Re: XP Firewall? Re: Newbie XP/2K Drive Mapping Issue
From: Chuck (none_at_example.net)
Date: 10/12/04
- Next message: Chuck: "Re: internet disconnects"
- Previous message: Sam: "Internal Notebook Modem problem"
- In reply to: bonehead: "Re: XP Firewall? Re: Newbie XP/2K Drive Mapping Issue"
- Messages sorted by: [ date ] [ thread ]
Date: 12 Oct 2004 00:11:03 -0500
On Mon, 11 Oct 2004 12:24:19 -0700, bonehead <sendmenospam@nowhere.invalid>
wrote:
>I suppose I should note at the top that I don't have a Windows server in
>this environment, therefore I don't have a domain controller set up. But
>I'm not sure that would explain why I can ping and drive map from the XP
>to some of the 2Ks but not others, especially since all the machines are
>in the same Workgroup and can all see each other in My Network Places.
>
>Chuck wrote:
> > OK Bonehead,
> >
> > Any chance you have IPSec setup on the 2K computer?
> >
><http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp>
>
>IPSEC is turned off on *all* 2K machines *and* the XP machine.
>
> > Make sure the browser service is running on each computer. Control
>Panel -
> > Administrative Tools - Services. Verify that the Computer Browser,
>and the
> > TCP/IP NetBIOS Helper, services both show with Status = Started.
>
>Both Services are turned on on both trouble 2K machines and the XP machine.
>
> > When you say "can't ping" or "can't access shares", have you tried
>pinging /
> > accessing shares using ip address, not name? Like try mapping a share as
> > \\aaa.aaa.aa.149\ShareName? Pinging aaa.aaa.aa.149?
>
>Tried it both ways, thinking as well that it might be a
>(case-sensitive?) name resolution problem. Still got "Network path now
>found...insufficient rights"
>
> > Check Node Type in ipconfig listings for the two problem computers,
>and for one
> > of the known good 2K computers. What values do you have?
>
>All 2K machines are set to Node Type "Broadcast"...however, the XP
>machine is set to "Hybrid". Just out of curiosity, how would I change
>the XP's nod type?
<SNIP>
Here are Microsoft article discussing node types:
<http://support.microsoft.com/?id=314053>
<http://support.microsoft.com/?id=160177>
I think you have at least two problems. Or one problem with multiple effects.
Let's start with the ping problems. Ping by ip address works between all
computers - except between the problem computer, and the XP computer. Neither
can ping the other, but both can ping the third, non-problem computer.
The ping process is very low level - it requires only the TCP/IP protocol,
running on top of a physical network. These computers with this problem have no
problem pinging other computers - both can ping the non-problem 2K computer. My
experience is that selective ping problems like this can only be caused by one
thing - a firewall.
Is ICF active on the XP computer? Have there ever been any third party
firewalls or any other security product active on either computer?
While you're considering that issue, let's look at net view by ip address
between the two 2K computers. Both claiming unknown username / bad password
when one tries enumeration of the other.
You've got a diverse LAN. If you're going to deploy Windows XP computers on a
LAN containing 2K computers, you'll have to standardise your permissioning
between all computers.
Windows 2K uses Advanced File Sharing - which serves file shares to users on
other computers logged in with matching account / password. If a matching
account / password is not present, then the server will provide shares based
upon the Guest account being active and having a matching non-blank password.
So, to start, do you have an enabled Guest account on each computer? With
matching password? Remember you must enable the Guest account, using Start -
Run - "cmd" - type "net user guest /active:yes" in the command window. Or using
Local Security Manager (Control Panel - Administrative Tools - Computer
Management - Local Users and Groups. Not using User Accounts in Control Panel.
If all computers have matching properly enabled Guest accounts, check the
Registry entry restrictanonymous.
In addition to any possibilities you might find in other articles, look on each
computer, at registry key [HKLM\System\CurrentControlSet\Control\Lsa], value
restrictanonymous.
<http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/regentry/46688.asp>
<http://www.jsifaq.com/subf/tip2600/rh2625.htm>
The above articles refer to Windows 2000. Remember WinXP is NT V5.1, and Win2K
is NT V5.0.
Have you used the Registry Editor before? If not, it's a scary tool, but it's
pretty simple once you get used to it. Here are a couple articles that might
help:
<http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/tools_regeditors.asp>
<http://www.annoyances.org/exec/show/registry>
Just remember to backup the key (create a registry patch) for
[HKLM\System\CurrentControlSet\Control\Lsa] before making any changes, if
appropriate.
>From the Annoyances article:
You can create a Registry patch by opening the Registry Editor, selecting a
branch, and choosing Export from the File menu. Then, specify a filename, and
press OK. You can then view the Registry patch file by opening it in Notepad
(right-click on it and select Edit). Again, just double-click on a Registry
patch file (or use Import in the Registry Editor's File menu) to apply it to the
registry.
Lets see if we can resolve these two issues, and see what symptoms remain
afterwards.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: Chuck: "Re: internet disconnects"
- Previous message: Sam: "Internal Notebook Modem problem"
- In reply to: bonehead: "Re: XP Firewall? Re: Newbie XP/2K Drive Mapping Issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
