Windows 10 default settings block access to them from other computers on my Domain! Not related with the Firewall
All my Windows 10 computers on my Windows domain have "some new" functions that by default blocks any connection attempt TO THEM.
It is not the default Windows Firewall.
I know that moreover the firewall, they added another blocking mecanism : when I go in control panel, network ... , Advanced Settings: there is a "profile " système there. I do see it as "Current Profile DOMAIN" and there are 2 settings: "Activate network discovery" and "Activate files and printer Sharing" and both of them are Active. I have to manually make them active on each Windows 10 because I didn't find in my domain GPO the settings for that. Do you know if that can be controlled by GPO and Windows 2003 GPO also...?
tx!
It is not the default Windows Firewall.
I know that moreover the firewall, they added another blocking mecanism : when I go in control panel, network ... , Advanced Settings: there is a "profile " système there. I do see it as "Current Profile DOMAIN" and there are 2 settings: "Activate network discovery" and "Activate files and printer Sharing" and both of them are Active. I have to manually make them active on each Windows 10 because I didn't find in my domain GPO the settings for that. Do you know if that can be controlled by GPO and Windows 2003 GPO also...?
tx!
ASKER
??? The other way around works. My Windows 10 works perfectly with my servers... the problem is setting by GPO "Activate network discovery" and "Activate files and printer Sharing" on them.
Any GPO for Server 2003 is very different from a similar GPO in the Windows 10 / related Server area.
For the old gear, set up Network Discovery and File Print Sharing manually. Make sure at the bottom that you are using User Names and Passwords in the modern systems.
For the old gear, set up Network Discovery and File Print Sharing manually. Make sure at the bottom that you are using User Names and Passwords in the modern systems.
You are conflating many different things together and drawing spurious conclusions from them.
Is there a new blocking technology in windows 10? *NO* The windows firewall has been the standard bearer for this since XP SP2. It is still the same general design (albeit updated for each OS as the network stack has evolved...IPv6, etc.)
Does network discovery or file and print sharing block access to the desktop? *NO* They control whether those services are running. That's different, and neither is new to windows 10.
A door with a lock blocks you from entering a building. That's the firewall.
Maybe you have a key (a firewall rule allowing access to a specific app or on a specific port)...and you walk in the building and start shouting at the top of your lungs. But the building is empty so nobody hears you. Does a person screaming when nobody can hear them make a sound?? That's the equivalent of a program not listening (like file and print sharing not running.)
I want to stress that THIS IS NOT NEW!!!
You could take windows server 2003. Open a firewall rule for port 80. But if you didn't install a web server, that open firewall port didn't *do* anything! It wasn't "blocked" ...it was just that nothing was there to listen and respond to web requests. You not only have to open the port...you have to install IIS. Or Apache Web Server. Or *SOMETHING.*
File and print sharing hasn't been enabled by default in a client OS for years...again, not new to windows 10. That isn't *BLOCKING* ..that is just not listening. It's a functional difference that needs to be understood to accurately troubleshoot any network issue.
Is there a new blocking technology in windows 10? *NO* The windows firewall has been the standard bearer for this since XP SP2. It is still the same general design (albeit updated for each OS as the network stack has evolved...IPv6, etc.)
Does network discovery or file and print sharing block access to the desktop? *NO* They control whether those services are running. That's different, and neither is new to windows 10.
A door with a lock blocks you from entering a building. That's the firewall.
Maybe you have a key (a firewall rule allowing access to a specific app or on a specific port)...and you walk in the building and start shouting at the top of your lungs. But the building is empty so nobody hears you. Does a person screaming when nobody can hear them make a sound?? That's the equivalent of a program not listening (like file and print sharing not running.)
I want to stress that THIS IS NOT NEW!!!
You could take windows server 2003. Open a firewall rule for port 80. But if you didn't install a web server, that open firewall port didn't *do* anything! It wasn't "blocked" ...it was just that nothing was there to listen and respond to web requests. You not only have to open the port...you have to install IIS. Or Apache Web Server. Or *SOMETHING.*
File and print sharing hasn't been enabled by default in a client OS for years...again, not new to windows 10. That isn't *BLOCKING* ..that is just not listening. It's a functional difference that needs to be understood to accurately troubleshoot any network issue.
ASKER
There IS something different with Windows 10. Never had problems with ANY of my previous Windows XP and my now 50 Windows 7.
This problem applies only on Windows 10.
p.s. the firewall receives the same configs as for my Windows 7 computers which is "turn off on Domain".
There must be a way to push something. Even a registry key would do it.
I have turned on this but no impact:
This problem applies only on Windows 10.
p.s. the firewall receives the same configs as for my Windows 7 computers which is "turn off on Domain".
There must be a way to push something. Even a registry key would do it.
I have turned on this but no impact:
Do you have IPv6 enable on the NICs (it's enabled by default)? If so, turn if OFF and see if that resolves your issues.
Windows 2003 does not have many of the group policies for Windows 10. Furthermore, they can't be installed on a Windows 2003 server because they are in a different format. Windows 2003 uses .ADM files and all of the group policies for operating systems newer than Vista/Windows 2008 use ADMX files.
Windows 2003 does not have many of the group policies for Windows 10. Furthermore, they can't be installed on a Windows 2003 server because they are in a different format. Windows 2003 uses .ADM files and all of the group policies for operating systems newer than Vista/Windows 2008 use ADMX files.
All new systems use IPv6 and on new systems should not be disabled. If you do this, keep records for the time you bury your Server 2003 to avoid future issues.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So you use policies to turn off the firewall on the domain profile? That is a very bad idea and no need to do that.
Turn it on, then enable file and printer sharing or, if you like simply add an allow rule for port 445 (incoming) and that's it.
Turn it on, then enable file and printer sharing or, if you like simply add an allow rule for port 445 (incoming) and that's it.
ADMX template files don't change existing policies that were already available as .ADM files (they just replace them), but each new version can add many policies that pertain to specific functions for newer operating systems like Windows 10. That said, I don't think the problem experienced by the poster has anything to do with group policies.
Even so, if you want to give it a try, there is a way to manage group policies in such an environment. You can't manage them from a Windows 2003 server, but you should be able to store them there and then manage them from a Windows 10 machine. You need to create a Central Store on the 2003 server, copy the .ADMX files to that Central Store and then manage the policies from a Windows 10 workstation.
https://support.microsoft.com/en-us/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra
Even so, if you want to give it a try, there is a way to manage group policies in such an environment. You can't manage them from a Windows 2003 server, but you should be able to store them there and then manage them from a Windows 10 machine. You need to create a Central Store on the 2003 server, copy the .ADMX files to that Central Store and then manage the policies from a Windows 10 workstation.
https://support.microsoft.com/en-us/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra
@philjans
While there is "*NO*" new applications or functionality built into windows to block connection attempts from an application level. In recent versions of windows the windows firewall "HAS" been modified and the defaults changed a little.
The above items in the windows firewall are by default disabled in newer versions of windows where as in previous versions of windows they were enabled by default..
Maybe try enabling them and see if your connectivity is restored.
While there is "*NO*" new applications or functionality built into windows to block connection attempts from an application level. In recent versions of windows the windows firewall "HAS" been modified and the defaults changed a little.
The above items in the windows firewall are by default disabled in newer versions of windows where as in previous versions of windows they were enabled by default..
Maybe try enabling them and see if your connectivity is restored.
ASKER
Still having this trouble.
All and only my Windows 10 new computers have this trouble.
I am able to reach any Windows 7 computers using the \\computername\c$ using my domain admin account but I cannot reach any Windows 10 \\computername\c$ ...
Firewall on or off
Sharing option all opened
All and only my Windows 10 new computers have this trouble.
I am able to reach any Windows 7 computers using the \\computername\c$ using my domain admin account but I cannot reach any Windows 10 \\computername\c$ ...
Firewall on or off
Sharing option all opened
am able to reach any Windows 7 computers using the \\computername\c$
cannot reach any Windows 10 \\computername\c$ ...
This was new information you gave us. That is by design. Access as \\computername\foldername.
cannot reach any Windows 10 \\computername\c$ ...
This was new information you gave us. That is by design. Access as \\computername\foldername.
That is new information! I think we were all thinking of a normal type of network connection, but what you're talking about is an administrative-level connection, which requires different permissions.
Have you checked these computers to see if the administrative shares have been created? These are supposed to be created automatically, but if you did some imaging to other manipulations, they might not be there. In Computer management/ Shared Folders/Shared on each computer, you should see the C$ share there. You also need to check to be sure that the account you're using to connect to the admin shares has administrative rights on the computer(s) you're connecting to. If your account is a domain administrator and the computers are joined to the domain, then that access should be automatic but if it's not you can add your account through group policies using the Restricted User method.
Have you checked these computers to see if the administrative shares have been created? These are supposed to be created automatically, but if you did some imaging to other manipulations, they might not be there. In Computer management/ Shared Folders/Shared on each computer, you should see the C$ share there. You also need to check to be sure that the account you're using to connect to the admin shares has administrative rights on the computer(s) you're connecting to. If your account is a domain administrator and the computers are joined to the domain, then that access should be automatic but if it's not you can add your account through group policies using the Restricted User method.
That is not by design. Win10 behaves the same when it comes to administrative shares as win7.
Phil, simply do as advised and create a firewall rule. And maybe do it now and give feedback now and not wait another 4 months :-|
Phil, simply do as advised and create a firewall rule. And maybe do it now and give feedback now and not wait another 4 months :-|
I see this on all our Windows 10 Pro machines. Security has been tightened up and I just map by folder name. Saves a lot of time.
ASKER
Oh it's not just \\computername\c$ connections... I use Tightvnc for remote control and I cannot even connect on that...
John: I have create, like you say, shared folders but it doesn't worked either... when I try \\computername\ on Win7 it lists all shares but now I get:
John: I have create, like you say, shared folders but it doesn't worked either... when I try \\computername\ on Win7 it lists all shares but now I get:
I always use NET USE T: \\server\folder and it works perfectly all the time any system.
ASKER
John... doesn't work either... Network name specified non available error 64
https://social.technet.microsoft.com/Forums/windowsserver/en-US/8878da36-19af-410a-ae48-db1a87af741e/system-error-64-the-specified-network-name-is-no-longer-available?forum=windowsserver2008r2networking
A couple of possibilities:
1. Something in your network is using SMBv1 which has gone.
2. Try deleting all drives NET USE T: /Delete for all T, restart the workstation and try mapping again.
A couple of possibilities:
1. Something in your network is using SMBv1 which has gone.
2. Try deleting all drives NET USE T: /Delete for all T, restart the workstation and try mapping again.
If VNC (any variant) isn't working as well as shares, I think we can stop looking at whether it is an admin share issue. SMB 1 issue, or other similar protocol specific issue.
This heavily hints at a network issue. Firewall. Bad config. Wrong IP. Broken network stack. Time to get back to basics. Netstat. Wireshark. Installed software. This is not normal. And is not some mysterious planned change made in Win10.
This heavily hints at a network issue. Firewall. Bad config. Wrong IP. Broken network stack. Time to get back to basics. Netstat. Wireshark. Installed software. This is not normal. And is not some mysterious planned change made in Win10.
Server 2003 has expired (dead), use SMBv1 (security risk) and SMBv1 has been eliminated from Windows 10 and 7.
Try connecting from Windows 10 to your server instead.