName\ShareName
Specifies the name of the server and the shared resource. If ComputerName contains spaces, use quotation marks around the entire computer name from the double backslash (\\) to the end of the computer name (for example, "\\Computer Name\Share Name"). The computer name can be from 1 to 15 characters long.

\volume
Specifies a NetWare volume on the server. You must have Client Service for NetWare installed and running to connect to NetWare servers.

Password
Specifies the password needed to access the shared resource. Type an asterisk (*) to produce a prompt for the password. The password is not displayed when you type it at the password prompt.

/user
Specifies a different user name with which the connection is made.

DomainName
Specifies another domain. If you omit DomainName, net use uses the current logged on domain.

UserName
Specifies the user name with which to log on.
DottedDomainName
Specifies the fully-qualified domain name for the domain where the user account exists.

/savecred
Stores the provided credentials for reuse.

/smartcard
Specifies the network connection is to use the credentials on a smart card. If multiple smart cards are available, you are asked to specify the credential.

/delete
Cancels the specified network connection. If you specify the connection with an asterisk (*), all network connections are canceled.

/persistent:{yes | no}
Controls the use of persistent network connections. The default is the setting used last. Deviceless connections are not persistent. Yes saves all connections as they are made, and restores them at next logon. No does not save the connection being made or subsequent connections. Existing connections are restored at the next logon. Use /delete to remove persistent connections.

/home
Connects a user to the home directory.

 

[gbiello]

What I ended up doing was to map the drives manually and create a shortcut to the desktop. On reboot, I would just double-click the shortcut and was then prompted for credentials. All I needed was username/password. I didn't need to specify the servername because it was embedded in the shortcut.

There was the aesthetic problem of and ugly red question mark icon that I fixed by changing the icon.