the NUL was a good idea, but didn't work(I tried both > and <). I discovered that NET TIME would fail if id/password were incorrect, so I'm using that for validation:
@echo off
rem this script confirms the user entered valid id/password
rem if invalid, it restarts windows
rem else it maps the required network drives
rem set time, if it fails then userid/password is invalid
net time \\\\server /set /yes
if errorlevel 1 goto LogOff
rem clear any existing drive mappings
net use * /delete /y
rem map label drives
net use K: \\\\server\\apps /yes
net use O: \\\\server\\labels /yes
rem test that drives mapped OK
if not exist K: goto LogOff
if not exist O: goto LogOff
exit
:Logoff
echo "Password was wrong, restarting Windows"
rundll32.exe shell32.dll,SHExitWindowsEx 6
I also had to change the last parameter in the rundll32 line from 4 to 6. 4 does a logoff while 6 does a reboot. Logoff seems like it would make more sense, but it wasn't doing a true logoff. The logon prompt would show up, but the rest of the desktop remained and the user could cancel it w/out the script running again.
I'm off to San Antonio(had a busy half day) so I'll see y'all next week.