Thread: Access Denied in Win XP p2p
View Single Post
  #8  
Old 01-05-2006, 04:05 AM
Chuck
 
Posts: n/a
Default Re: Access Denied in Win XP p2p
On Fri, 25 Nov 2005 18:07:01 -0800, "p7sky" <p7sky@discussions.microsoft.com>
wrote:

>"Chuck" wrote:
>
>> On Fri, 25 Nov 2005 10:50:02 -0800, "p7sky" <p7sky@discussions.microsoft.com>
>> wrote:
>>
>> >
>> >
>> >"Chuck" wrote:
>> >
>> >> On Tue, 22 Nov 2005 10:29:02 -0800, "p7sky" <p7sky@discussions.microsoft.com>
>> >> wrote:
>> >>
>> >> >"Chuck" wrote:
>> >> >
>> >> >> On Mon, 21 Nov 2005 09:26:01 -0800, "p7sky" <p7sky@discussions.microsoft.com>
>> >> >> wrote:
>> >> >>
>> >> >> >Hello, I recently ran System Mechanic 6 on two of the computers in my
>> >> >> >three-computer Win XP Pro p2p net; subsequently I discovered that I had no
>> >> >> >access to those two computers from the third unit or from each other. I
>> >> >> >discovered a post in a PC World forum noting a similar situation; the author
>> >> >> >suggested changing to "disabled" the following entries in Security Settings
>> >> >> >>Local Policies >Security Options:
>> >> >> >
>> >> >> >Network access: Do not allow anonymous enumeration of SAM accounts Disabled
>> >> >> >Network access: Do not allow anonymous enumeration of SAM accounts and
>> >> >> >shares Disabled
>> >> >> >
>> >> >> > I did this on one computer and my access was restored. Trying to do it on
>> >> >> >the other computer, I discovered that these entries were not present in
>> >> >> >Security Options -- in fact, as opposed to a lengthy list of options I found
>> >> >> >on the "fixed" computer, this computer's Security Options were limited to six
>> >> >> >choices -- none of which was the desired choice. Can anyone give me some
>> >> >> >guidance as to rebuilding/restoring the default list of Security Options so
>> >> >> >that I can set them correctly ? (I do not have an appropriate System Restore
>> >> >> >point available). The help file mentioned loading and editing templates, but
>> >> >> >it didn't say which of the templates was appropriate.
>> >> >> >
>> >> >> >Any help greatly appreciated.
>> >> >> >Thanks
>> >> >> >Paul
>> >> >>
>> >> >> Paul,
>> >> >>
>> >> >> The change needed is known as Registry setting restrictanonymous.
>> >> >> <http://nitecruzr.blogspot.com/2005/07/restrictanonymous-and-your-server.html>
>> >> >> http://nitecruzr.blogspot.com/2005/0...ur-server.html
>> >>
>> >> >Hi, Chuck, thanks for your reply. I examined the registry key you indicated
>> >> >on the problem machine and found that it says:
>> >> >
>> >> >Name Type Data
>> >> >restrictanonymous REG_DWORD 0x00000000 (0)
>> >> >restrictanonymoussam REG_DWORD 0x00000000 (1)
>> >> >
>> >> >The "restrictanonymous" data value on the problem machine is identical to
>> >> >the two "working" machines; so it would appear my problem may lie elsewhere
>> >> >(the restrictanonymoussam value differs on the two working machines; one is
>> >> >1, like the problem machine, the other is 0, but I believe that is because I
>> >> >changed the enable/disable SAM choice in Security Options for that machine as
>> >> >noted in my original post. I know your site info said the SAM value was not
>> >> >relevant in this case)
>> >> >
>> >> >I am not the most skilled practitioner when it comes to working the
>> >> >registry; would there be any other values to look at? I wish I had the full
>> >> >list of options in Security Options on the problem machine as I do on the
>> >> >working ones -- then I could compare the options line by line.
>> >> >
>> >> >Thank you.
>> >> >Paul
>> >>
>> >> Paul,
>> >>
>> >> So it looks like that's not the problem. Try my troubleshooting guide, and post
>> >> "browstat status" and "ipconfig /all" from each computer, if nothing else comes
>> >> to mind.
>> >> <http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
>> >> http://nitecruzr.blogspot.com/2005/1...isibility.html
>>
>> >Hi, Chuck -- hope you had a nice Thanksgiving (I see you're from Calif).
>> >
>> >Here are the ipconfig and browstat results for all three computers, in this
>> >order Main - Dell - Compaq. "Main" is the problem computer; it's also the one
>> >that the peripherals are hooked to if that makes any difference -- two
>> >printers, wireless router and DSL modem. Both the Dell and Compaq return
>> >Error 5 when trying to connect to Main.
>>
>> <SNIP>
>>
>> >Any further guidance is greatly appreciated.
>> >Paul
>>
>> Hi Paul,
>>
>> Well, I am just this afternoon able to work steadily. Thanksgiving is
>> traditionally a time of overeating. I bow to tradition. I couldn't bow last
>> night though. ;-}
>>
>> So, what do we know about your LAN?
>> # You have 3 computers, each one in subnet 192.168.0/24, gateway 192.168.0.1.
>> # Name resolution is OK - Hybrid and Unknown are compatible.
>> # All 3 are in domain / workgroup "7SKY COMM".
>> # All 3 can see each other as servers ("There are 3 servers in domain 7SKY
>> COMM").
>> # Compaq and Dell cannot connect to the registry on Main ("error = 5"). That
>> indicates either a firewall problem, or Main is running Simple File Sharing, or
>> is otherwise configured to not give administrative access from Compaq and Dell.
>>
>> What edition (Home or Pro) is each running?
>>
>> How is Main connected to the router? How is Compaq connected? The Bridge ("MAC
>> Bridge Miniport") looks like the best culprit.
>> <http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html#Bridge>
>>
>> Try removing the bridge - if that doesn't help, post an updated "ipconfig /all"
>> from Compaq.

>Hi, Chuck. I'm not really believing this -- because I thought I checked all
>the firewalls -- but the Windows Firewall on Main -- which I had shut off
>ever since I went to SP2 -- was back on and apparently not configured for
>network access. Perhaps that System Mechanic security "fix" reactivated it,
>but I swear I checked it when I checked my Norton firewall. I did the
>reconfigure in the Network Wizard, but then turned it off again, because I'm
>using Norton Internet Security 2005's firewall. Once that was accomplished,
>the access to Main was restored.
>
>Meanwhile, I did try disabling the bridge on the Compaq, but I lost access
>to my internet connection, so I re-enabled it and it's working again. All
>three of these PCs run WinXP Pro -- the Main and Dell are SP2, while the
>Compaq is SP1. Main is hard-connected to the router, while the Compaq and
>Dell both run DLink wireless cards.
>
>I'd like to thank you very much for guiding me through this; I only hope
>that if I have further problems, you'll be the one to pick up on my cry for
>help.
>
>Paul

Paul,

Ohoh, another case of the firewall settings mysteriously changing themselves!
And what does the bridge have to do with anything?

Anyway, thanks for the update, and the feedback.

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Reply With Quote