net use on named user failed when running under SYSTEM account

In W2K3, I created a scheduled task to run shell script containing net use
command with named credential:
net use \\server\drive /user:domain\user <password>
The scheduled task runs fine under a domain account but failed when running
under builtin SYSTEM account (note this is the acct defined in scheduled
task, not what specified in the above command).
Any clue?

--
Fred

The OS maintains the password for SYSTEM. I'm not sure how you would even
get the password to put it into the batch file. Best practice is to use a
service account (a regular user account with specific rights and
permissions) that you set up specially for a particular task. You shouldn't
try to use SYSTEM, Administrator, or any users' account.

--
Thank you,
Mel K.
MCSA: M

"fw" <> wrote in message
news:138332CA-EDEA-4214-8E5D-...
> In W2K3, I created a scheduled task to run shell script containing net use
> command with named credential:
> net use \\server\drive /user:domain\user <password>
> The scheduled task runs fine under a domain account but failed when
> running
> under builtin SYSTEM account (note this is the acct defined in scheduled
> task, not what specified in the above command).
> Any clue?
>
> --
> Fred

Hello fw,

For scheduled tasks use a domain user account, set a long strong password,
which never expires. If some problems occur with running the task, check
the logfile from task scheduler, to see if additional permissions are needed.

The password change once a year and do NOT use the account it for normal
logons.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> In W2K3, I created a scheduled task to run shell script containing net
> use
> command with named credential:
> net use \\server\drive /user:domain\user <password>
> The scheduled task runs fine under a domain account but failed when
> running
> under builtin SYSTEM account (note this is the acct defined in
> scheduled
> task, not what specified in the above command).
> Any clue?

As I mentioned the account in question is not what in batch file, but what
specified in scheduled task to run as.

--
Fred


"Mel K." wrote:

> The OS maintains the password for SYSTEM. I'm not sure how you would even
> get the password to put it into the batch file. Best practice is to use a
> service account (a regular user account with specific rights and
> permissions) that you set up specially for a particular task. You shouldn't
> try to use SYSTEM, Administrator, or any users' account.
>
> --
> Thank you,
> Mel K.
> MCSA: M
>
> "fw" <> wrote in message
> news:138332CA-EDEA-4214-8E5D-...
> > In W2K3, I created a scheduled task to run shell script containing net use
> > command with named credential:
> > net use \\server\drive /user:domain\user <password>
> > The scheduled task runs fine under a domain account but failed when
> > running
> > under builtin SYSTEM account (note this is the acct defined in scheduled
> > task, not what specified in the above command).
> > Any clue?
> >
> > --
> > Fred
>
>
>

I don't understand, the account used in "run as" in the task itself requires
a password. So how did you get the SYSTEM password? As far as I know, there
is no way to get the SYSTEM password. You should create an account for this
task, and use it in the scheduled task, not in the batch file since it's
clear text in the batch file. You should set this up as Meinolf and I
suggest because the way you are trying to do it is not the proper way to do
it, for the reasons we mentioned.

--
Thank you,
Mel K.
MCSA: M
"fw" <> wrote in message
news:F4FF774F-55FB-4771-B07B-...
> As I mentioned the account in question is not what in batch file, but what
> specified in scheduled task to run as.
>
> --
> Fred
>
>
> "Mel K." wrote:
>
>> The OS maintains the password for SYSTEM. I'm not sure how you would even
>> get the password to put it into the batch file. Best practice is to use a
>> service account (a regular user account with specific rights and
>> permissions) that you set up specially for a particular task. You
>> shouldn't
>> try to use SYSTEM, Administrator, or any users' account.
>>
>> --
>> Thank you,
>> Mel K.
>> MCSA: M
>>
>> "fw" <> wrote in message
>> news:138332CA-EDEA-4214-8E5D-...
>> > In W2K3, I created a scheduled task to run shell script containing net
>> > use
>> > command with named credential:
>> > net use \\server\drive /user:domain\user <password>
>> > The scheduled task runs fine under a domain account but failed when
>> > running
>> > under builtin SYSTEM account (note this is the acct defined in
>> > scheduled
>> > task, not what specified in the above command).
>> > Any clue?
>> >
>> > --
>> > Fred
>>
>>
>>

"Mel K." <> wrote in message news:OXCN%...
>I don't understand, the account used in "run as" in the task itself requires
> a password. So how did you get the SYSTEM password? As far as I know, there
> is no way to get the SYSTEM password. You should create an account for this
> task, and use it in the scheduled task, not in the batch file since it's
> clear text in the batch file. You should set this up as Meinolf and I
> suggest because the way you are trying to do it is not the proper way to do
> it, for the reasons we mentioned.
>

I think he is saying after he created the batch file, then created the task to run the batch file, in the task properties, he has set it to run it using the System account, not the account name specified in the batch file itself, nor a "RunAs".

In Tasks, I noticed since I've installed Google Earth, that there is a GoogleUpdater task that was created by the installation. Looking in properties, it uses the System account to run the task.

As for the OP, I think possibly that the System account may not be in the resource's (shared drive) ACL when trying to map the drive in the batch file:
net use \\server\drive /user:domain\user <password>

But I have no idea what the perms are in that share.

Now if I am wrong, I apologize, and maybe the OP can restate or elaborate on the scenario.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

The Net Use command will not run as a scheduled taks. I believe you have to
call that within the CMD command. I forget if it is with a /c or /k but it
should go something like:

cmd /c "net use \\server\share /user:domain\username <password>"
or
cmd /k "net use \\server\share /user:domain\username <password>"

"Ace Fekay [MCT]" <> wrote in message
news:%...
"Mel K." <> wrote in message
news:OXCN%...
>I don't understand, the account used in "run as" in the task itself
>requires
> a password. So how did you get the SYSTEM password? As far as I know,
> there
> is no way to get the SYSTEM password. You should create an account for
> this
> task, and use it in the scheduled task, not in the batch file since it's
> clear text in the batch file. You should set this up as Meinolf and I
> suggest because the way you are trying to do it is not the proper way to
> do
> it, for the reasons we mentioned.
>

I think he is saying after he created the batch file, then created the task
to run the batch file, in the task properties, he has set it to run it using
the System account, not the account name specified in the batch file itself,
nor a "RunAs".

In Tasks, I noticed since I've installed Google Earth, that there is a
GoogleUpdater task that was created by the installation. Looking in
properties, it uses the System account to run the task.

As for the OP, I think possibly that the System account may not be in the
resource's (shared drive) ACL when trying to map the drive in the batch
file:
net use \\server\drive /user:domain\user <password>

But I have no idea what the perms are in that share.

Now if I am wrong, I apologize, and maybe the OP can restate or elaborate on
the scenario.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

I've always found that doing this results in the password being 'forgotten'
by the system some months later.

The problems with NET USE not working under a scheduled task relate to
Microsoft's ill thought-out decision to make network connections 'userized'
in XP/2003, whereas in 2000 they were system properties. This has the
consequence that services have all sorts of problems with accessing network
resources.

My solution is to use autologon, and run all processes that require network
access (e.g. NAS backup) as standard processes instead of services. This is
not ideal from a security POV but it's better than the alternative of having
the backup fail through password problems.

IMHO, Microsoft need to rethink this arrangement.

"Meinolf Weber [MVP-DS]" wrote:

> Hello fw,
>
> For scheduled tasks use a domain user account, set a long strong password,
> which never expires. If some problems occur with running the task, check
> the logfile from task scheduler, to see if additional permissions are needed.
>

"JN" <> wrote in message
news:%...
> The Net Use command will not run as a scheduled taks. I believe you have
> to call that within the CMD command. I forget if it is with a /c or /k
> but it should go something like:
>
> cmd /c "net use \\server\share /user:domain\username <password>"
> or
> cmd /k "net use \\server\share /user:domain\username <password>"

Hi JN,

That would definitely be with the /c switch.

:-)

Ace

"Anteaus" <> wrote in message
news:920ADAE2-6C3B-4088-9A6D-...
>
> I've always found that doing this results in the password being
> 'forgotten'
> by the system some months later.
>
> The problems with NET USE not working under a scheduled task relate to
> Microsoft's ill thought-out decision to make network connections
> 'userized'
> in XP/2003, whereas in 2000 they were system properties. This has the
> consequence that services have all sorts of problems with accessing
> network
> resources.
>
> My solution is to use autologon, and run all processes that require
> network
> access (e.g. NAS backup) as standard processes instead of services. This
> is
> not ideal from a security POV but it's better than the alternative of
> having
> the backup fail through password problems.
>
> IMHO, Microsoft need to rethink this arrangement.
>

I believe it was done with security in mind, at least thinking why we
wouldn't want a mapped drive if run in a task, to be available for anyone
that logs on, and rely on logon scripts using conditions, such as group
membership, to control which UNCs get mapped.

Ace