Sry its at work but trust me the same exact batch works on NT I think I am getting close with this
When a network connection is made with NET USE /USER:'Domain\Auser', the redirector sends an Server Message Block (SMB) frame "C Session setup" to the server in order to validate the credentials of "Domain\Auser." The server creates an access token for this user and replies to the redirector with an SMB frame "R Session setup" including a user ID that will be used in all consecutive SMB frames related to the connection.
NET USE X: \\ASERVER\SHARE /USER 😀OMAIN\Auser
The drive X: is mapped to \\ASERVER\SHARE and can only be used by processes which have validated the credentials of DOMAIN\AUser. Therefore only the following processes can access the network drive X:
but in win2003 by default it demands SMB
so by going this way
Workaround for SMB signing
If Windows NT 4.0-based clients do not have Windows NT 4.0 Service Pack 6 (SP6) installed or if Windows 95,98, 98SE-based clients do not have the Directory Service Client installed, you can disable SMB signing in the default domain controller's policy setting on the domain controller's OU and then link this policy to all OUs that host domain controllers. We recommend that you install Service Pack 6a (SP6a) on Windows NT 4.0 clients that interoperate in a Windows Server 2003-based domain. Windows 98 Second Edition, Windows 98 and Windows 95 clients must run the Directory Services Client to perform NTLMv2.
The Directory Services Client for Windows 98 Second Edition, Windows 98 and Windows 95 will perform SMB Signing with Windows 2003 servers under NTLM authentication, but not under NTLMv2 authentication. Additionally, Windows 2000 servers will not respond to SMB Signing requests from these clients.
Although Microsoft does not recommend it, you can prevent SMB signing from being required on all domain controllers that run Windows Server 2003 in a domain. To configure this security setting, follow these steps: 1.Open the default domain controller's policy.2.Open the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder.3.Locate and then click the Microsoft network server: Digitally sign communications (always) policy setting, and then click Disabled.
I might be onto something also there is talk about the group policy editor I might need to fiddle in there ... but Monday I will post the .bat either way
