Classroom and Lab Computing

UDrive: Connecting from Home or Office

8/7/09. Windows 7 needs another security setting to connect to PASS and UDrive, see Windows 7 below.
11/16/09. Windows 7 Kerberos encryption types updated for other services (reg file entry changed).

You can connect to the "U-drive" with your own computer and almost any kind of Internet connection. It isn't hard, and we have several levels of instructions.

Everyone: be sure to read Essential Information and Notes below

Experts: try the Quick Instructions below

Novices: we have details with many screen shots and comments for Windows 2000 and XP, but you probably want to try the MapPsuSpace program.

Unix users can use smbmount (the syntax of which varies greatly among versions). Mac OSX please see the Macs page.

Essential Information

Authentication

Beginning August 15, 2006, Access Account passwords were no longer automatically synchronized in the win.psu.edu domain. Instead, CLC lab and classroom users log into the Kerberos "realm" dce.psu.edu for access to resources in win.psu.edu. On July 7th, 2008, the PASS space was "kerberized" as well.

Home users or staff/faculty with computers not in a domain with a trust to dce.psu.edu will have to first set a registry key to define the dce.psu.edu "realm", and reboot. Thereafter, in the "Connect As" dialog use is dce.psu.edu\<userid> (where "<userid>" is your Access Account userid).

Alternatively, users may install the MapPsuSpace program, which does both steps.

If you do not wish to install that program, or you rather not map the UDrive as a letter but instead use the "UNC" directly, a "reg" file to set the registry is in this zip file if you have XP (see below for Windows 2000). The contents of that file are:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\dce.psu.edu]
"RealmFlags"=dword:00000008

A reboot is needed after making this registry change. A HostToRealm key was added on 3/3/08 for Vista SP1, but removed later when server patches made it unnecessary.

Windows 2000

Windows 2000 computers need an additional registry setting to specify the "KDC" servers. Please download this zip file instead of the one above and launch the reg file in it to do that. It will create a binary value "KdcNames" with the names of the servers. With Windows 2000 you probably have to reboot after setting that.

Windows 7

Besides the Kerberos domain key dce.psu.edu shown above, Windows 7 needs to be configured to allow two types of Kerberos encryption, one for the PASS space and one for the UDrive. You can set these either from the Local Security Policy utility or adding a single registry entry.

The registry entry is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
"SupportedEncryptionTypes"=dword:0000001D

You may download this zip file to set that and the dce.psu.edu realm described above. After launching the reg file in the zip, it looks like you don't have to reboot or anything; you should be able to connect to both PASS and UDrive.

Alternatively, you can open the Local Security Policy snap-in from the Administrative Tools menu (which by default isn't on the start menu; right-click the start button, pick properties, then Sart Menu tab, then Customize button, then scroll the options to near the bottom where you should find the "System administrative tools"). From the Local Security Policy window, under Security Settings, then Local Policies, then Secuirty Options, scroll the policy list until you find "Network security: Configure encryption types allowed for Kerberos". Double-click that and check DES_CBC_CRC (for PASS) and RC4_HMAC_MD5 (for UDrive). You may wish to check all the encryption types to avoid problems later. For example, AES256_HMAC_SHA1 was found to be needed for RDP to a Windows Server 2008 computer. (11/16 09: reg file changed to use 1D for Supported EncryptionTypes, to include DES_CBC_CRC, RC4_HMAC_MD5, AES128_HMAC_SHA1 and AES256_HMAC_SHA1.).

Network Drives

Network Path	Description
\\udrive.win.psu.edu\users	Primary connection for user files
\\ubackup.win.psu.edu\users	Online mirror; connect to this to get back a file from yesterday or the past 30 days

Note the "back-slashes" (\), not "forward-slashes" (/), which don't work.

Quick Instructions

Here are the quick steps for experienced users:

Set the dce.psu.edu registry entry and reboot (may not be needed for Vista or Windows 7).
If on a non-Penn State network, connect to PSU with VPN first.
If you have Windows 2000, or XP:
- From Windows Explorer, map \\udrive.win.psu.edu\users as U: using dce.psu.edu\xyz123 (where xyz123 is your Access Account userid) and your Access Account password.
- Details here.
If you have Windows 95, 98, or ME:
- Support for these obsolete operating systems has been discontinued.
You could save your own folder as a Favorite location so you don't have to navigate down to it every time.

Notes

You don't have to use U:; any letter is fine.
The online backup is at \\ubackup.win.psu.edu\users.
If you pick the "Reconnect at logon" in the "Map Network Drive" dialog, the drive will be automatically reconnected the next time you log on, but from a non-PSU network you will still need a VPN connection first.

© 2009, The Pennsylvania State University. All rights reserved.
This site maintained by the Classroom and Lab Computing group of Information Technology Services.
Suggestions and comments about this web site: CLC Webmasters; Other contacts here.

This page was last modified: 11/16/2009 2:26:51 PM.