I am moving a once-working ISAPI written in Delphi 7 from Server 2003 to a Server 2008 R2 named KAKA. It runs in a 32-bit pool as NetworkService. KAKA is a domain controller. Most of the ISAPI works, except for where it should search a folder using findfirst, findnext on a share on the other DC (\\KEA\MPE). Findfirst returns 5 (access denied). I have tested it with a local folder which works fine. The share has 'Everyone full' for protection, and the NTFS permissions are Read/Execute/list/Read for Dom\KAKA$. which I am told is how NetworkService presents itself to the other machine. I looked at it with windows explorer 'effective permissions' from an XP client, and it shows OK read etc access for Dom\KAKA$. If I use ISAPIFWD (from Eggcentric) on KAKA to debug the ISAPI DLL on my XP machine, it works fine (probably because the debug user has domain-wide admin permissions).
What am I missing? I am all for enhanced security, but when it stops the app working completely, it is somewhat frustrating.