[Samba] Re: How can Windows 2000 mount a share as a service?

Michael Lueck mlueck at lueckdatasystems.com
Sat Jul 10 01:21:45 GMT 2004 

OK, welcome to Windows security 101.

Services typically run at System level authority, and M$ does not like to have system authority programs participate in File&Print activities.

To test your scripts, I suggest you invent something on your box that will pop you a system level CMD session so you can test batch and other programs right in that session. One way to do this is to 
install the RSHD that comes with the Win2KRK (rshsvc they call it) and then rexec to localhost and crank up a cmd session. Just make sure rshsvc is set to allow desktop interaction and you will see 
your cmd session.

Last I knew, System also didn't like drive letter based mappings. So try "NET USE \\SERVER\SHARENAME passWORD /user:DOMAIN\UserID /PERSIST:NO"

PERSIST NO is critical in System level shares or else you get the share stuck in System's restart connections at boot list... but it doesn't have the ID/pw any more... most annoying to get those 
cleared. Actually you need only add NET USE /PERSIST:NO to the begining of your script, not each net use.

Then, you are stuck using UNC for everything, if you have a non UNC friendly program, SORRY!

The other thing you might run into which is most annoying on Windows is that if (I forget if this is separate between System and users on the box or global to the box) Windows does not like multiple 
credentials being used. If it is box wide, then a user logging in to the desktop and trying to attach to the same Samba server would have to match credentials... if it is separate between users and 
System, then at least everything system does would have to have the same credentials used. You might run into issues with things (IPC$ maybe) where M$ did deem networking at System level was an OK 
Idea is using System credentials to network, and here you come with a file share and different credentials...

Anyway.... start with a System level CMD session so you can hack around with what works and what does not for you... write down what works and what does not... hack on!

-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

More information about the samba mailing list