Trouble with Net Use to map a Win2k server print queue on WinXP Pro 1

[mskennicutt]

Whenever I have used 'net use' in the past on Win2k Pro machines to map print queues to lpt ports I have been able to do so with any domain account, but I now have 15 new XP Pro computers (all these computers have been added to my Windows 2000 domain) who will not let me do a simple net use command unless I am logged onto the XP Pro computer with a domain admin account??? What gives? Is this Bill Gates' subtle way of trying to convince me to upgrade to XP server?

DETAILS:
On the XP Pro box I type:
net use lpt1: \\rms2k\printq_6
Response:
The Password is invalid for \\rms2k\printq_6
Enter user for 'rms2k': (I enter domain admin account... I've tried using fully qualified name and just the name)
Enter password for 'rms2k' (I enter the domain admin password)
Response:
System error 5 has occured
Access is denied.

Grrrrrrrrrr....

 

[BIGALINWALES]

Hey

I also have windows XP clients and a windows 2000 domain, I use the net use command to map printers with no problems at all. Below is an example of the command I use:

net use lpt2: \\sgrderfps001\fl3_comp /persistent:no

Silly question but have you checked the security of the Printers on the server? Make sure the users have access to the printers. A friend used to add the computer names to the printer security whereas i use the usergroups. If you add the computername to the security make sure the new XP machines names are there aswell.

Alex.

 

[mskennicutt]

I guess I should specify that the problem is only with lpt1:

I can map other ports that aren't currently in use, but I guess since the lpt1 port is by default pointing at the parallel port, only a local admin can alter it. I think it is a change from Windows 2000 where anyone can use net use to change port mappings.

 

[BIGALINWALES]

Is lpt1 assigned by something else before hand then???

Try this:
Open a Command prompt and type net use
this will tell you all of the mappings that you currently have. If the one holding lpt1 is not the one that you need then try this:
in the command prompt type net use /delete lpt1
That should remove whatever it is that is mapped to lpt1. All of my users are set as users and we have no problems with them mapping the ports.

 

[mtbiker]

I am having a similar issue, except I'm not using a server.
Is their a NET USE command to put lpt2 to an IP address of an HP Print server connected to a printer it's self?

I tried:
net use lpt2: \\xxx.xxx.xxx
no luck...

Must be a way to do this???

 

[BIGALINWALES]

Not sure you can do this one mtbiker, think you have to have a share name after the ip address, i can't see any other way around it im afraid.
How is the printer set up on the machines now? If you set it up on one machine then share it, you could then use
net use lpt2 \\computername\printerShareName
Worth a shot?!?

Alex

 

[ukjane]

Might be barking up the wrong tree here, but have you tried adding the Domain Users group into the Power Users local group on these XP machines. This is what I have done in the past to ensure that scripts run correctly.

 

[jonlutz]

I have the exact same problem. Did you ever find a solution?

 

[bcastner]

XP by default will not allow non-administrative users to map a printer to lpt1 if such a device exists physicly on the user machine.

There are several ways to work around this. Usually the user is concerned only with the printer names that appear in the application listing and is indifferent to the port that is mapped.

But the easiest workaround is to remember that once logged in to the server the Domain policies become effective and the local policies are overwritten. Using the following lines in the User login script will allow the mapping of lpt1 with the net use command:

net use lpt1 /delete
REM If you want to make an assigment now use the following:
net use lpt1 \\shareserver\printername /persistant:yes

For related problems with solving password problems with printer shares the following is helpful:

http://support.microsoft.com/?kbid=314073

 

[jonlutz]

you are correct I can use the net use command to set lpt2 however the workaround you gave, net use lpt1 /delete, doesn't help. It says "The network connection could not be found" and continues to ask me for a user name and password if I try to use "net use lpt1".
I am currently reading the article you recommended to see if there is help in it. Remember that my existing PC's work fine so there must be a registry entry or something related to this PC that is hanging me up.
Thanks for your response.

 

[BHP666]

I have the exact same issue. I have never really fixed it (that's why I am here) but I have used a crude work around in the mean time. When the user is logged in to the domain run cmd as either a domain admin or a local admin and do the old net use lpt1 \\whatever\printer /persistent:yes It will work for as long as the user leaves the computer turned on! They can log out just not turn it off. Really dumb and you will find yourself having to make a trip to their desk once in a while. Lets hope for a better fix we can live with. Bob

 

[bcastner]

jonlutz, BHP666:

Let me review my earlier post, as it appears my Domain settings for users makes my suggestion obviously non-working in your settings.

A more universal solution is then proposed.

First, the issue is that under XP non-administrators cannot net use lpt1 if there exists a physical port lpt1. This is by "design" according to Microsoft.

Second, the "trick" I suggested above still holds true in its principle: a printer redirection can successfully occur by make a change during the logon process using the login script feature. The principle is that Domain policies are then controlling, and the local policy setting can be overridden.

To make this "trick" universal to settings where users are not given Domain priviliges as printer operators, or just to simplify things, modify the user login script as follows:

. Download the Microsoft SDK tool Devcon.exe from Microsoft at this site:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;311272

Devcon.exe is a sort of command line Device Manager on steroids. Place this in an accessible directory to the user during login.

. Rewrite the user login script as follows:

REM remove local lpt1 assignments on client
REM *PNP0401 is the local lpt1 assignment
devcon disable *PNP0401

REM do the redirection to a network printer. Persistant is optional

net use lpt1: \\print servername\printername /persistant:yes

REM the client is now using a network printer on lpt1

 

[Jason84]

I'm having a very similiar problem but with any network share. I'm not running a domain controller, just using work groups. basicly I have a laptop which the cdrom has failed on me so I can't install any os unless it's on floppy. So I started to learn how to network from dos. After I enabled the pcmcia sockets and then go the network card recognized I can finally use net commands. I'm trying to connect to any of the shares on my win xp pro system but everytime I do I get the password is invalid for \\server\share type the password for \\server\share I enter the password for the account I'm trying to log in with and I get error 5 Access has been denied. Same thing if I try to do net view \\server.. I've went through the security policies and services and tried several usernames and even opened up my computer for a bit to everyone but still won't log in.. Please help.

 

[Jason84]

Another thing I've noticed. I have my security setup to disable an account after a certain amount of invalid log on attempts. So when I'm getting the access denied it is also locking out the account that I'm trying to sign in with after x amount of tries.

 

[bcastner]

I am not certain what security settings you applied as local policy, both through gpedit and NTFS permissions. It is entirely possible they have the unintended consequence of making the shares non-shareable.

However, there are some things to check:

. Do not make the sharename a $ share at creation;
. Consider using NTFS permissions rather than sharelevel passwords
. The following link has a longer discussion of the peculiarities of password protection on shares, and I think it may prove usefull to you: thread779-577525

 

[bcastner]

A small refinement in the batch/script technique from earlier:

To recap, under Windows XP non-administrators cannot net use lpt1 if there exists a physical port lpt1. This is by "design" according to Microsoft.
So, you need to remove this restriction.

. Download the Microsoft SDK tool Devcon.exe from Microsoft at this site:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;311272

Devcon.exe is a sort of command line Device Manager on steroids. Place this in an accessible directory to the user during login.

. Copy and paste the below into notepad, and give it a .CMD extension:


REM remove local lpt1 assignments on client
REM *PNP0401 is the local lpt1 assignment
devcon disable *PNP0401

REM do the redirection to a network printer. Persistant is optional
net use lpt1: \\printerserver\printername /persistant:yes

REM the client is now using a network printer on lpt1
REM a Dillinger99 trick to set the default attribute
rundll32 printui.dll,PrintUIEntry /in /n\\printerserver\printername /y

REM End of the batch file

 

[Jason84]

Thanks for the advice, unfortunately I have tried all of the above and still no go.. It seems to be OS specific. When My laptop had WIn XP on it, shares where fine. Nothing has changed on my desktop but trying to connect through dos just doesn't work.. With share level access I even tried adding every account on the computer and let the guest accounts settings apply to everyone and still couldn't. At this point I've just about gave up and I'm seeking a Laptop hdd to ide connector. Doesn't seem like I should have to spend money though when I though I have everything I needed. I even tried a DCC using laplink, and a few others and they will connect then start erroring.. So time to get the adapter and get back into a GUI.. Thanks anyway and if there is any more suggestion's please let me know cause I would still like to know the cause.

Jason Clark

http://cryodesignstudios.com

Coming Soon!

 

[bcastner]

Jason84,

I think you wanted to post in another thread...

 

[Envision]

OK guys... this may sound simple but I solved this problem. Since the issue is that you can't map LPT1 if the port exists, I logged in as administrator and simply disabled the port of the workstation. Then there is no conflict and everything works fine.

All the best.... hope this helps.

~Todd S. Knapp
Envision Technology Advisors

 

[bcastner]

Envision,

Using Device Manager is a non-starter in a Domain setting. Many users here support thousands of workstations.

I do not doubt your tip would work, but I fail to see the benefits of this solution rather than using Group Policy object features and scripting for the user at logon.

I can reverse the change by user, Group or whatever for thousands of workstations in moments. Sitting down at each console and using Device Manager at each workstation seems a horror show.

I am not trying to criticize your contribution, other than for its practical considerations.

To me using Device Manager and disabling devices was a non-starter for dealing with this issue.

Best.