Do Win Server Products demand password authentication?

  • Thread starter Thread starter tcv
  • Start date Start date
T

tcv

Hi there,

Earlier today, I was trying to setup a shared folder between two XP Pro
machines in a Workgroup environment. I had some trouble, but was
ultimately able to resolve it ... in a strange way.

I was attempting to force the remote XP machine to ask the connecting
XP machine for a username and password in order to gain access to the
remote share.

The connecting machine and remote machines did NOT have a common
username/password combination. I would try to connect to the remote
share from the connecting machine and I'd simply receive an "Access is
Denied" error.

I did find an odd way to achieve the ends, though. I found that I could
force the password box by setting a "Network Password" in the User
Accounts Control Panel that contained...

MACHINENAME/USERNAME
WRONG PASSWORD

I presume that since a correct username and wrong password get passed
to the remote machine, the remote machine gives me another chance to
type in the correct password.

Here's what I don't understand:

Isn't this different with Windows' Server products?

Let's say I have an XP Pro machine with a Joe username trying to
connect to a machine that has no Joe username. All else being equal --
the workgroup name, a typical secpol, etc. -- wouldn't the server
install present the XP Pro machine with a username/password challenge
rather than an "Access is Denied" error?
 
Chuck said:
If the account used for local login is mirrored on the remote server, that's
used for authentication. If not, but Guest is active, it's used. If neither of
those is the case, then you're asked to authenticate, and allowed to specify a
non-Guest account.

Remember that activation for network access is not the same as activation for
local use.
Click to expand...

Ah! Now I get it!

And is Guest network access disabled on Server products?
 
tcv said:
Ah! Here's the output (stripped for brevity):

Account active No

I will test this shortly.
Click to expand...

Sure enough, that's the behavior. So, to reiterate, if I want an XP Pro
machine to challenge a connecting machine for username/password, then I
need to deactive the guest account either via NET USER or disable it in
Local Users and Groups under Computer Management.

And the reason why this works without alteration in Server products is
that the Guest account is disabled by default.

Thanks. This solves a big mystery for me.

Cheers,

Mike...
 
Sure enough, that's the behavior. So, to reiterate, if I want an XP Pro
machine to challenge a connecting machine for username/password, then I
need to deactive the guest account either via NET USER or disable it in
Local Users and Groups under Computer Management.

And the reason why this works without alteration in Server products is
that the Guest account is disabled by default.

Thanks. This solves a big mystery for me.

Cheers,

Mike...
Click to expand...

Welcome, Mike. Yes, Guest is a security hole, and most domains require it
closed. It was closed on my server, but I couldn't remember if I closed it
intentionally. Apparently default GP.
 
Back
Top