Re: Resolving shares with Win XP Pro

Re: Resolving shares with Win XP Pro: Posted by Chuck on September 25th, 2005; On Fri, 23 Sep 2005 17:24:33 +1000, "TonyG" <tgilbert @ ozemail.com.au> wrote:

>"Chuck" <none@example.net> wrote in message
>news:6460j195t2qa33g0dvvml0pu3vaig4nrvo@4ax.com.. .
>> On Tue, 20 Sep 2005 17:49:46 +1000, "TonyG" <tgilbert @ ozemail.com.au>
>> wrote:
>>
>>>> Tony,
>>>>
>>>> These items are relevant to visibility in Network Neighborhood
>>>> (browsing):
>>>> add Netbios over TCP/IP
>>>> ensure a single master browser
>>>> set registry key RestrictAnonymous to '0'
>>>> check for hidden enumeration parameter
>>>> cleaned up the protocol stack
>>>> disabled Windows firewall entirely (no other firewalls)
>>>>
>>>> These are not relevant to browsing:
>>>> disable simple file sharing
>>>> ensures shares have access by 'Everyone'
>>>> common username/password on all three PCs
>>>> enable the Guest account
>>>> even tried adding NETBEUI to the three machines
>>>>
>>>> Here is one very interesting symptom:
>>>> PC1 - BROWSTAT
>>>> Master browser name is: PENTIUM4
>>>> There are 0 servers in domain TONY on transport
>>>> \Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>> There are 0 servers in domain TONY on transport
>>>> \Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>>
>>>> BROWSTAT for PC2
>>>> Master browser name is: PENTIUM4
>>>> There are 0 servers in domain TONY on transport
>>>> \Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
>>>>
>>>> Why "0 servers"? Do you have File and Printer Sharing properly bound
>>>> under
>>>> NetBIOS Over TCP/IP, and is the Server service started, on both
>>>> computers?
>>>> <http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#Components>
>>>>
>>>> Check for LSP / Winsock corruption:
>>>> <http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html>
>>>>
>>>> If that doesn't help, try running the Network Setup wizard, and make the
>>>> appropriate selection for Internet access.
>>
>>>Hi Chuck,
>>>
>>>Thanks for the tips. The browser service was active on all PCs originally.
>>>I
>>>have since disabled it on PC2 and PC3 to see if that helps resolve master
>>>browser conflicts. I read the article about browser conflicts (that's
>>>where
>>>I got Browstat.exe from) and worked through its suggestions. A new
>>>browstat
>>>report for PC1 is included below.
>>>
>>>I also tried repairing Winsock. That caused all sorts of grief, requiring
>>>me
>>>to uninstall the network connections and reinstall them completely. That's
>>>why you'll see my workgroup is now MSHOME.
>>>
>>>I have tried running the network setup wizard a number of times on all
>>>three
>>>computers, but it doesn't seem to help at all.
>>>
>>>Any thoughts on my request about how to directly compare security settings
>>>on the two XP Pro machines? Is there a way to print all security settings?
>>>And is there any difference created in the security when one of the
>>>machines
>>>runs ICS?
>>>
>>>Thanks, Tony
>>>
>>>Status for domain MSHOME on transport
>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>> Browsing is active on domain.
>>> Master browser name is: PENTIUM4
>>> Master browser is running build 2600
>>> 1 backup servers retrieved from master PENTIUM4
>>> \\PENTIUM4
>>> There are 2 servers in domain MSHOME on transport
>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>> There are 1 domains in domain MSHOME on transport
>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>
>>>
>>>Status for domain MSHOME on transport
>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>> Browsing is active on domain.
>>> Master browser name is: PENTIUM4
>>> Master browser is running build 2600
>>> 1 backup servers retrieved from master PENTIUM4
>>> \\PENTIUM4
>>> There are 2 servers in domain MSHOME on transport
>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>> There are 1 domains in domain MSHOME on transport
>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>
>> Tony,
>>
>> Well, apparently something you did resolved the problem with PC1, which
>> went
>> from "0 servers in domain" to "2 servers in domain". Any idea what? That
>> could
>> be relevant in resolving the problem. What results do you see on the
>> other
>> computers?
>>
>> Sorry that the LSP / Winsock repairs was so painful. It's not a clean
>> solution,
>> and when necessary, I recommend it after everything else has been tried to
>> no
>> avail.
>>
>> The Network Setup Wizard is not much of a magic bullet. It loads network
>> drivers (which only has to be done once), then makes network settings that
>> affect Internet access. If you run it once, and there's still a problem
>> with
>> file sharing, chances are that running it again won't help a lot.
>>
>> If you're still having problems, it may involve security settings, or it
>> may
>> not. I recommend that we verify everything else is working first. Please
>> provide updated "browstat status" and "ipconfig /all" from each computer.
>> We'll
>> run CDiag next.
>> <http://nitecruzr.blogspot.com/2005/05/using-cdiag-without-assistance.html>
>>
>> With regard to ICS, that's basically a software NAT router. ICS affects
>> file
>> sharing only when it affect connectivity between the computers - using ICS
>> should have no effect on security settings.

>Hi Chuck
>
>Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
>for my network?
>
>Tony

Tony,

I've checked 6 of my email accounts, and none have any email from you. As long
as you're not sending anything titled for instance "Re: [6]" or similar. ;(

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.; Posted by TonyG on September 26th, 2005; Hi Chuck

I checked the address and I did make a mistake. It has now been resent to
the address at the bottom of your signature block and has the same subject
line as this post. The attachments are all TXT files. If this gives you a
problem, let me know - I could send them as PDFs if you prefer.

Thanks again,

Tony

"Chuck" <none@example.net> wrote in message
news:mn0cj11dmmjjpqvolh036odfbcnd0aurmo@4ax.com...
> On Fri, 23 Sep 2005 17:24:33 +1000, "TonyG" <tgilbert @ ozemail.com.au>
> wrote:
>
>>"Chuck" <none@example.net> wrote in message
>>news:6460j195t2qa33g0dvvml0pu3vaig4nrvo@4ax.com. ..
>>> On Tue, 20 Sep 2005 17:49:46 +1000, "TonyG" <tgilbert @ ozemail.com.au>
>>> wrote:
>>>
>>>>> Tony,
>>>>>
>>>>> These items are relevant to visibility in Network Neighborhood
>>>>> (browsing):
>>>>> add Netbios over TCP/IP
>>>>> ensure a single master browser
>>>>> set registry key RestrictAnonymous to '0'
>>>>> check for hidden enumeration parameter
>>>>> cleaned up the protocol stack
>>>>> disabled Windows firewall entirely (no other firewalls)
>>>>>
>>>>> These are not relevant to browsing:
>>>>> disable simple file sharing
>>>>> ensures shares have access by 'Everyone'
>>>>> common username/password on all three PCs
>>>>> enable the Guest account
>>>>> even tried adding NETBEUI to the three machines
>>>>>
>>>>> Here is one very interesting symptom:
>>>>> PC1 - BROWSTAT
>>>>> Master browser name is: PENTIUM4
>>>>> There are 0 servers in domain TONY on transport
>>>>> \Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>>> There are 0 servers in domain TONY on transport
>>>>> \Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>>>
>>>>> BROWSTAT for PC2
>>>>> Master browser name is: PENTIUM4
>>>>> There are 0 servers in domain TONY on transport
>>>>> \Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
>>>>>
>>>>> Why "0 servers"? Do you have File and Printer Sharing properly bound
>>>>> under
>>>>> NetBIOS Over TCP/IP, and is the Server service started, on both
>>>>> computers?
>>>>> <http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#Components>
>>>>>
>>>>> Check for LSP / Winsock corruption:
>>>>> <http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html>
>>>>>
>>>>> If that doesn't help, try running the Network Setup wizard, and make
>>>>> the
>>>>> appropriate selection for Internet access.
>>>
>>>>Hi Chuck,
>>>>
>>>>Thanks for the tips. The browser service was active on all PCs
>>>>originally.
>>>>I
>>>>have since disabled it on PC2 and PC3 to see if that helps resolve
>>>>master
>>>>browser conflicts. I read the article about browser conflicts (that's
>>>>where
>>>>I got Browstat.exe from) and worked through its suggestions. A new
>>>>browstat
>>>>report for PC1 is included below.
>>>>
>>>>I also tried repairing Winsock. That caused all sorts of grief,
>>>>requiring
>>>>me
>>>>to uninstall the network connections and reinstall them completely.
>>>>That's
>>>>why you'll see my workgroup is now MSHOME.
>>>>
>>>>I have tried running the network setup wizard a number of times on all
>>>>three
>>>>computers, but it doesn't seem to help at all.
>>>>
>>>>Any thoughts on my request about how to directly compare security
>>>>settings
>>>>on the two XP Pro machines? Is there a way to print all security
>>>>settings?
>>>>And is there any difference created in the security when one of the
>>>>machines
>>>>runs ICS?
>>>>
>>>>Thanks, Tony
>>>>
>>>>Status for domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>> Browsing is active on domain.
>>>> Master browser name is: PENTIUM4
>>>> Master browser is running build 2600
>>>> 1 backup servers retrieved from master PENTIUM4
>>>> \\PENTIUM4
>>>> There are 2 servers in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>> There are 1 domains in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>>
>>>>
>>>>Status for domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>> Browsing is active on domain.
>>>> Master browser name is: PENTIUM4
>>>> Master browser is running build 2600
>>>> 1 backup servers retrieved from master PENTIUM4
>>>> \\PENTIUM4
>>>> There are 2 servers in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>> There are 1 domains in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>
>>> Tony,
>>>
>>> Well, apparently something you did resolved the problem with PC1, which
>>> went
>>> from "0 servers in domain" to "2 servers in domain". Any idea what?
>>> That
>>> could
>>> be relevant in resolving the problem. What results do you see on the
>>> other
>>> computers?
>>>
>>> Sorry that the LSP / Winsock repairs was so painful. It's not a clean
>>> solution,
>>> and when necessary, I recommend it after everything else has been tried
>>> to
>>> no
>>> avail.
>>>
>>> The Network Setup Wizard is not much of a magic bullet. It loads
>>> network
>>> drivers (which only has to be done once), then makes network settings
>>> that
>>> affect Internet access. If you run it once, and there's still a problem
>>> with
>>> file sharing, chances are that running it again won't help a lot.
>>>
>>> If you're still having problems, it may involve security settings, or it
>>> may
>>> not. I recommend that we verify everything else is working first.
>>> Please
>>> provide updated "browstat status" and "ipconfig /all" from each
>>> computer.
>>> We'll
>>> run CDiag next.
>>> <http://nitecruzr.blogspot.com/2005/05/using-cdiag-without-assistance.html>
>>>
>>> With regard to ICS, that's basically a software NAT router. ICS affects
>>> file
>>> sharing only when it affect connectivity between the computers - using
>>> ICS
>>> should have no effect on security settings.
>
>>Hi Chuck
>>
>>Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
>>for my network?
>>
>>Tony
>
> Tony,
>
> I've checked 6 of my email accounts, and none have any email from you. As
> long
> as you're not sending anything titled for instance "Re: [6]" or similar.
> ;(
>
> --
> Cheers,
> Chuck, MS-MVP [Windows - Networking]
> http://nitecruzr.blogspot.com/
> Paranoia is not a problem, when it's a normal response from experience.
> My email is AT DOT
> actual address pchuck mvps org.; Posted by TonyG on September 26th, 2005; Hi Chuck,

FYI, I continued my probing into this problem by directly comparing, line
for line, the security settings on PC1 and PC2 using GPEDIT.MSC.

The major difference I spotted was that PC2 allowed "Access to this computer
from the network" for "everyone, administrators, power users and users",
whereas PC1 only allowed it for "ASP.NET". I changed PC1 to the same setting
as PC2 and reshared the printer. The printer was still not visible in the
"add printer" network browser, but I forced it using the \\computer\printer
path. That did not work, so I changed the name of the printer share and
tried again. It asked for username/password (as mentioned in my email
directly to you), but the guest user without PW was not being accepted (must
have a block on users without passwords somewhere). So I added a password to
the guest account and tried again with the PW. It worked! Not only that, but
it also made all of the PC1 shares visible on PC2!!

So, my hunch was correct ... it was never a network problem, always a
security problem. However, I am not absolutely confident that the changes I
have made to security have not opened a back door for some clever hacker
somewhere to break into my PC. If you have any thoughts about that, I'd be
interested.

In any case, this may give some others a new lead to resolve this problem.

Tony

"Chuck" <none@example.net> wrote in message
news:mn0cj11dmmjjpqvolh036odfbcnd0aurmo@4ax.com...
> On Fri, 23 Sep 2005 17:24:33 +1000, "TonyG" <tgilbert @ ozemail.com.au>
> wrote:
>
>>"Chuck" <none@example.net> wrote in message
>>news:6460j195t2qa33g0dvvml0pu3vaig4nrvo@4ax.com. ..
>>> On Tue, 20 Sep 2005 17:49:46 +1000, "TonyG" <tgilbert @ ozemail.com.au>
>>> wrote:
>>>
>>>>> Tony,
>>>>>
>>>>> These items are relevant to visibility in Network Neighborhood
>>>>> (browsing):
>>>>> add Netbios over TCP/IP
>>>>> ensure a single master browser
>>>>> set registry key RestrictAnonymous to '0'
>>>>> check for hidden enumeration parameter
>>>>> cleaned up the protocol stack
>>>>> disabled Windows firewall entirely (no other firewalls)
>>>>>
>>>>> These are not relevant to browsing:
>>>>> disable simple file sharing
>>>>> ensures shares have access by 'Everyone'
>>>>> common username/password on all three PCs
>>>>> enable the Guest account
>>>>> even tried adding NETBEUI to the three machines
>>>>>
>>>>> Here is one very interesting symptom:
>>>>> PC1 - BROWSTAT
>>>>> Master browser name is: PENTIUM4
>>>>> There are 0 servers in domain TONY on transport
>>>>> \Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>>> There are 0 servers in domain TONY on transport
>>>>> \Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>>>
>>>>> BROWSTAT for PC2
>>>>> Master browser name is: PENTIUM4
>>>>> There are 0 servers in domain TONY on transport
>>>>> \Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
>>>>>
>>>>> Why "0 servers"? Do you have File and Printer Sharing properly bound
>>>>> under
>>>>> NetBIOS Over TCP/IP, and is the Server service started, on both
>>>>> computers?
>>>>> <http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#Components>
>>>>>
>>>>> Check for LSP / Winsock corruption:
>>>>> <http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html>
>>>>>
>>>>> If that doesn't help, try running the Network Setup wizard, and make
>>>>> the
>>>>> appropriate selection for Internet access.
>>>
>>>>Hi Chuck,
>>>>
>>>>Thanks for the tips. The browser service was active on all PCs
>>>>originally.
>>>>I
>>>>have since disabled it on PC2 and PC3 to see if that helps resolve
>>>>master
>>>>browser conflicts. I read the article about browser conflicts (that's
>>>>where
>>>>I got Browstat.exe from) and worked through its suggestions. A new
>>>>browstat
>>>>report for PC1 is included below.
>>>>
>>>>I also tried repairing Winsock. That caused all sorts of grief,
>>>>requiring
>>>>me
>>>>to uninstall the network connections and reinstall them completely.
>>>>That's
>>>>why you'll see my workgroup is now MSHOME.
>>>>
>>>>I have tried running the network setup wizard a number of times on all
>>>>three
>>>>computers, but it doesn't seem to help at all.
>>>>
>>>>Any thoughts on my request about how to directly compare security
>>>>settings
>>>>on the two XP Pro machines? Is there a way to print all security
>>>>settings?
>>>>And is there any difference created in the security when one of the
>>>>machines
>>>>runs ICS?
>>>>
>>>>Thanks, Tony
>>>>
>>>>Status for domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>> Browsing is active on domain.
>>>> Master browser name is: PENTIUM4
>>>> Master browser is running build 2600
>>>> 1 backup servers retrieved from master PENTIUM4
>>>> \\PENTIUM4
>>>> There are 2 servers in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>> There are 1 domains in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
>>>>
>>>>
>>>>Status for domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>> Browsing is active on domain.
>>>> Master browser name is: PENTIUM4
>>>> Master browser is running build 2600
>>>> 1 backup servers retrieved from master PENTIUM4
>>>> \\PENTIUM4
>>>> There are 2 servers in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>> There are 1 domains in domain MSHOME on transport
>>>>\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
>>>
>>> Tony,
>>>
>>> Well, apparently something you did resolved the problem with PC1, which
>>> went
>>> from "0 servers in domain" to "2 servers in domain". Any idea what?
>>> That
>>> could
>>> be relevant in resolving the problem. What results do you see on the
>>> other
>>> computers?
>>>
>>> Sorry that the LSP / Winsock repairs was so painful. It's not a clean
>>> solution,
>>> and when necessary, I recommend it after everything else has been tried
>>> to
>>> no
>>> avail.
>>>
>>> The Network Setup Wizard is not much of a magic bullet. It loads
>>> network
>>> drivers (which only has to be done once), then makes network settings
>>> that
>>> affect Internet access. If you run it once, and there's still a problem
>>> with
>>> file sharing, chances are that running it again won't help a lot.
>>>
>>> If you're still having problems, it may involve security settings, or it
>>> may
>>> not. I recommend that we verify everything else is working first.
>>> Please
>>> provide updated "browstat status" and "ipconfig /all" from each
>>> computer.
>>> We'll
>>> run CDiag next.
>>> <http://nitecruzr.blogspot.com/2005/05/using-cdiag-without-assistance.html>
>>>
>>> With regard to ICS, that's basically a software NAT router. ICS affects
>>> file
>>> sharing only when it affect connectivity between the computers - using
>>> ICS
>>> should have no effect on security settings.
>
>>Hi Chuck
>>
>>Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
>>for my network?
>>
>>Tony
>
> Tony,
>
> I've checked 6 of my email accounts, and none have any email from you. As
> long
> as you're not sending anything titled for instance "Re: [6]" or similar.
> ;(
>
> --
> Cheers,
> Chuck, MS-MVP [Windows - Networking]
> http://nitecruzr.blogspot.com/
> Paranoia is not a problem, when it's a normal response from experience.
> My email is AT DOT
> actual address pchuck mvps org.; Posted by Chuck on September 26th, 2005; On Mon, 26 Sep 2005 21:25:22 +1000, "TonyG" <tgilbert @ ozemail.com.au> wrote:

>Hi Chuck,
>
>FYI, I continued my probing into this problem by directly comparing, line
>for line, the security settings on PC1 and PC2 using GPEDIT.MSC.
>
>The major difference I spotted was that PC2 allowed "Access to this computer
>from the network" for "everyone, administrators, power users and users",
>whereas PC1 only allowed it for "ASP.NET". I changed PC1 to the same setting
>as PC2 and reshared the printer. The printer was still not visible in the
>"add printer" network browser, but I forced it using the \\computer\printer
>path. That did not work, so I changed the name of the printer share and
>tried again. It asked for username/password (as mentioned in my email
>directly to you), but the guest user without PW was not being accepted (must
>have a block on users without passwords somewhere). So I added a password to
>the guest account and tried again with the PW. It worked! Not only that, but
>it also made all of the PC1 shares visible on PC2!!
>
>So, my hunch was correct ... it was never a network problem, always a
>security problem. However, I am not absolutely confident that the changes I
>have made to security have not opened a back door for some clever hacker
>somewhere to break into my PC. If you have any thoughts about that, I'd be
>interested.
>
>In any case, this may give some others a new lead to resolve this problem.
>
>Tony

Hi Tony,

OK, so you have XP Pro with Simple File Sharing disabled, but you're using the
Guest account for network access anyway.

Using Guest authentication is mainly a policy issue. In your case, you're
probably safe.
# You don't have any wireless components, so your LAN is physically secure.
# As long as Pentium4 is properly firewalled (with file sharing blocked please),
it should be secure. Likewise Packardbell and Hpvectra. If you're not
firewalled, I don't think that having Guest accessible (with or without a
password) will make all that much difference to a hacker.

But please don't use Guest authentication as a general resolution for this
problem. It may be for you, but I'd not recommend it to everybody. Out of
principle, I'd still hope that you find out what the actual problem is.

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.; Posted by TonyG on September 27th, 2005; Hi Chuck

File and printer sharing is enabled on the LAN but disabled on the ICS
gateway. I have run every NetBios security tester I can find and none of
them can detect a share on the IP, so I guess I am safe. My only real
concern is could someone try to actually log into my machine from the
outside world if they guessed my Guest password? If that's not possible,
then I think it's OK. But I will continue to look for a better solution to
the problem.

Thanks for all your help. I guess at this stage the question still is why
does Pentium4 ask for a username and password when I try to access it from
other machines? And why does it only allow the Guest username to be entered
(username box is greyed out, with "Pentium4\Guest" in it).

Regards, Tony
"Chuck" <none@example.net> wrote in message
newsh3gj1derid0cm415dooegemcslteaj04p@4ax.com...
> On Mon, 26 Sep 2005 21:25:22 +1000, "TonyG" <tgilbert @ ozemail.com.au>
> wrote:
>
>>Hi Chuck,
>>
>>FYI, I continued my probing into this problem by directly comparing, line
>>for line, the security settings on PC1 and PC2 using GPEDIT.MSC.
>>
>>The major difference I spotted was that PC2 allowed "Access to this
>>computer
>>from the network" for "everyone, administrators, power users and users",
>>whereas PC1 only allowed it for "ASP.NET". I changed PC1 to the same
>>setting
>>as PC2 and reshared the printer. The printer was still not visible in the
>>"add printer" network browser, but I forced it using the
>>\\computer\printer
>>path. That did not work, so I changed the name of the printer share and
>>tried again. It asked for username/password (as mentioned in my email
>>directly to you), but the guest user without PW was not being accepted
>>(must
>>have a block on users without passwords somewhere). So I added a password
>>to
>>the guest account and tried again with the PW. It worked! Not only that,
>>but
>>it also made all of the PC1 shares visible on PC2!!
>>
>>So, my hunch was correct ... it was never a network problem, always a
>>security problem. However, I am not absolutely confident that the changes
>>I
>>have made to security have not opened a back door for some clever hacker
>>somewhere to break into my PC. If you have any thoughts about that, I'd be
>>interested.
>>
>>In any case, this may give some others a new lead to resolve this problem.
>>
>>Tony
>
> Hi Tony,
>
> OK, so you have XP Pro with Simple File Sharing disabled, but you're using
> the
> Guest account for network access anyway.
>
> Using Guest authentication is mainly a policy issue. In your case, you're
> probably safe.
> # You don't have any wireless components, so your LAN is physically
> secure.
> # As long as Pentium4 is properly firewalled (with file sharing blocked
> please),
> it should be secure. Likewise Packardbell and Hpvectra. If you're not
> firewalled, I don't think that having Guest accessible (with or without a
> password) will make all that much difference to a hacker.
>
> But please don't use Guest authentication as a general resolution for this
> problem. It may be for you, but I'd not recommend it to everybody. Out
> of
> principle, I'd still hope that you find out what the actual problem is.
>
> --
> Cheers,
> Chuck, MS-MVP [Windows - Networking]
> http://nitecruzr.blogspot.com/
> Paranoia is not a problem, when it's a normal response from experience.
> My email is AT DOT
> actual address pchuck mvps org.

Similar Posts

Column: Resolving Windows XP SP2 application compatibility issues (Microsoft Windows) by kh
No Prompt for Shares (Microsoft Windows) by mhaight@gmail.com
web shares (Microsoft Windows) by Tittus
Re: List Shares on XP Pro (Microsoft Windows) by Kerry Brown
Change the name of Admin$ under shares (Microsoft Windows) by Kimlyn