?
Solved

WFW  allowing NT server access without password

Posted on 1997-07-27
12
Medium Priority
?
205 Views
Last Modified: 2013-12-23
null
0
Comment
Question by:ocribinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 4

Expert Comment

by:vvk
ID: 1562506
"Unable to validate user..." means that in moment client can't connect to domain controller for some reasons. In this case if password match to saved in <user>.pwl file further network access allowed and each time until password validated by DC Wfw send this password for access to resources.
For creating both new passwords you can simply delete .pwl file for user. You can obtain file name from system.ini [Password lists] section. I think it's impossible to set password only for NT in WFW.
0
 
LVL 13

Expert Comment

by:akb
ID: 1562507
But in my experience, the WFW PC is connected to the NT domain and does have full access!  This appears to be a major flaw in NT security.  I have a few WFW PC's which I just can't stop accessing the NT server no matter what I do.
0
 

Author Comment

by:ocribinc
ID: 1562508
Thanks for the comments.  I have played around several times with the password section of the system.ini file, but still can't find a way around this problem.  A user on a BB suggested leaving the WFW password section blank, but this doesn't seem to work either.  I will try changing the .pwl file, but I'm not very optimistic.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Expert Comment

by:rburrows
ID: 1562509
Instead of re-installing windows, just delete the PWL file (dont amend it)
0
 

Author Comment

by:ocribinc
ID: 1562510
Thanks for trying, but still no joy.  I tried both amending and deleting the .PWL files, without success.  When I deleted them, I got the following message on booting windows:
"an error occured while trying to unlock the password list file for (username).  Error 2:  The specified file was not found"
I continued on, putting in the username and password, and I was prompted to create a password file.  Each time I booted, I got this message until I created another password file.  I was also prompted for an NT logon password (for a change!), until I clicked the option to "store this password in the password list"
Once I did that, I no longer needed the NT password.  I re-set the password on the server, and the WFW gave the message "the share password has changed.  Enter new password".  Again, once I entered it, it was saved to a password list, once again passing control to WFW.
This is a serious security issue.  I can't let users "simply" delete .PWL files each time they want to change passwords.  Even more irritating though is the message "no domain controller was available to validate your password.  You have been logged on without validation".  This is telling the user that passwords are useless!  How can I get rid of this message!
Thanks again for your comments, but I still have no solution.  I am going to double the points, in the hope that you will keep trying.
0
 
LVL 5

Accepted Solution

by:
y96andha earned 800 total points
ID: 1562511
I don't know if you did double the points, but here is the answer anyway:

Use the admincfg utility which is supplied on the last installation disk of WFW. With this utility you can disable password caching. Doing this will make it work exactly the way you want it to. You can also set a flag that WFW will not allow the users any access to the network without being validated by an NT server, which you probably will be wanting to do too.


0
 

Author Comment

by:ocribinc
ID: 1562512
I DID double the points, but it doesn't seem to have been updated.  I'll sort it out with the administrators if it doesn't work this time.  
Will try latest suggestion in the morning.  Couldn't find admincfg today (thought it should be in windows directory.  However, I've played with the system.ini file several times, including trying a disable password option, without success. Hopefully, admincfg will provide a way for users to log in to NT without needing to log in to WFW.  Thanks again.
0
 
LVL 5

Expert Comment

by:y96andha
ID: 1562513
admincfg is not installed automatically. You will find it named admincfg.ex_ on the last installation disk and have to install it manually.
0
 

Author Comment

by:ocribinc
ID: 1562514
I found the admincfg.ex_ and expanded it.  It looked like it would do exactly what I wanted, but it didn't.  I disabled caching, but it doesn't seem to change anything (maybe it does.  I didn't try chaning the server password to see what effect it has).  When I tried to force a separate login to the NT server, I got the message
"your access has been denied.  You will not have access to any network resources.  I tried it on two different clients, with the same results.  When I took this option off, I coul log on as usual (the WFW password came up, and I was logged on to the network through this).
I must be missing something.  Is it an NT problem (I have only one server, in domain Dublin.  Some of the clients have the same domain, but I left some of them as workgroup, which is the WFW default, and the 2 clients I tried have the workgroup domain set.  I presumed this was a WFW attribute, but maybe it is an NT setting)?  Have you a sample config file, or is there a way of editing it without using the admincfg utility?  I'm nearly there, please advise.  Thanks for all your help
0
 
LVL 5

Expert Comment

by:y96andha
ID: 1562515
Have you set them to log on to the domain? You can have any workgroup set, but they must be set to log on to the correct domain. You should get a logon box similar to the one you have on an NT Workstation/Server, where you get to choose logon domain.

What options did you set in admincfg, did you both disable password caching and require password authentication?

I shall look up exactly what settings we're using on our own network, where we've got it working perfectly.
0
 

Author Comment

by:ocribinc
ID: 1562516
From memory (it's a holiday weekend here), I set them to the same domain as the workgroup, so this might be the reason they don't work.  The place I set them is under the "set-up" option within the networks option of control panel in WFW.  The option there is "log on to NT domain.  I'm fairly certain that I set them to log on to the correct domain, but I might have set it to workgroup as well.  I'll check on Tuesday.  Is this the setting that you are referring to.  It is not really similar to the NT option box.

I tried disabling caching on its own, disabling caching and requiring password authentication, and authentication on its own.  The only one that worked was disabling caching on its own.  

Looking forward to hearing from you when you check your own settings (Tuesday??).  Thanks again
0
 

Author Comment

by:ocribinc
ID: 1562517
for info, I played around with settings in the networks option in control panel, and finally got admincfg to do what it says it will do.  It's really infuriating, because at one point it worked, yet when I logged out and in again, it didn't work, even though I hadn't changed anything.  I hope the fix works on the rest of the clients. WFW is not on my list of favourites!  Maybe I can get sanction for purchasing windows 98.....
Thanks again for all your help.    
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question