Solved

Win 2k and Win XP

Posted on 2006-06-28
18
294 Views
Last Modified: 2006-11-18
I'm having a small problem with accessing a windows 2k computer from windows xp. I'm working on a medium sized LAN and all computers (bar one) are running XP. None of the XP machines can access the windows 2k computer, but yet the win 2k computer can access all the XP machines. When I try to access it via start->run and tying in "\\win2kcomp" I'm prompted for a user name and password. I enter the Admin name and password, and then get a message telling me I don't have permission to access it.

If I try navigating to it via My Network Places, I don't get asked for a password, I just get the message.

But yet, if I try access any computer from Windows 2k, I get access wothou being asked any passwords.

Networking isn't really my thing, so I would appreciate any help I can get.
Thanks
0
Comment
Question by:krispin
  • 6
  • 5
  • 4
  • +1
18 Comments
 
LVL 16

Expert Comment

by:Joe
ID: 17000894
Is this on a domain or workgroup?
0
 

Author Comment

by:krispin
ID: 17001002
Some XP computers on the LAN are on a domain, others are in a workgroup. The Win2k computer is in the workgroup.

If I access an XP computer that's on the domain from the Win2K computer, I need a user name and password, otherwise, I can get straight in.

Accessing the Win2k computer from either a domain or workgroup computer yields the same result (username/password prompt, then the error message)
0
 

Author Comment

by:krispin
ID: 17001020
I have tried separating the physical networks out, in case there was some sort of conflict there (I plugged the cable out connecting the switch from the workgroup network to the switch from the domain network).

Obviously, I coulnd't access the domain computers from the Win2k computer now, and vice-versa, but the issue of the Win2k to Win XP computers in the workgroup remained
0
 
LVL 16

Expert Comment

by:Joe
ID: 17001288
Ok, So if I understand you right most of your XP machines are on the domain and the 2000 machine is on a workgroup. Just a question is there a reason you are leaving the 2000 machine off of the domain? When accessing the domain from a machine that is in a workgroup you will need to supply a valid user of the domain that has rights to join it. When the box comes up to enter your user name and password type in domain\domain username - then the password.

Joe
0
 

Author Comment

by:krispin
ID: 17001429
There are the same number of XP machines off the domain (in the workgroup), as there are on the domain.

At the moment in time, I have removed the domain element, because I don't need to access these from the Win2K machine.

I still have a number of XP machines that are in the same workgroup (and subnet, etc.... I checked pinging) as the Win2k machine. The Win2k machine can access the XP machines fine. But the XP machines in the workgroup cannot access the Win2k machine. I get the prompt as above whether the XP machine is on the domain or not.

I'm not trying to access a machine on the domain from a machine off the domain. It's the other way around; accessing a machine off the domain from a machine on or off the domain.

But as I said, I have removed the domain element of the problem. Currently, I have 13 XP machines and one Win2k machine, all in a work group called "Workgroup". The Win2k machine can access the XP machines. The XP machines cannot access the Win2k machine. I get the prompt and the error if I try.
0
 
LVL 16

Expert Comment

by:Joe
ID: 17001626
Have you tried to access the machine by IP address? \\ipaddressofthemachihne
0
 

Author Comment

by:krispin
ID: 17001712
Yeah, I get the exact same thing. Prompt for username and password, and then a message telling me I don't have permission.

It's obvious the problem is a security issue at the Win2k side, since it doesn't happen when ye try to access an XP machine.

There must be a setting or security policy or something set that is making Win2k reject any attempt at accessing it.

I'm just not overly versed in networking and even less versed in Win2k. The network engineers here can't figure it out either.

I can access it using IP bases applications, like telnet, ftp, and VNC. But I need to be able to access it via windows networking
0
 
LVL 16

Expert Comment

by:Joe
ID: 17001836
Weed through the local security policies on the machine. Go to Control Panel > Administrative Tools > Local Security Policy.  Look under the local policies to see if anything is enabled.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 8

Expert Comment

by:H
ID: 17003642
Hi
when you connect from the XP system to the windows system follow these steps


scenario#1
XP system on domain connecting to win2k system not on domain...You will get prompted for a usename and password...

Username will be:     " systemname\localcomputerusername "  IE if my system name is PC1 and username is user one I will type " pc1\user1 " in the username box.

password:  regualr Localaccount password...
0
 

Author Comment

by:krispin
ID: 17007485
That's exactly what I've been doing.
If I type in an incorrect username and password, the dialog box disappears for a moment and then reappears, prompting me to enter the username and password.

When I enter the correct username preceeded by "pcname\" the dialog disappears and a few seconds later I get a message saying something like "You do not have permission to access this network resource" which is why I think this is a security issue on the Win 2k machine.

If you read the above posts, I have also removed the domain element of the network for the time being. I'm currently using just XP machines and one Win 2K machine in a workgroup, but I still get the same problem.

-----------------------------------------------------------------------------
 JoeZ430

I've gone through the Local Security Policy and have been unable to find anything that would cause this
0
 
LVL 8

Expert Comment

by:H
ID: 17009319
so you have tried to create a local administrator account on the win2k machine?  And that is the one you are trying to login as?

Also since your not connecting from a domain anymore you do not need the machinename/username  just username...

Alos try logging the win2k machine in as the same local user on both machines and see if you can access it then?
0
 

Author Comment

by:krispin
ID: 17009414
Both the win xp machine and the win 2k machine are using the Administrator account. It's the only account that exists on either machine. I made the passwords identical just to be safe.

So I am trying to log on using the local Administrator account on the win 2k machine, yes.

>>Also since your not connecting from a domain anymore you do not need the machinename/username  just username...

The login doesn't work whether I use the machinename/username or just the username approach.

But it seems to me that the login is working since if I type in a wrong username and password combination, the login dialog box pops back up. I only get the error messages when I enter the correct username and password, which suggests the username and password is at least being validated, but win 2k just won't allow access after that.
0
 
LVL 8

Expert Comment

by:H
ID: 17009535
Does each machine only have one nic per machine?

Go to the properties of the netowrk cards on both machines.  What protocols are installed and which ones are checked?

0
 
LVL 8

Expert Comment

by:H
ID: 17009878
Hi
Can you try these steps for me and see what happens..

#1 Create a new share on the windows2k machine
#2 go to a command-line/dos prompt on the windows xp machin

#3 Type :

                   net use x: \\MachineName\Sharename /user:USERNAME password

Let me know if the maps a drive to the share or if it gives you and error..This may give us more detail on the issue..




0
 
LVL 8

Accepted Solution

by:
H earned 63 total points
ID: 17010987
Also if the above does nothing...DO this as well

Create a new local user id on both machines and put them both in the administrators group on that machine..

on the xpmachine add this to the local administrator group  2kmachine/2kusername
on the win2k machine add this to the local administrator group xpmachinname/xpusername

..Make shure both machines are in the same workgroup.  Log both machines on with the new user accounts

TRy and connect useing the normal windows method and also try the net use method..

Let me know the results...

What I am trying to do if non of this works is narrow down were the issue is actaully located...
0
 
LVL 14

Assisted Solution

by:FriarTuk
FriarTuk earned 62 total points
ID: 17015804
are these option in your local security policy on the w2k box, try A (if it doesn't work, chg it back & try B)

gpedit.msc - comp config - win sett - sec sett - loc pol - sec opt:
A)  Disable =0  "Accounts: Limit local account use of blank passwords to console login only."
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\limitblankpassworduse
   * This will permit network access without a password. The user's computer can boot directly to
     the Windows desktop, and be validated against the corresponding XP Professional user account, without a password.

B)  Disable =0  "Network Access: Do not allow anonymous enumeration of SAM accounts & share"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now