Besides the obvious contention of whether its good to use different domain credentials to map drive letters, the PAN is doing exactly what its supposed to. The PAN Agent scrapes the security logs of domain controllers, of the userid and machine that successfully logon to the domain. If a user logs on a PC with domain\userid and then has runs a script using domain\otheruserid, then there would be two entries in the security logs and the latest one would be the one that is valid. I can think of a few ways to get around this, but it would be a pain and overall not a good option. One would be to use local machine credentials when mapping drive letters (which would not create logs on the DC) Another would be to extend the timeout to a length just enough so that once it determines credentials for a host, it won't check again for 8 hours.
... View more