mapped share on student session timing out

Discussion in 'Server Security' started by B. Meincke, Oct 21, 2004.

  1. B. Meincke

    B. Meincke Guest

    I work with a client server network where a kix script maps a shared folder
    on our server to students at login. This mapped drive functions nicely for a
    time ater which it becomes unavailable to the user. To regain access, I have
    to disconnect the share, remap it and have the student provide their password
    to reconnect. Not user friendly in a learning environment!!!

    I'm fairly sure this is a security setting issue, but, if not, please
    forgive the misdirected posting!

    I have tried seaching Active Directory for the setting that could be timing
    out the mapped share and can't seem to find anything. Could someone please
    point me in the right direction?

    Thanks.
     
    B. Meincke, Oct 21, 2004
    #1
    1. Advertisements

  2. The setting to manage the idle period timeout for a share is in the
    appropriate security policy of the computer offering the share. If not a
    domain controller, look in Local Security policy in security settings/local
    policies/security options - amount of idle time before disconnecting
    session. By default it is 15 minutes. If your server is Windows 2003 and the
    clients are XP Pro or W98 it may help to disable the security option for
    Microsoft network server:digitally sign communications(always). --- Steve

    http://www.jsiinc.com/SUBL/tip5800/rh5874.htm -- more info on XP and smb
    signing.
    http://support.microsoft.com/kb/810907 -- how to get hotfix.
     
    Steven L Umbach, Oct 22, 2004
    #2
    1. Advertisements

  3. B. Meincke

    B. Meincke Guest

    Thanks for your reply Steve. The server is a domain controller (2000 Server)
    but I am afraid I don't know what you mean by "the appropriate security
    policy of the computer offering the share." Could you please be more specific?

    Thanks
     
    B. Meincke, Oct 23, 2004
    #3
  4. Security policy can be applied at the local, domain, Organizational Unit, or
    domain controller container level depending on the location of the computer.
    Local policy may work unless a domain/OU/domain controller policy is
    overriding the local policy. For domain controllers, you can use Domain
    Controller Security Policy if you want to implement a security policy change
    on all domain controllers or for that particular security option you could
    configure in the Local Security Policy of the domain controller. After a
    policy refresh via secedit /refreshpolicy machine_policy /enforce you want
    to make sure it shows as the "effective" setting in Local Security
    olicy. --- Steve
     
    Steven L Umbach, Oct 23, 2004
    #4
  5. B. Meincke

    B. Meincke Guest

    Hi and thanks again, Steve.

    I guess I might be a bit outside my own learning curve here. I was kind of
    hoping a description of my symptoms would lead you to say, "Oh yes, I know
    which policy it is that is causing the situation you describe, and here is
    where to go in your server's settings to fix it."

    I understand that the client's local security pollicy is overridden by that
    of a server, etc, and I don't think the trouble here is a client setting but
    a server setting as it seems to be universal to all clients. I have opened
    the AD Server Security snap-in and had a look through the policy settings
    there and I don't see anything that resembles a timeout set to about an
    hour's worth.

    Could you tell me specifically where to look in AD or Terminal Services, etc
    for what you suspect might be the culprit setting?
     
    B. Meincke, Oct 25, 2004
    #5
  6. If it is a domain controller open Domain Controller Security Policy and if
    it is not a domain controller open Local Security Policy on the server via
    secpol.msc. In either case go to security settings/local policies/security
    options and try increasing the time from the default 15 minutes on the
    option for " amount of idle time required before disconnecting a session ".
    This may not fix your problem but is worth a try. If the computers in
    question are XP Pro, see the second link below on disabling smb signing
    which may also help or get the hotfix from Microsoft [free] for that
    problem.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/563.asp
    http://www.jsiinc.com/SUBL/tip5800/rh5874.htm
    http://support.microsoft.com/kb/810907 -- info on the hotfix.
     
    Steven L Umbach, Oct 26, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.