How Authentication Works for Net Use Command

ID: Q149861

The information in this article applies to:
  • Microsoft Windows NT operating system version 3.1
  • Microsoft Windows NT Advanced Server
  • Microsoft Windows NT Workstation versions 3.5, 3.51, 4.0
  • Microsoft Windows NT Server versions 3.5, 3.51, 4.0
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

When you use the NET USE command to connect to a share on a server in a domain, the following authentication process verifications take place:
  • If the client's user name is in the domain's UAS account database, the passwords are compared. If the passwords match, access is allowed to the share. If the passwords do not match, an access denied message is returned.

    The behavior allows for backward compatibility with Windows for Workgroups and other clients. These clients do not pass the domain name to the Server.


  • If the client's user name does not match a user name in the domain's UAS, the domain controller checks to see if the client's domain is listed in its trust list. If the client's domain name is on the target domain's trust list, the domain controller communicates with the other domain to see if the client's user account and password are valid. If so, access is allowed to the share. If not, an access denied message is returned.


Additional query words: prodnt

Keywords : kbother ntsecurity NTSrvWkst
Version : :; WINDOWS:2000; winnt:3.5,3.51,4.0
Platform : WINDOWS winnt
Issue type :


Last Reviewed: January 25, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.