2013-12-12

Windows 7 - Fixing The Mapped Drive Credentials Problem

Ever since installing the Windows 7 RTM build, I have been unable to have that system automatically log on to an assigned mapped drive on my MacBook.
Until now.
The basic concept is that from Windows Explorer, you want to map a networked drive, and retain that mapped network drive so that it is persistent through multiple reboots and logins to that system. The problem is that the default installation of Windows 7 appears to support this feature (as happens quite seamlessly in XP), but in fact it doesn’t.
When you log on to a network volume and assign it as a mapped drive, there is a "Remember my credentials" checkbox on the login dialog. One would expect that this should add the login credentials to the Credentials Manager, so that the details are retained and you can automatically log in to that mapped drive the next (and every subsequent) time that you restart the Windows 7 system.
Entering credentials
Entering credentials
Why else would you want to check the “Remember my credentials” checkbox, right?
Unfortunately, that isn’t how it happened for me, and every time I rebooted the system, I would see a message balloon pop up in the taskbar, and the mapped drive would contain a red X through it, indicating that the drive mapping could not be re-established.
Mapped drive is not connected
Mapped drive is not connected
When I mapped the drive, this process had created a record in the Windows 7 Credential Manager, but this showed that the persistence of the login to the networked drive was just for the current session. This did not seem to me to be correct. Manually creating a record in the Credentials Manager also failed to rectify the problem.
credentials-manager
After quite a good deal of research, I discovered that the actual source of the problem has nothing to do with the Credentials Manager, but instead relates to how the default group policies for SMB shares are set up when Windows 7 is installed. The default value is that the relevant policy is left unset, and that creates this problem when you wish to automatically log in to some SMB shares. This of course is how OS X drives are seen by Windows when they are set as mapped drives within your system, and that is why this problem seems to occur.
Fixing the problem requires editing the group policies. Not a difficult task, but it does entail changing some registry settings. If you are not comfortable with doing getting your hands dirty in the registry, stop now, or find someone who can do this. And be sure that you back up your registry before you start. If you screw up your registry, you might not be able to restart and use your system, so consider yourself warned.
To edit the Group Policies, we need to run the Group Policy Editor program. Press the Windows and R keys together to bring up the Run Program dialog, and then, in the Run dialog, enter gpedit.msc and press the OK button.
After a few moments the Group Policies Editor will open.
In the Group Policies Editor, open each of the following items in turn:
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
Now, right-click on the “Network security: LAN Manager authentication level” policy item, and then, from the context (pop-up) menu, select “Properties”.
Now select the “Local Security Settings” tab, and then, in the dropdown box, locate and select “Send LM & NTLM – user NTLMv2 session security if negotiated”.
Now click the OK button, and then finally, you may close the Group Policies Editor window.
The problem should now be fixed, and your mapped drive logins should now be persistent through multiple reboots of the system.


Update:

1: GPE change "Network security: LAN Manager authentication level" from "undefined" to "Send LM & NTLM - user NTLMv2 session security if negotiated"

If you do not have access to GPE because you're not running pro, you can edit the appropriate registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
Key: LSA (Add if not exist)
Value Name: LMCompatibility (Add if not exist)
Data Type: REG_DWORD
Value: 1

2: Make sure you put a '\' before your username when you enter your different credentials for save. Otherwise Windows will append your current domain to it. IE: "myName" will become "localnet\myName" if you fail to save it as "\myName".

This is the weirdest, since the connection made when you complete the mapping does not use the domain in the different credential, but it is used when windows re-starts...