XP folder sharing hell......

[jim]

What it usually means is that you have user permission issues on the share
itself. It could be that the Everyone group account has no permissions on
the share, while all other user accounts have permissions on the share.
The Everyone group account will supersedes all other accounts and their
permissions, as an example.

You can only see the share permissions for accounts on the share be
disabling Simple File Sharing on XP Pro.

You should take note in the link about the Authenticated User group on
shares and remove the Everyone account off of the share.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

I did disable Simple File Sharing. It showed that Everyone had full control
in the Sharing as well as Security tabs - as I wanted it.

But, if I remove Everyone from the shares, I will have to log in to the
shares. Something that should be unneccessary. That's the whole reason for
the Everyone account.

jim

 

[jim]

Although I have been having issues other places with NOD32, that does NOT,
now, seem to be the root source of the problem here.

I have exactly the same problem after installing AVG Antivirus. I do not
believe that NOD32 and AVG are likely to have exactly the same flaw
(although it is not outside th realm of possibility).

When I uninstall AVG, all is shared. If I install it...shares are blocked
again.

As much as I hate, hate, HATE it.....it looks like I may need to
re-install XP on PC2 to see if I can isolate the problem.

Just damn......like I have time for this.......

jim

I called Eset at 1-619-876-5400 after not hearing ANYTHING from their email
support on the main website - dispite being promised turn around in 1
business day.

As I went through the whole horrid experience with the tech support person,
and I tried my best to help him troubleshoot the issue - even volunteering
to allow him to take over my PC remotely to solve the issue - he said that
he had no data on this issue. I said that was OK...let's just figure it out
together, because I can't suggest or install software for end users that I
don't trust.

Then, with his permission, I began a set of tests to see where and when the
access to the shared folders was being blocked. Each test took no more than
2 minutes.

During the third test, he asked if I could call back with my results because
he had to take other calls. This puzzled me. I would think that Eset would
want to find a possible flaw or problem that their users may be
experiencing.

I told him to go take his time - as we would no longer rcommend or use Eset
software until these issues could be satisfactorily explained.

I spoke with him about the fact that Eset takes actions without logging
those actions or asking for user input during those actions or even
notifying the user that it was taking those actions. He said he was aware
of that and that there was nothing that he coudl do about it.

I also spoke with him about the threat screens that NOD32 sometimes displays
with no expanation as to what it was doing about a threat and with no Clean
or Quarantine or Remove type buttons for the end user to select.
*Sometimes* a "Leave" button was present - but how does that make a user
feel - do they only want to "Leave" a possible threat to their security and
personal data? I surely don't.

He said that they were aware of the problem and were trying to get the
coders "to do something about it". This, needless to say, left a warm
feeling in my heart - or was it acid reflux? Doesn't matter though - at
least not to Eset tech support.

If you want to use Eset software, be my guest. We won't.

jim

 

[jim]

To test out my theory fully, I re-installed only the NOD32 antivirus,
version 2.7, (not the Smart Security suite) on 2 of the PCs. I then ran
the NOD32 updates.

Again, I could not get to PC2's shared folders from PC1 - this with
absolutely NO change on PC2 other than installing version 2.7 of NOD32
antivirus. And, I could not get to a folder shared from my My Documents
folder on PC1 - even though Share Permissions shows that Everyone has
permission to Change or Read items in the folder.

The folders on PC2 are shared from a 2nd hard drive and are not a part of
any system or special use folders (like My Documents). I even disabled
simple file sharing and gave Everyone Full Control under both Sharing and
Security for several folders on PC2 and I still could not access the
folders from PC1. Absolutely incredible!

Well, I guess you won't be spreading any viruses on a network that you
can't browse, will you?

If they work with me to actually fix these issues (whether through
training me or fixing what I percieve as a seriously flawed product) I
will post the solutions here.

I am uninstalling NOD32 completely and putting on a trial version of AVG
until I figure this out.

Thanks again to all who posted.

jim

I called Eset at 1-619-876-5400 after not hearing ANYTHING from their email
support on the main website - dispite being promised turn around in 1
business day.

As I went through the whole horrid experience with the tech support person,
and I tried my best to help him troubleshoot the issue - even volunteering
to allow him to take over my PC remotely to solve the issue - he said that
he had no data on this issue. I said that was OK...let's just figure it out
together, because I can't suggest or install software for end users that I
don't trust.

Then, with his permission, I began a set of tests to see where and when the
access to the shared folders was being blocked. Each test took no more than
2 minutes.

During the third test, he asked if I could call back with my results because
he had to take other calls. This puzzled me. I would think that Eset would
want to find a possible flaw or problem that their users may be
experiencing.

I told him to go take his time - as we would no longer rcommend or use Eset
software until these issues could be satisfactorily explained.

I spoke with him about the fact that Eset takes actions without logging
those actions or asking for user input during those actions or even
notifying the user that it was taking those actions. He said he was aware
of that and that there was nothing that he coudl do about it.

I also spoke with him about the threat screens that NOD32 sometimes displays
with no expanation as to what it was doing about a threat and with no Clean
or Quarantine or Remove type buttons for the end user to select.
*Sometimes* a "Leave" button was present - but how does that make a user
feel - do they only want to "Leave" a possible threat to their security and
personal data? I surely don't.

He said that they were aware of the problem and were trying to get the
coders "to do something about it". This, needless to say, left a warm
feeling in my heart - or was it acid reflux? Doesn't matter though - at
least not to Eset tech support.

If you want to use Eset software, be my guest. We won't.

jim

 

[John John]

I did disable Simple File Sharing. It showed that Everyone had full control
in the Sharing as well as Security tabs - as I wanted it.

But, if I remove Everyone from the shares, I will have to log in to the
shares. Something that should be unneccessary. That's the whole reason for
the Everyone account.

I think you misunderstand the "Everyone" group. It doesn't mean any
unauthenticated Tom, Dick and Harry, it means everyone who has "proper
credentials" to access the shares.

John

 

[Mr. Arnold]

I think you misunderstand the "Everyone" group. It doesn't mean any
unauthenticated Tom, Dick and Harry, it means everyone who has "proper
credentials" to access the shares.

Everyone group means anyone that can access the computer can access the
share with no credentials period, (any hacker). Authenticated Group means
the user accessing the share supplied the proper credentials to access the
share. It means the user that wants to access the share will have an an
account already created on the computer, which for me, is the same account
I use on all computers in a LAN environment.

I just access a share from any computer, and I am not challenged to logon to
any machine's share, as I am using an Authenticated account. The same
account on all machines.

As a matter of fact, I remove the Everyone Group account at the <c> level
which removes it off of the entire drive and use Authenticated group to
remove the hacker hole presented the the Everyone group account.

 

[jim]

Everyone group means anyone that can access the computer can access the
share with no credentials period, (any hacker). Authenticated Group means
the user accessing the share supplied the proper credentials to access the
share. It means the user that wants to access the share will have an an
account already created on the computer, which for me, is the same
account I use on all computers in a LAN environment.

I just access a share from any computer, and I am not challenged to logon
to any machine's share, as I am using an Authenticated account. The same
account on all machines.

As a matter of fact, I remove the Everyone Group account at the <c> level
which removes it off of the entire drive and use Authenticated group to
remove the hacker hole presented the the Everyone group account.

I don't really bother with authenticated users in my home network. I am not
worried about hackers getting through my 2 routers to my NAT'd boxes.

I like simple. I keep things simple. I have so much going on personally
and professionally that I cut out any steps in anything that are not
ABSOLUTELY neccessary.

Even keeping and using the Everyone group and assigning it to my shares, I
have never been hacked into. It may happen, but I doubt it.

jim

 

[Mr. Arnold]

I did disable Simple File Sharing. It showed that Everyone had full
control in the Sharing as well as Security tabs - as I wanted it.

But, if I remove Everyone from the shares, I will have to log in to the
shares. Something that should be unneccessary. That's the whole reason
for the Everyone account.

It doesn't have to be the Everyone account. It's just an example. You got
System and some others. For me, on a share and I was using the Everyone
group account on the share, then way have any other account on the share?
Everyone means any and every account un-challenged.

For me, I just have the Authenticated group account on the share and no
other account is on the share. If one can access the share, then it means I
have set up an account for them to access the share on the computer. Their
one account that they can use to login to any machine on the LAN, a strong
named user-id and psw that never expires, and they are never challenged for
user-id and psw, as they are Authenticated users.

 

[John John]

Everyone group means anyone that can access the computer can access the
share with no credentials period, (any hacker). Authenticated Group
means the user accessing the share supplied the proper credentials to
access the share. It means the user that wants to access the share will
have an an account already created on the computer, which for me, is
the same account I use on all computers in a LAN environment.

I just access a share from any computer, and I am not challenged to
logon to any machine's share, as I am using an Authenticated account.
The same account on all machines.

As a matter of fact, I remove the Everyone Group account at the <c>
level which removes it off of the entire drive and use Authenticated
group to remove the hacker hole presented the the Everyone group account.

Disable your Guest account and try that again.

John

 

[John John]

See below.

Everyone group means anyone that can access the computer can access the
share with no credentials period, (any hacker).

No, that is not true at all! Everyone means everyone who has proper
credentials to access the resources. To access the resources you can
use the Guest account, that failing you will have to create an account
with an identical user name and identical password to access the
resources. If the Guest account is disabled no one has proper
credentials to access the resources unless they have an identical
account on the machine or unless they use alternate credentials.

Authenticated Group
means the user accessing the share supplied the proper credentials to
access the share.

I made a mistake by using that term, I should have only mentioned
"Proper Credentials", an authenticated user is a user who is accessing
the resources via a logon process, to do so he needs proper credentials.

John

 

[Mr. Arnold]

I don't really bother with authenticated users in my home network. I am
not worried about hackers getting through my 2 routers to my NAT'd boxes.

Really?

<http://www.eweek.com/c/a/Security/Hundreds-Click-on-Click-Here-to-Get-Infected-Ad/>


You think some NAT router for home usage is some kind of stops all and ends
all solution? I can tell you right now that I have seen attacks on my own
network where they came past that NAT router like a hot knife through
butter.

All you have to do is step into any FW and Security NG to see the posts with
them stating the below.

Hey, I got a NAT router and they came past all of it. How did they do it?

And I am not talking about that link up above either, as they flat-out
attacked the NAT router form home usage and came past it.

You think you got some kind of double NAT situation that's going on is
bullit proof?

You even monitoring the network traffic coming to and leaving your LAN with
something like Wallwatcher? Or are you sitting there flying blind?

I like simple. I keep things simple. I have so much going on personally
and professionally that I cut out any steps in anything that are not
ABSOLUTELY neccessary.

I am a .NET programmer by profession, with IIS, SQL Server and a whole host
of things I must protect on the LAN. And I go to where I am supose to go and
that's to the O/S to protect the O/S. The buck stops at the O/S. It doesn't
stop anywhere else. That's how I keep things simple.

Even keeping and using the Everyone group and assigning it to my shares, I
have never been hacked into. It may happen, but I doubt it.

BTW, I dumped the NAT router for home usage, and I went out and got a low
end firewall appliance. A NAT router is ok if you really don't have to
protect things, but they are not in the same class as a FW appliance.

Even with all that, I always go look for myself from time to time with the
proper tools, because nothing is bullet proof -- nothing, and it's
particularly true when it comes to the Windows O/S platform.

http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html


If you're telling me you like to keep it simple, then you're telling me
you're not looking.

 

[jim]

It doesn't have to be the Everyone account. It's just an example. You got
System and some others. For me, on a share and I was using the Everyone
group account on the share, then way have any other account on the share?
Everyone means any and every account un-challenged.

Which is exactly what I want.

For me, I just have the Authenticated group account on the share and no
other account is on the share. If one can access the share, then it means
I have set up an account for them to access the share on the computer.
Their one account that they can use to login to any machine on the LAN, a
strong named user-id and psw that never expires, and they are never
challenged for user-id and psw, as they are Authenticated users.

That's one way to go. I'd rather not go that route myself. If I'm going to
bother authenticating users and such, I'll install a 2003 server and do it
up right.

I'm flawed that way.....all or nothing. If I can't give something my all, I
give it as litte as needed to just get by.

jim

 

[jim]

I called Eset at 1-619-876-5400 after not hearing ANYTHING from their
email support on the main website - dispite being promised turn around in
1 business day.

As I went through the whole horrid experience with the tech support
person, and I tried my best to help him troubleshoot the issue - even
volunteering to allow him to take over my PC remotely to solve the issue -
he said that he had no data on this issue. I said that was OK...let's
just figure it out together, because I can't suggest or install software
for end users that I don't trust.

Then, with his permission, I began a set of tests to see where and when
the access to the shared folders was being blocked. Each test took no
more than 2 minutes.

During the third test, he asked if I could call back with my results
because he had to take other calls. This puzzled me. I would think that
Eset would want to find a possible flaw or problem that their users may be
experiencing.

I told him to go take his time - as we would no longer rcommend or use
Eset software until these issues could be satisfactorily explained.

I spoke with him about the fact that Eset takes actions without logging
those actions or asking for user input during those actions or even
notifying the user that it was taking those actions. He said he was aware
of that and that there was nothing that he coudl do about it.

I also spoke with him about the threat screens that NOD32 sometimes
displays with no expanation as to what it was doing about a threat and
with no Clean or Quarantine or Remove type buttons for the end user to
select. *Sometimes* a "Leave" button was present - but how does that make
a user feel - do they only want to "Leave" a possible threat to their
security and personal data? I surely don't.

He said that they were aware of the problem and were trying to get the
coders "to do something about it". This, needless to say, left a warm
feeling in my heart - or was it acid reflux? Doesn't matter though - at
least not to Eset tech support.

If you want to use Eset software, be my guest. We won't.

jim

Eset called back. We stayed on the phone for over 2 hours - trying every
possible method to isolate the problem.

They left me with the concensus that I had a NIC card with drivers that
needed to be updated and that doing so would solve the problem. They said
AMON (the file monitoring portion of NOD32) was probably conflicting with
the NIC drivers.

I updated the NIC drivers on my Marvell 1GB ethernet card and still had the
same issues.

I called them back and told them as much, and they said they'd call me
tomorrow (later today).

Not being one to give up easily, I formatted the drive and re-installed XP
Pro. I added TuneUp Utilities 2006 and Acronis TrueImage and I installed all
updates for XP and my drivers. Then, tested file sharing yet again. It
worked great.

Then, I installed NOD32 2.7 and updated it and restarted the PC. File
sharing failed again.

This is not something that I am doing to the PC. This is a clean install,
completely up to date, with only 2 applications and NOD32.

I have installed Acronis and TuneUp Utilities literally hundreds of times
for clients. They are not the issue.

I have invited Eset to take over the PCs in question remotely and do as they
will with them to figure out the problem. I have backups - so I don't care
if they screw something up ... as long as they find a solution. They
declined.

I am at a complete loss. I have no other ideas for testing, other than
installing a completely different ethernet adapter with different drivers
from a different manufacturer.

I may try that before bed.

If that fails, I will re-install XP once more....not even installing Acronis
or TuneUp Utilities and try NOD32 one last time.

If that fails and Eset can't tell me why - I am done with Eset.

jim

 

[Mr. Arnold]

Which is exactly what I want.

hackes too

That's one way to go. I'd rather not go that route myself. If I'm going
to bother authenticating users and such, I'll install a 2003 server and do
it up right.

I really don't think you understand what Authenticated user means here in
the context, and has nothing to do with a domain controller. Win XP pro and
Win 2k3 server are NT based O/S(s) and the core of them have very little
differences.

 

[jim]

hackes too

Bring it....

......................./´¯/)
.....................,/¯../
..................../..../
............../´¯/'...'/´¯¯`·¸
.........../'/.../..../......./¨¯\
.........('(...´...´.... ¯~/'...')
..........\.................'...../
...........''...\.......... _.·´
.............\..............(
...............\.............\... hackers.......

I really don't think you understand what Authenticated user means here in
the context, and has nothing to do with a domain controller. Win XP pro
and Win 2k3 server are NT based O/S(s) and the core of them have very
little differences.

Let's see......according to the Microsoft XP Professional Resource Kit 2nd
Edition (written by The Microsoft Windows Team you know), page 715,
"Authenticated Users. Any user, except a user of the Guest account, who is
authenticated locally by a trusted domain controller. This identity
provides user with the rights neccessary to operate the sytem as an end
user. (The Guest account is never treated as an Authenticated User.)"

And, from page 716..."In Windows 2000 and later, groups whose membership is
automatically configured by the operating system, such as Everyone and
Authenticated Users, are not used to assign permissions to file and registry
objects. Only those groups whose memberships can be controlled by and
administrator - primarily Users, Power Users, and Administrators - are used
to assign permissions. When users are a member of a group, they
automatically have the permissions that have been assigned to that group."

In other words, yes Mr. Arnold, I DO understand what Authenticated Users
means. And, since I have no domain controller (note the reference to "no
server" in the original post) in my 3 PC + router setup and since you cannot
make an XP PC a domain controller, you either are having trouble with the
English language, are completely clueless about Authenticated Users (as
defined by Microsoft) or are simply a troll trying to drag this thread off
topic.

I'd say you are the latter.

Good day to you sir.

jim

 

[Mr. Arnold]

Bring it....

....................../´¯/)
....................,/¯../
.................../..../
............./´¯/'...'/´¯¯`·¸
........../'/.../..../......./¨¯\
........('(...´...´.... ¯~/'...')
.........\.................'...../
..........''...\.......... _.·´
............\..............(
..............\.............\... hackers.......

Boy, you got some real mental issues you need to address, and anger is one
of them. I am sure you have heard it before. Let me get you some tissues
for your issues, then we can make an appointment for you to visit a mental
disease.specialist to treat your needs.

I live in the US too, but this just goes to show why the rest of the world
hates the US, with people like you living in it that will attack at the drop
of a hat, guns drawn - cowboy

It looks to me that your mama should have never had you. She should have
strangled you at birth with you own placenta. She must have known there was
something wrong you. I bet you flipped the bird at her and the medical
staff too when you popped.

 

[Mr. Arnold]

<This is a correction boy you had me laughing too hard.>

It looks to me that your mama should have never had you. She should have
strangled you at birth with *your* own placenta. She must have known there
was
something wrong with you. I bet you flipped the bird at her and the
medical
staff too when you popped.

Silly Americans

<VBG>

 

[jim]

<snip>

At least you had the courtesy to no longer comment on a subject you know
nothing about.

Thank you.

jim

 

[Pennywise]

At least you had the courtesy to no longer comment on a subject you know
nothing about.

He knows, and Why? answered your question long time ago.

Yet you continue to blame ESET.

Your quote:
"I have exactly the same problem after installing AVG Antivirus. I do
not believe that NOD32 and AVG are likely to have exactly the same
flaw (although it is not outside th realm of possibility)."
Message-ID: <VEBjj.74145$L%[email protected]>

 

[Mr. Arnold]

<snip>

At least you had the courtesy to no longer comment on a subject you know
nothing about.

It's your show cowboy. We're just along for the ride, look at the thread and
*you* in it. And I have forgotten more than you'll ever know, cowboy. Now,
you run along and pull a pistol on someone and commit a robbery, you can get
in your car and do a little road rage driving on someone and kill them, or
you can play some combat computer games with someone and make believe.

Don't kill the messenger. <g>

You are a dangerous Human Being that needs to be locked-up, cowboy.

You are the *man*, boss, like you have been working with computers two years
like a two year old, and you know it all like a good little anger issue and
mad at the world American.

 

[Mr. Arnold]

He knows, and Why? answered your question long time ago.

Yet you continue to blame ESET.

Your quote:
"I have exactly the same problem after installing AVG Antivirus. I do
not believe that NOD32 and AVG are likely to have exactly the same
flaw (although it is not outside th realm of possibility)."
Message-ID: <VEBjj.74145$L%[email protected]>

Hell no, I just read the post that Why made to him. His original post I
didn't really read.. I was just trying to help the poor thing. He is double
NAT'ed, double personal packet filtered/personal firewalled, and double
AV'ed.

He's thrown everything at it but the kitchen sink.

Yes, he's a double agent and doubly dangerous to himself. <VBG>