Windows Vista / Windows 7 & IBM iSeries IFS Mapped Drive

If you are using Windows Vista or Windows 7 and need to map a drive to an iSeries IFS directory you will need to follow the steps below:

  1. Open the Local Security Policy editor: Start Run secpopl.msc Ok
  2. If a User Account Control window appears, click [Continue].
  3. Expand Local Policies – Security Options
  4. Double-click  Network security: LAN Manager authentication level
  5. Change the value to Send LM & NTLM use NTLMv2 session security if negotiated



This is documented on IBMs website:

Another install-related issue concerns installing from the     
applied System i PTF.  Once the PTF is applied, you can install
this service pack or complete merged image from the network   
share called QIBM on your System i.  Accessing this share uses 
the LAN Manager component of Windows, and NetServer support   
on the System i.  In Windows Vista, Microsoft has changed the 
default negotiation method for such connections, so that, at   
this time, accessing shares on the System i may fail. One way 
to work around this problem is to change a policy setting on   
the PC.  This action requires administrator authority, and can 
be performed as follows:                                       
  1) Click Start, click All Programs, click Accessories, click 
     Run; then type "secpol.msc" (without the quotes) in the   
     Open text box, and click OK.                             
  2) If a User Account Control dialog box appears. verify that 
     the details shown match the request you initiated (you are
     starting the Microsoft Management Console), and if so,   
     click Continue.                                           
  3) From the Local Security Settings console tree, expand     
     Local Policies, then click Security Options.             
  4) In the right pane, scroll down to the setting called     
     "Network security: LAN Manager authentication level       
     Properties" and double-click it.                         
  5) Note the current value.  The default value at the time of 
     this writing is "Send NTLMv2 response only".  If the value
     is not as follows, change it to be:                       
     "Send LM & NTLM-use NTLMv2 session security if negotiated"
     then click OK, and exit the Local Security Settings       
     console. You should now be able to access network shares 
     on the System i.                                         
The last issue related to install has to do with installing   
from a network share.  Testing has shown that, in some cases, 
installing System i Access for Windows on a Windows Vista PC   
from a network share fails.  In such cases, copying the files 
from the network share to the PC’s local hard disk, then       
re-starting the installation from the local hard disk,         
completes successfully.                                       
Alternatively, you can map a drive to the network share in a   
Command Prompt box that was opened as administrator and start 
the installation from the mapped drive.                       
To open a Command Prompt box as administrator, click Start,   
then All Programs then Accessories, right-click the Command   
Prompt icon and choose Run as administrator. This action will 
prompt you to allow the Command Prompt program to run elevated.
At the Command Prompt, type in the following command to map the
network drive:                                                 
  net use X: \server_nameshare_name                         
where X: is the drive you want to map, server_name is the     
network server’s name and share_name is the name of the shared 
directory. If you are installing from a System i, you would   
type in                                                       
  net use X: \system_i_nameQIBM                             
Then change to the mapped drive in your Command Prompt box and 
run the setup program from there. If you are mapping a drive   
to the QIBM share of your System i, these are the steps you   
should follow for a 32-bit installation of System i Access     
for Windows V6R1:                                             
  cd ProdDataAccessWindowsImage32                           
If you are installing on AMD64 or on Itanium hardware use     
Image64a or Image64i instead.                                 
The cause of this failure is being investigated.

12 Responses

  1. Garth
    Garth at | | Reply

    Thank you! Since moving to Windows 7, mapping drives to iSeries shares, not just IFS, has been iffy at best. Sometimes I would have success, sometimes I would just get prompted for credentials again, and sometimes I would receive authority errors.

    In some cases, I could map as a super user but not as a regular user on one system but not another, even though the permissions were the same as far as I could tell.

    Since trying this fix, so far these sporadic, inconsistent failures have ceased. That’s what I get for looking for a solution on the iSeries when, of course, it is a Windows issue. Doh!

  2. Dean
    Dean at | | Reply


    I have tried the NTLM security change (applied via GPO to all PCs’) but still having some issues on new Windows 7 Enterprise PC’s in which I keep getting access denied if trying to map using either the windows explorer or net use command. Though strangely it works OK on my Windows 7 Professional PC. Beside being Professional or Enterprise I cannot see any other differences to stop this working! Have you come across any other solutions?

  3. Mitch Hall
    Mitch Hall at | | Reply

    Hi Stewart,

    I have a similar problem.

    I have one Windows user who can’t map a IFS drive regardless of what PC he logs onto the Windows network with. His credentials aren’t accepted. If he jumps on another PC he hits the same problem so I don’t think it’s any local windows policy.

    If we use another iSeries user credentials to authenticate when mapping the Windows Network drive to the IFS folder share it works and the drive is successfully mapped.

    Because we’re mapping Windows Network Drives to IFS Folder Shares all user’s have *IOSYSCFG authority.

    I checked and this iSeries user is not disabled in the i5/OS NetServer.

    I even granted the problem user all permissions to the IFS folders we’re creating the IFS Folder Shares over.

    Any idea what else I can lok at?

    Best Regards
    Mitch Hall

  4. John
    John at | | Reply

    I have recently faced same issue in Win 7 enterprise edition mapping through command line. Whenever i tried mapping a I-series IFS folder through explorer, it worked but when tried using windows command line command “Net use” won’t work all times. Sometime it worked and sometime it is not. So finally i found out the issue solved it.

    the wrong command usage: net use J: \\Iseries-name\sharefolder **** /user:hjen
    Here **** is password and hjen is user id. \\Iseries-name\sharefolder is mapping path to share folder.

    the mistake here is that by default, Iseries expects user id to be in capital letter. Also incase if your company uses proxy or gateway, you had to give machine name as domain name in addition to user id.

    The right usage: net use J: \\Iseries-name\sharefolder **** /user:Iseries-name\HJEN

    hope this helps someone and avoid spending unnecessary time.

  5. Luigi Baltieri
    Luigi Baltieri at | | Reply

    Great!! Many thanks Stewart

  6. Jean driscoll
    Jean driscoll at | | Reply

    Is there any security setting or TCP/IP access program that could be blocking access. I have tried everything in both of your posts and I’m still receiving the System Error 5.

Leave a Reply