I put a ‘net use’ command in a logon script for a client today, and the drive refused to appear. So I executed the offending line and saw the following error:
Protected By Authentication Firewall
System error 1935 has occurred
The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer.
This is a very specific error and it generally occurs when you are trying to access a resource in another forest. In this case the trust relationship has been configured with selective authentication. You need to specifically give your account “Allow to Authenticate” rights on the resource.
This error is seen because the user, (or group the user is a member of), has been granted the correct rights to access the share. BUT the share is in another domain, and even though that domain trusts the one the user is coming from, the trust was set up with ‘selective authentication’.
Go to the domain that’s providing the share, log into a domain controller > Open ‘Active Directory Users and Computers’ > View > Advanced Features > Locate the COMPUTER you are trying to authenticate TO > Properties > Security > Add in the user (or group) that requires access > Grant the “Allowed to authenticate” right > Apply > OK.