Windows 7 logon script net use fails

Our network PCs currently consists of Windows XP Professional on a mixed 2008/2003 domain, with exception to one machine, which is a new Windows 7 PC we have bought for testing before we deploy the operating system. But we have discovered a problem with our logon script which automatically maps network drives for our users.

The logon scripts are done via User GPOs, but the script itself is just a .cmd file using net use.

The permissions are perfectly fine, as the same user can log on to a Windows XP machine and get their drives mapped without problem, but this one drive mapping constantly fails.

This is repeatable using the net use command, and fails every time - it actually prompts the user for a username and password when executed interactively, yet if we enter \\server\share from a run dialog, the contents of the network share appear and are accessible without any further authentication.

The Windows 7 PC (just like the XP systems) are domain members and the account being used is a domain account, which does have access to the share (as stated, it works fine on XP).

I fail to understand what is happening here, as other shares on the server get mapped on the Windows 7 system.

More info:

The effective permissions of the share in question only grant the user 'list' permission on the root directory, the share permissions are 'everyone,full control'. I've created a new share with the same permissions just to test if it was down to the 'list' permissions on the root directory, but the Windows 7 machine maps this one fine.

Edit: If I grant the user 'read' NTFS permission on the folder at the root of the share, then the share maps fine, but take away read (i.e. back to list only), then the drive mapping fails again. Unfortunately, granting 'read' at this level isn't an option.

Further Edit: (See my comment to ITHedgeHog's answer). This drive mapping is failing no matter how I try with what appears to be a simple 'access denied' error, however the strange this is that the user can browse the share if they type the UNC path into an explorer window. I think that this must be something to do with 'list folder' permission.

No, the user is not an administrator either on the PC or the domain. The user account is just a standard user account.

No disabling UAC isn't the long term answer, see the MS document.

Unfortunately the batch file still fails at the same point, in the same way.

Thanks. I had considered this, but I've also had a bad experience using these under Windows XP (very slow logons with Windows XP that turned out to be down to printer GPO preferences). I could of course restrict the policy using WMI filtering so that only Windows 7 clients pick up this policy, and continue as we do for Windows XP

You could restrict it through WMI, however our experiences have been good - it hasn't caused slow logins on XP Machines. Do you have a small group of XP Machines you could test the GPO on?

Having just tried this, Group Policy Results shows that the mapping of this share via GPO preferences is attempted, but returns with an error code of 0x80070005 (Access Denied?). All other mappings via GPO preferences work fine.

Were the drives mapped previously before applying the GPO? It may be worth disabling the GPO clearing the drive mappings that exist, rebooting the machine and then reapplying the GPO.