"NET USE" Command Not Working for Non-Admins in XP


Recommended Posts

We are starting to roll out Windows XP machines slowly to replace the Windows 2K machines. In the past we used a "NET USE LPT1 \\SERVERNAME\PRINTERSHARENAME" for one of our programs to be able to print properly.

On the first new machine this command needs to run on it kept asking me for a username and password (which it never did before) and when I typed in the users username and password it would give me a "Error 3, Access is denied" message. If I typed in a Local or a Domain Admin's information it worked fine.

I am pretty sure this is due to some new security restriction in Windows XP SP2 where the user has to be in the admin group in order to use this command. Is there any way to change this? Is there a security risk in changing this?

Link to comment
Share on other sites

Couldnt you look up the NET USE Command EXE probably in the System type folders and set it to Run as Admin each time. If you know what I mean like when you try install something it asks you to log in as adminstrator.

Link to comment
Share on other sites

We are starting to roll out Windows XP machines slowly to replace the Windows 2K machines.  In the past we used a "NET USE LPT1 \\SERVERNAME\PRINTERSHARENAME" for one of our programs to be able to print  properly.

On the first new machine this command needs to run on it kept asking me for a username and password (which it never did before) and when I typed in the users username and password it would give me a "Error 3, Access is denied" message.  If I typed in a Local or a Domain Admin's information it worked fine.

I am pretty sure this is due to some new security restriction in Windows XP SP2 where the user has to be  in the admin group in order to use this command.  Is there any way to change this?  Is there a security risk in changing this?

586633394[/snapback]

Use runas.exe to kick the batch files. That little .exe has saved me so much time at my job (Y)

http://www.microsoft.com/resources/documen...n-us/runas.mspx

Link to comment
Share on other sites

Can you browse the network and connect to the printer that way? It sounds like the permissions on the shared printer need to be checked.

586633466[/snapback]

The user can print to this printer without any issues out of normal Windows Programs. The program that needs the network printer mapped to a LPT port is about 20 years old... so you can imagine the headaches I have to deal with on this program.

Use runas.exe to kick the batch files. That little .exe has saved me so much time at my job (Y)

http://www.microsoft.com/resources/documen...n-us/runas.mspx

586633482[/snapback]

Wouldn't you need to specify a password with this as well? We don't want the user to be able to log on with Local Administrator rights.

Couldnt you look up the NET USE Command EXE probably in the System type folders and set it to Run as Admin each time. If you know what I mean like when you try install something it asks you to log in as adminstrator.

586633492[/snapback]

This may work out.. ill test and and let ya know.

Link to comment
Share on other sites

Wouldn't you need to specify a password with this as well?  We don't want the user to be able to log on with Local Administrator rights.

586633521[/snapback]

The idea of runas.exe is to keep users restricted in their security level while running certain instances of programs or system changes as the administrator. So just write your net use batch script and use runas.exe to run only that as the admin.

We use it to deploy new software using batch files, windows scripts and a little programming language called AutoIt. Keeps the users restricted while we catch them on domain login, run our stuff as admin, then just let the users continue on uninterrupted.

Link to comment
Share on other sites

The idea of runas.exe is to keep users restricted in their security level while running certain instances of programs or system changes as the administrator. So just write your net use batch script and use runas.exe to run only that as the admin.

We use it to deploy new software using batch files, windows scripts and a little programming language called AutoIt. Keeps the users restricted while we catch them on domain login, run our stuff as admin, then just let the users continue on uninterrupted.

586633561[/snapback]

This sounds like a very good tool but wouldn't it also pose a security risk? If I don't need to type in a password to run something as a local admin couldn't the user figure this out and install software he/she shouldn't be?

Link to comment
Share on other sites

This is a new security restriction. NET USE LPT1 does not work for restricted users. Use VBScript or Kixtart to accomplish this. As far as I know, this cannot be changed.

Link to comment
Share on other sites

  • 1 month later...

I started to build the new machines for the users today so I revisited this issue.

Since the users are only using Network printers I decided the easiest way to accomplish what I needed was to disable the LPT1 port in the Bios. After I disabled the port I booted into Windows and it remapped the port with no errors.

Thanks to everyone who helped!

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.