none
A way to stop Windows from triyng to connect to mapped drives on user logon RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    5
    Sign in to vote

    Hello folks,

    we are deploying a multifactor authentication (MFA) product in our environment. Some of our users do have WebDAV mapped drives against a Sharepoint Server 2019 OnPremise.

    When uers logon to their profiles Windows actually tires to connect to those WebDAV mapped dirves. At this point user has still not been granted acces as access is granted once MFA is completed and this must be done accessing Sharepoint through a web browser.

    This fact generates lots of unsuccesfull access attempts in the MFA. Is there a way to stop Windows from triyng to connect (to send credentials) to mapped drives on user logon?

    Kindly appreciate your help,

    Best regards.

    Tuesday, August 23, 2022 10:03 AM
    |

All replies

  • Question
    Sign in to vote
    2
    Sign in to vote
    The simplest solution is changing how you map your drives away from a GPO configuration to a powershell script that has a triggered delay.
    Wednesday, August 24, 2022 5:12 PM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote

    This is a good option, thanks for pointing it out.

    But this would mean assuming there is no such flag to instruct Windows to avoid it's default behaviour.

    Wednesday, August 24, 2022 7:47 PM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote
    It will probably finish booting to the desktop, it will just take a while, as you are waiting for each mapped drive's time-out period to lapse before Explorer will finish loading. 
    Wednesday, September 7, 2022 4:56 PM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote

    There is no long wait for explorer to open. User does not feel the issue.

    Friday, September 9, 2022 9:39 AM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote
    The reason you can use this command is because the script works in a way that it will only run when a user logs on (so it won't run when you reboot your machine). This means that if you have mapped drives that are not necessarily used every time you log on, then once your computer starts up again, Windows will try to reconnect to those mapped drives.
    Monday, September 26, 2022 11:59 AM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote

    Navigate to the following location in the Registry. On the right side, double-click on “RestoreConnection“. If this value doesn't exist, right-click the “NetworkProvider” folder, then choose “New” > “DWORD Value“. Give “RestoreConnection” one of the values of “0” to disable the mapped network drive message.

    Regards,

    Rachel Gomez

    Friday, December 23, 2022 6:46 AM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote
    There are a few different ways you can prevent Windows from trying to connect to the WebDAV mapped drives on user logon when using MFA:

    Disconnect the mapped drives: You can use a logon script or a Group Policy Object (GPO) to disconnect the mapped drives when the user logs on. This can be done using the net use command in a logon script.

    Disable the WebClient service: The WebClient service is responsible for managing WebDAV connections on Windows. You can use a logon script or GPO to disable this service on the client computers.

    Delay the drive mapping: You can configure the logon script or GPO to delay the drive mapping until after the MFA process is complete. This can be done using the "net use" command with the "/persistent:no" option and a delay.

    Use a script to check if the user has been granted access before trying to connect the mapped drive: You can use a script to check if the user has been granted access before trying to connect to the mapped drive. If the user has not been granted access, the script can prevent Windows from trying to connect.

    Configure a conditional access policy: You can use Azure Conditional Access to ensure that the user must complete MFA before they can access SharePoint.

    It's important to note that the above solutions may not work for all environments and it depends on the specific implementation of the MFA product and the WebDAV mappings.

    You may need to test different approaches and find what works best for your environment.

    Best of luck.
    Thursday, January 12, 2023 4:04 PM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote
    I will have to try one of the last options because I myself faced a similar problem.
    Friday, January 13, 2023 8:35 PM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hello Txalamar, 

    You can do this with group policy's 

    Go to Computer Configuration > Administrative Templates > System > Logon.
    Locate the policy setting "Always wait for the network at computer startup and logon.

    Double-click the policy setting and select "Enabled".

    Click OK to save the changes

    Hope this helps.

    Update: Something you should also know is that once enabled a delay in the logon process may be caused by this, so it might be important to communicate that as well

    Or you could use a script like this 

    Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "WaitForNetwork" -Type DWORD -Value 1



    • Edited by Noobus96 Monday, February 6, 2023 10:34 PM
    Monday, February 6, 2023 10:21 PM
    |