Host Computer with ICS cannot be accessed

[Guest]

I have 2 computers with WinXP HE networked using Dial up with ICS (both are
connected to a hub). I can connect to the internet just fine with both
computers. Both computers can see each other. The Host computer can access
the Client computer files. But, even tho' the Client can see the Host, when
the Client trys to access the Host computer, I get an error message that it
is not accessible...may not have permission to use the resourse... access
denied. I can ping the Host from the Client. I have checked to share files.
I've reset up the whole system twice. Everything seems to be working fine
except I can't access the Host computer files from the Client. Have any
ideas???

Thanks!

Kass

 

[Chuck]

I have 2 computers with WinXP HE networked using Dial up with ICS (both are
connected to a hub). I can connect to the internet just fine with both
computers. Both computers can see each other. The Host computer can access
the Client computer files. But, even tho' the Client can see the Host, when
the Client trys to access the Host computer, I get an error message that it
is not accessible...may not have permission to use the resourse... access
denied. I can ping the Host from the Client. I have checked to share files.
I've reset up the whole system twice. Everything seems to be working fine
except I can't access the Host computer files from the Client. Have any
ideas???

Thanks!

Kass

Kass,

Is the Guest account enabled on the host? Enable the Guest account, using Start
- Run - "cmd" - type "net user guest /active:yes" in the command window.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Chuck,
Thanks for your reply! I tried enabling the Guest account. That did not
solve the problem. I did however see in a post 2 down from mine by AKent
that was replied to by Robert L to try the command net view \\hostname... I
got error 53. I think he indicated that is a name issue (which basically
goes along with what you said).... I logged in as the Guest, then logged off
and on as my user and this still didn't work. I get the same error message
as AKent: "....contact the admisitrator of the server to see if you have
permissions". Do you have something else I can try? Thanks again for your
help!

 

[Chuck]

Chuck,
Thanks for your reply! I tried enabling the Guest account. That did not
solve the problem. I did however see in a post 2 down from mine by AKent
that was replied to by Robert L to try the command net view \\hostname... I
got error 53. I think he indicated that is a name issue (which basically
goes along with what you said).... I logged in as the Guest, then logged off
and on as my user and this still didn't work. I get the same error message
as AKent: "....contact the admisitrator of the server to see if you have
permissions". Do you have something else I can try? Thanks again for your
help!

Kass,

File sharing between XP Home computers is pretty simple. Enable the Guest
account, and make sure no firewalls are blocking file sharing.

If you're getting an Error 53 from "net view", you have a name resolution
problem. That could be caused by a firewall, or it could be caused by a Node
Type problem.

Please provide ipconfig information for each computer.
Start - Run - "cmd". Type "ipconfig /all >c:\ipconfig.txt" into the command
window - Open c:\ipconfig.txt in Notepad, copy and paste into your next post.
Let's take a look at the Node Types for each computer.
http://support.microsoft.com/?id=160177

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Chuck, Here are the ipconfig results... again, thanks for helping me with
this:

Host Computer:
Windows IP Configuration



Host Name . . . . . . . . . . . . : MAIN

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : HP EN1207D-TX PCI 10/100 Fast
Ethernet Adapter

Physical Address. . . . . . . . . : 00-00-E8-9A-AE-75

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :



PPP adapter Internet Access:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 206.72.58.58

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 206.72.58.58

DNS Servers . . . . . . . . . . . : 206.72.56.253

206.72.56.99

NetBIOS over Tcpip. . . . . . . . : DisabledWindows IP Configuration



Host Name . . . . . . . . . . . . : MAIN

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : HP EN1207D-TX PCI 10/100 Fast
Ethernet Adapter

Physical Address. . . . . . . . . : 00-00-E8-9A-AE-75

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :



PPP adapter Internet Access:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 206.72.58.58

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 206.72.58.58

DNS Servers . . . . . . . . . . . : 206.72.56.253

206.72.56.99

NetBIOS over Tcpip. . . . . . . . : Disabled


Client Computer:

Windows IP Configuration



Host Name . . . . . . . . . . . . : RANDAL

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mshome.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : mshome.net

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated
Controller

Physical Address. . . . . . . . . : 00-0F-1F-95-C7-93

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.235

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, October 20, 2004
8:11:16 PM

Lease Expires . . . . . . . . . . : Wednesday, October 27, 2004
8:11:16 PM

That's it. Question.... does the connection IP address change each time I
connect to the dial up connection? It should, shouldn't it for security
reasons? Just curious.

Kass

 

[Chuck]

Chuck, Here are the ipconfig results... again, thanks for helping me with
this:

That's it. Question.... does the connection IP address change each time I
connect to the dial up connection? It should, shouldn't it for security
reasons? Just curious.

Kass

Kass,

OK, the IPConfigs look normal. Both Main and Randal show Node Type of Mixed.
Main has 192.168.0.1, and Randal 192.168.0.235 (Randal with DHCP and
autoconfiguration on). Normal values for ICS server and client.

An Error 53 from "net view" indicates a name resolution problem.
<http://www.microsoft.com/windowsxp/...g/productdoc/en/sag_TCPIP_pro_PingConnect.asp>

The common cause of name resolution problems are:
1) Bad Node Type (computers using WINS resolution only with no server
available).
2) A firewall blocking name resolution.

It's not #1. Is it possibly #2 - a firewall? If neither, then look for another
problem with file sharing.

Is this Windows XP on both computers? Home or Pro? What SP?

Are you running both Client for Microsoft Networks, and File and Printer Sharing
for Microsoft Networks (Local Area Connection - Properties), on each computer?

Are you running NetBIOS Over TCP/IP (Local Area Connection - Properties - TCP/IP
- Properties - Advanced - WINS) on each computer?

Make sure the browser service is running on each computer. Control Panel -
Administrative Tools - Services. Verify that the Computer Browser, and the
TCP/IP NetBIOS Helper, services both show with Status = Started.

Are there any firewalls on either computer - present or past? Windows (ICF /
WF) or third party?

When you refer to the "connection IP address", do you mean the PPP adapter on
Main? Although that address is assigned by the ISP, there's no guarantee that
the address will ever change. How long do you stay disconnected before you
reconnect? What's the chance that another customer of your ISP will connect,
between the times of your disconnection and reconnection?

Dynamic addresses are used by your ISP, for the convenience of your ISP.
Nothing related to security there. If you reconnect, and your previous address
is available, you will probably get that address.

There's a lot of discussion about security coming from dynamically assigned
addresses. IMHO, it's all a lot of hot air. Hackers (actually crackers) can
hit you in a minute or two when you're connected. What makes you think that
changing your ip address will make the bad guys unable to "see" you? What
happens if you do change your ip address, and get a new one, that they're
currently attacking, based upon having "seen" the previous user of that address?

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Chuck,

Sorry I took so long to get back. First, I tried "net view" on the Host
computer again, and sorry for being such a dweeb, but I think I did it wrong
the first time, cuz this time I didn't get any errors and the Host shows that
the printer and My Docs are shared (but unlike the Client who showed that
"Randal", the Host did not show "Main". I'm at home working today, but can
send you those results if you like). I've also suspected firewall issues
from the git-go, but I think I've disabled all possible, I even tried the
dial up connection. The Host computer is running XP HE w/SP1.... the Client
is a new set up running XP HE w/SP2. These are computers at work and are on
a dial up connection. I have a DSL/router set up at home and no problems. I
think it is ICS! Anyway, the Client w/ SP2 makes it easier to get to
firewall settings. On the Host w/ SP1, when I look at the dial up
connection, I can check or uncheck the firewall setting to allow others on
the internet access to my files, etc... but, on the LAN connection, when I
try to look at firewall settings, it isn't checked to not let others see your
files, but it is grayed out and I can't get to it. I've wondered from the
beginning if there is a firewall setting deep somewhere I can't get to, even
to reset.

I do web sites on the side and you know how the server gives you access to
certain files? Is there a way I can tell my Host server to allow the Client
access? Like the Client has a set IP, can you tell the Host to accept that
computer only or something?

Also, I tried all the other stuff you sent (I really appreciate your time,
cuz from all the others out there with problems, you are a busy guy! Also,
you explain things well so I can accomplish the goal. Some other postings
I've read, the techs aren't very explicit, so THANKS!) I made sure both
computers have files Client for MS Networks, file and printer sharing (I even
tried the dial up on Host which is a big no no). Both have NetBIOS over
TCP/IP checked. Both have Computer Browser and TCP/IP NetBIOS Helper status
= started. The Client computer has a trial version of Norton Antivirus. I
couldn't find any firewall settings there. The Host has CA EZ-Antivirus. CA
has a firewall software, but we don't have that and I don't think
EZ-Antivirus has any firewall settings.

On the security concerns, since crackers can get your IP, would it be wise
to password, and if so, do I have to do individual files or can I password
the Host and Client computers by name. Like, to access Randal, you'd have to
log in or enter a password? I'm not so concerned abt my home network, for
I'm under the assumption that the router will keep others out (is that
true?), but I don't not want the work computers breached. I know people at
work are spending more and more time on the net leaving that dial up
connection wide open, so I'd like to know access is secure.... got any ideas?

Man, what a book! Sorry!

Kass

 

[Chuck]

Chuck,

Sorry I took so long to get back. First, I tried "net view" on the Host
computer again, and sorry for being such a dweeb, but I think I did it wrong
the first time, cuz this time I didn't get any errors and the Host shows that
the printer and My Docs are shared (but unlike the Client who showed that
"Randal", the Host did not show "Main". I'm at home working today, but can
send you those results if you like). I've also suspected firewall issues
from the git-go, but I think I've disabled all possible, I even tried the
dial up connection. The Host computer is running XP HE w/SP1.... the Client
is a new set up running XP HE w/SP2. These are computers at work and are on
a dial up connection. I have a DSL/router set up at home and no problems. I
think it is ICS! Anyway, the Client w/ SP2 makes it easier to get to
firewall settings. On the Host w/ SP1, when I look at the dial up
connection, I can check or uncheck the firewall setting to allow others on
the internet access to my files, etc... but, on the LAN connection, when I
try to look at firewall settings, it isn't checked to not let others see your
files, but it is grayed out and I can't get to it. I've wondered from the
beginning if there is a firewall setting deep somewhere I can't get to, even
to reset.

I do web sites on the side and you know how the server gives you access to
certain files? Is there a way I can tell my Host server to allow the Client
access? Like the Client has a set IP, can you tell the Host to accept that
computer only or something?

Also, I tried all the other stuff you sent (I really appreciate your time,
cuz from all the others out there with problems, you are a busy guy! Also,
you explain things well so I can accomplish the goal. Some other postings
I've read, the techs aren't very explicit, so THANKS!) I made sure both
computers have files Client for MS Networks, file and printer sharing (I even
tried the dial up on Host which is a big no no). Both have NetBIOS over
TCP/IP checked. Both have Computer Browser and TCP/IP NetBIOS Helper status
= started. The Client computer has a trial version of Norton Antivirus. I
couldn't find any firewall settings there. The Host has CA EZ-Antivirus. CA
has a firewall software, but we don't have that and I don't think
EZ-Antivirus has any firewall settings.

On the security concerns, since crackers can get your IP, would it be wise
to password, and if so, do I have to do individual files or can I password
the Host and Client computers by name. Like, to access Randal, you'd have to
log in or enter a password? I'm not so concerned abt my home network, for
I'm under the assumption that the router will keep others out (is that
true?), but I don't not want the work computers breached. I know people at
work are spending more and more time on the net leaving that dial up
connection wide open, so I'd like to know access is secure.... got any ideas?

Man, what a book! Sorry!

Kass

Kass,

You've got a lot of questions. That's good - some folks just want to get
everything working, and leave the details (like protecting themselves properly)
til later. Or never.

Let's see what we know so far.

You have two computers - Main and Randal, both running XP Home. Main has a
dialup connection to the internet, and shares internet service with Randal using
ICS. No prob with internet from either comp.

We don't think any third party firewalls are installed on either computer (but
keep looking).

You can access shared files on Randal from Main, but can't access shared files
on Main from Randal. When trying to access Main, you get "...not
accessible...may not have permission to use the resourse (sic)... access
denied...".

The "access denied" error can be caused by several things.
1) Explicit non-permission on share (not possible for XP Home - except for
"c"\program files" and "c:\windows").
2) Name resolution problem (inability to determine physical address of Main
when attempting to open a share).
3) A firewall explicitly blocking share access, or preventing name resolution.

Have I asked these questions before (forgive me if so):
- What SP level is on Main and Randal?
- You are trying to access something other than "c:\program files" or
"c:\windows" on Main, from Randal, right?
- What Error Number is presented with the "...access denied..." error?
- Precisely what action are you taking when "the Client try's to access the
Host computer"? What program are you in at the time? Be as descriptive as
possible.

Try mapping a share on Main, from Main. Can you open a file, From The Share
setup on itself?

From each computer, Start - Run - "\\main" - What happens?

Your security concerns are very valid. Crackers (using deployed botnets) can
pound on your system (and thousands of others) from a distance. Any weakness
that you have can be exploited.

Unfortunately, WinXP Home (and Simple File Sharing) doesn't provide you with
share security, as does WinXP Pro / Win2000 (Advanced File Sharing). If a
folder / file is shared, it's shared, to everybody who otherwise has access.

With WinXP Home, the best you can do is use a firewall, and a robust armada of
security software. If you have XP SP2, Windows Firewall will offer you decent
protection against hostile incoming traffic, but provides no protection against
installed malware sending outgoing traffic.

With XP pre SP2, Internet Connection Firewall is practically useless. You can
only disable ICF, disable NBT on your dialup, and install a decent third party
firewall.

But first, let's get your file sharing working. We can get back to protecting
yourself (I can rant on that all day) later.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Chuck,

I have the Main (Host) computer with XP SP1 which is the ICS computer on a
dial up connection. The second computer is Randal (Client), has XP SP2 and
accesses the Internet through ICS on Main. Both computers can access and
share Internet access solely or simultaneously just fine.

When I am at Main, go to My Network Places, I see the Main shared files and
Randy (shared files on Randal). I can double click Randy and see and utilize
the files. Randy was shared by dragging it into the Shared Files folder.
However, on the flip side, when I am at Randal computer, go to My Network
Places, I only see the Randy folder. If I click on View Workgroup Computers
in the Network Tasks pane, I can see both Randal and Main. I can double
click Randal and see the shared files, etc. But when I double click on the
Main icon, I get the hated "....no permissions.... see administrator (which
is me)... access denied" message. Also, if I right click Start, go to
Explore to view the computer details, I can get into the Workgroup on each
computer.... when on Main both Main and Randal will fold out to reveal
contents...when on Randal, Randal will fold out, Main has a plus sign, but
when you click on it, it will not fold out. If you double click on it you
get the dreaded access denied message. I am not trying to access either
program files or windows... just My Documents on each so far. I can get to
the printer on Main, but I had to go the long way and on Randal request to
Add a Printer and then tell it to find Printer on Main. That worked. Now
I'm just down to getting into My Documents on Main (whcih was also shared by
dragging it into the Shared Folder).



I just don't see any third party firewalls... I have CA Ez-Antivirus at home
and no problem with that on my network... I am certain third party firewall
is not an issue with the CA software (whcih is what Main has). Randal
computer has a trial version of Norton Antivirus. I don't think it has
firewall settings, not that I've found so far, but I'll keep looking. Would
firewall on Randal affect access from Randal to Main anyway?

I tried Start:Run: \\main on both computers as you suggested. When on the
Main computer, it accesses Main showing the shared printer, shared Docs,
Printer and Faxes, and Scheduled Tasks folder. When I tried that from
Randal, I get the dreaded access denied message. When on Randal, \\randal
will give me the printer, shared Randy folder, Printer and Faxes icon and
Scheduled Tasks icon.

Chuck, I'm not sure what you meant on "Try mapping a share on Main, from
Main. Can you open a file, From the Share setup on itself?" If you mean
doing the \\main from Start:Run.... yes I can access My Documents from Main.
If you mean something else, I'm being dense.

One quick question on security...just for my peace of mind on my home
network. Does a router provide all the necessary security?

Thanks again for your diligence!

Kass

 

[Guest]

Chuck,

I have the Main (Host) computer with XP SP1 which is the ICS computer on a
dial up connection. The second computer is Randal (Client), has XP SP2 and
accesses the Internet through ICS on Main. Both computers can access and
share Internet access solely or simultaneously just fine.

When I am at Main, go to My Network Places, I see the Main shared files and
Randy (shared files on Randal). I can double click Randy and see and utilize
the files. Randy was shared by dragging it into the Shared Files folder.
However, on the flip side, when I am at Randal computer, go to My Network
Places, I only see the Randy folder. If I click on View Workgroup Computers
in the Network Tasks pane, I can see both Randal and Main. I can double
click Randal and see the shared files, etc. But when I double click on the
Main icon, I get the hated "....no permissions.... see administrator (which
is me)... access denied" message. Also, if I right click Start, go to
Explore to view the computer details, I can get into the Workgroup on each
computer.... when on Main both Main and Randal will fold out to reveal
contents...when on Randal, Randal will fold out, Main has a plus sign, but
when you click on it, it will not fold out. If you double click on it you
get the dreaded access denied message. I am not trying to access either
program files or windows... just My Documents on each so far. I can get to
the printer on Main, but I had to go the long way and on Randal request to
Add a Printer and then tell it to find Printer on Main. That worked. Now
I'm just down to getting into My Documents on Main (whcih was also shared by
dragging it into the Shared Folder).



I just don't see any third party firewalls... I have CA Ez-Antivirus at home
and no problem with that on my network... I am certain third party firewall
is not an issue with the CA software (whcih is what Main has). Randal
computer has a trial version of Norton Antivirus. I don't think it has
firewall settings, not that I've found so far, but I'll keep looking. Would
firewall on Randal affect access from Randal to Main anyway?

I tried Start:Run: \\main on both computers as you suggested. When on the
Main computer, it accesses Main showing the shared printer, shared Docs,
Printer and Faxes, and Scheduled Tasks folder. When I tried that from
Randal, I get the dreaded access denied message. When on Randal, \\randal
will give me the printer, shared Randy folder, Printer and Faxes icon and
Scheduled Tasks icon.

Chuck, I'm not sure what you meant on "Try mapping a share on Main, from
Main. Can you open a file, From the Share setup on itself?" If you mean
doing the \\main from Start:Run.... yes I can access My Documents from Main.
If you mean something else, I'm being dense.

One quick question on security...just for my peace of mind on my home
network. Does a router provide all the necessary security?

Thanks again for your diligence!

Kass

 

[Chuck]

Chuck,

I have the Main (Host) computer with XP SP1 which is the ICS computer on a
dial up connection. The second computer is Randal (Client), has XP SP2 and
accesses the Internet through ICS on Main. Both computers can access and
share Internet access solely or simultaneously just fine.

When I am at Main, go to My Network Places, I see the Main shared files and
Randy (shared files on Randal). I can double click Randy and see and utilize
the files. Randy was shared by dragging it into the Shared Files folder.
However, on the flip side, when I am at Randal computer, go to My Network
Places, I only see the Randy folder. If I click on View Workgroup Computers
in the Network Tasks pane, I can see both Randal and Main. I can double
click Randal and see the shared files, etc. But when I double click on the
Main icon, I get the hated "....no permissions.... see administrator (which
is me)... access denied" message. Also, if I right click Start, go to
Explore to view the computer details, I can get into the Workgroup on each
computer.... when on Main both Main and Randal will fold out to reveal
contents...when on Randal, Randal will fold out, Main has a plus sign, but
when you click on it, it will not fold out. If you double click on it you
get the dreaded access denied message. I am not trying to access either
program files or windows... just My Documents on each so far. I can get to
the printer on Main, but I had to go the long way and on Randal request to
Add a Printer and then tell it to find Printer on Main. That worked. Now
I'm just down to getting into My Documents on Main (whcih was also shared by
dragging it into the Shared Folder).



I just don't see any third party firewalls... I have CA Ez-Antivirus at home
and no problem with that on my network... I am certain third party firewall
is not an issue with the CA software (whcih is what Main has). Randal
computer has a trial version of Norton Antivirus. I don't think it has
firewall settings, not that I've found so far, but I'll keep looking. Would
firewall on Randal affect access from Randal to Main anyway?

I tried Start:Run: \\main on both computers as you suggested. When on the
Main computer, it accesses Main showing the shared printer, shared Docs,
Printer and Faxes, and Scheduled Tasks folder. When I tried that from
Randal, I get the dreaded access denied message. When on Randal, \\randal
will give me the printer, shared Randy folder, Printer and Faxes icon and
Scheduled Tasks icon.

Chuck, I'm not sure what you meant on "Try mapping a share on Main, from
Main. Can you open a file, From the Share setup on itself?" If you mean
doing the \\main from Start:Run.... yes I can access My Documents from Main.
If you mean something else, I'm being dense.

One quick question on security...just for my peace of mind on my home
network. Does a router provide all the necessary security?

Thanks again for your diligence!

Kass

Kass,

Improperly configured, and otherwise malfunctioning, firewalls can cause
problems in many different ways. I've seen so many different symptoms resolved
by un installing firewalls.

In some cases, you have to totally un install related software from the
manufacturer. In one case, Norton Personal Firewall (part of Norton Internet
Security) was malfunctioning, and we couldn't get file sharing working until
Norton AntiVirus was also un installed.

The "...access denied..." error can be caused by several different problems.
The browser (on the LAN) provides the display of shares that you see. When you
try to access one of those shares, the computer name in the share has to be
resolved to an address. There could be no problem with the browser (one
component of file sharing), but name resolution (another component) could be
broken, causing the error.

Let's try something else. Just as you did "\\Main" then "\\Randall" from both
computers, do "\\192.168.0.1" then "192.168.0.235". Let's see what happens when
we bypass name resolution.

When I suggested that you "Try mapping a share on Main, from Main. Can you open
a file, From the Share setup on itself?" I was having you treat Main as a server
for itself.

With file sharing, you have a Server (running File and Printer Sharing for
Microsoft Networks (FPSMN), aka lanmanserver) and a Client (running Client for
Microsoft Networks (CMN), aka lanmanworkstation). If either one of those
services is broken, file sharing won't work.

If Main (as a client) can access Randall (server), then you know that both CMN
on Main, and FPSMN on Randal, are operational. If Randal (client) can't access
Main (server), then either CMN on Randal, or FPSMN on Main could be broken. How
do you tell which one is broken?

The best way is to test Main from itself. You know CMN on Main works (other
test), so if you test Mains ability to share with itself, you are only testing
FPSMN on Main.

So I tell you to setup a share on Main, then try and reference that share from
Main. And see what happens.

Your question about security from a router does not have an easy answer. A NAT
router (which is what you buy at Best Buy) provides good protection against
incoming hostile traffic. But it's only ONE ESSENTIAL component in a layered
protection strategy, which is what you absolutely need today.

If you could see your way to using a router (the cost is absolutely worth it!),
we'd both be better off. Is your dialup service PPP compatible?

I'll discuss security in detail after this is over.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Chuck,

OK, I'd done a ping from cmd but did this from Start:Run as well. From
Main, I did Start:Run \\192.168.0.1... I can see and access shared files,
including the shared My Documents on Main. I can Start:Run \\192.168.0.235
from Main and see and access shared files on Randal. On Randal, I can see
and access Randal files, but from Randal, if I go Start:Run \\192.168.0.1 I
get the "access denied" message.

If I understand correctly (I think this is making my brain go to jelly) on
the mapping, this is what I did. On Main, I shared My Documents... then from
Main I accessed through My Network Places, Main and opened that shared
Document. Is that correct? In otherwords, I'm using Main as the Client to
access files on Main as the Server and yes, I can access Main and it's shared
resources. Dude, you are going to make a geek out of me! My family thinks
I've slipped off the edge when I start talking about this stuff. I think my
kids are ready to stuff me in a closet!

Tomorrow when I go in to work, I'm going to try disabling Norton and see if
that helps.

You read my mind on the router thing. My home network is a piece of cake...
Lynksys Wireless B (Model BEFW11S4), has both wireless and ethernet
capabilities. I have 2 desktops on a LAN and a laptop on wireless. After
installing XP SP2, I had to do some reconfiguring to get everyone to see and
acknowledge everything, but nothing like this stupid ICS for a dial up. If I
were anyone out there using a router, I wouldn't touch ICS with 100' pole!
Keep it simple!

Can you get a router that will work with dial up? I looked a bit, and
pickins look slim to none, but perhaps I wasn't searching properly. If this
keeps up, my boss may decide to fork out for DSL rather than watch me have a
nervous breakdown (or have to listen to me talking Geek! We used to try
to FAX through software on the computer and I convinced him this is the same
senario.... software just doesn't cut it compared to a piece of hardward made
to do the job.

Have a good week-end (or do you live a Help and Support? If you work
for Microsoft, tell them to just make a simple program where to get into a
computer and use it's resources, you have to log in with a user name and
passwork like getting on a server to do web work and forget all this ICS
Firewall @!%$.

Thanks, Dude!

 

[Chuck]

Chuck,

OK, I'd done a ping from cmd but did this from Start:Run as well. From
Main, I did Start:Run \\192.168.0.1... I can see and access shared files,
including the shared My Documents on Main. I can Start:Run \\192.168.0.235
from Main and see and access shared files on Randal. On Randal, I can see
and access Randal files, but from Randal, if I go Start:Run \\192.168.0.1 I
get the "access denied" message.

If I understand correctly (I think this is making my brain go to jelly) on
the mapping, this is what I did. On Main, I shared My Documents... then from
Main I accessed through My Network Places, Main and opened that shared
Document. Is that correct? In otherwords, I'm using Main as the Client to
access files on Main as the Server and yes, I can access Main and it's shared
resources. Dude, you are going to make a geek out of me! My family thinks
I've slipped off the edge when I start talking about this stuff. I think my
kids are ready to stuff me in a closet!

Tomorrow when I go in to work, I'm going to try disabling Norton and see if
that helps.

You read my mind on the router thing. My home network is a piece of cake...
Lynksys Wireless B (Model BEFW11S4), has both wireless and ethernet
capabilities. I have 2 desktops on a LAN and a laptop on wireless. After
installing XP SP2, I had to do some reconfiguring to get everyone to see and
acknowledge everything, but nothing like this stupid ICS for a dial up. If I
were anyone out there using a router, I wouldn't touch ICS with 100' pole!
Keep it simple!

Can you get a router that will work with dial up? I looked a bit, and
pickins look slim to none, but perhaps I wasn't searching properly. If this
keeps up, my boss may decide to fork out for DSL rather than watch me have a
nervous breakdown (or have to listen to me talking Geek! We used to try
to FAX through software on the computer and I convinced him this is the same
senario.... software just doesn't cut it compared to a piece of hardward made
to do the job.

Have a good week-end (or do you live a Help and Support? If you work
for Microsoft, tell them to just make a simple program where to get into a
computer and use it's resources, you have to log in with a user name and
passwork like getting on a server to do web work and forget all this ICS
Firewall @!%$.

Thanks, Dude!

Kass,

I just thought of this. Are you sharing My Documents? That's another folder
with special properties - I believe My Documents are personal to the user. You
would have to have administrative authority to access them. And since Guest
isn't administrative, you're out of luck.

Try another folder for testing please.

As far as dialup routers, there are six that I know of.

The Netgear FR328S (wired):
<http://www.netgear.com/products/details/FR328S.php>

The Netgear FWG114P (wireless):
<http://www.netgear.com/products/details/FWG114P.php>

The SMC7004ABR (wired):
<http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=67&site=c>

The SMC7004AWBR (wireless):
<http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=63&site=c>

The USR USR8000A (wired):
<http://www.usr.com/products/networking/router-product.asp?sku=USR8000A>

The USR USR8022 (wireless):
<http://www.usr.com/products/networking/router-product.asp?sku=USR8022>

All products will require an external modem of your choice. As some have
discovered, a WinModem will not suffice.

All you do is connect the modem to the serial port on the router, configure the
router, and connect the phone line to the modem.

Gets the modem out of your computer. No possibility of having the dialer
hijacked by spyware. And frees up your CPU, from having to manage the modem,
and run ICS. And lets you turn off either computer, and access from the other,
as you wish. And protects both computers with the NAT "firewall".

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Help please.
Many posts on this problem all over the net - no solution.
I have two computers connected via crossover cable: desktop and laptop.
Desktop is 192.168.0.1; laptop is 192.168.0.2
Desktop is connected to internet via broadband.
On desktop - I can access everything on laptop: shared files, printers, ping
without a prob.
On laptop - I can access internet through desktop (no ICS issue), but cannot
access printers or shared files on desktop. When I go to 'view workgroup
computers' while i'm on the laptop, i can see both computers. If i double
click on the desktop computer, it say '..you may not have
permission....ACCESS IS DENIED"
Both computers are XP Pro SP1
Now - let's cover a few things that other people suggested, but didn't work:
1. Turn on guest account on desktop - did not resolve the problem.
2. Turn off firewall - did not resolve the problem.
3. Disable simple file sharing - did not resolve the problem.

Any other suggestions?
matt

 

[Hans-Georg Michna]

... If i double
click on the desktop computer, it say '..you may not have
permission....ACCESS IS DENIED"

Matt,

http://www.michna.com/kb/wxnet.htm covers SP2, but it probably
has your solution anyway.

Hans-Georg

 

[Guest]

Chuck,

Success at last! This AM at work I tried several things (diable Norton...
shared something on Main besides My Documents... wipe out the ICS, internet
access and just tried sharing without internet access... I even took my peer
to peer router settings from my home network and manually set up the network
at work...etc.... all to no avail - I could still see Main from Randal but
not access). Then through all the times you had me try to access Host and
Client through Start:Run, I remembered to get access to the printer that is
on Main so Randal could print to it, I had to add a printer and use the
address \\main\printer. So I tried accessing the shared My Documents on Main
with the Start: Run \\main\shareddocs(or whatever the name of the shared
folder is) and there is was! I could access those shared files on Main just
fine. So, on Randal, I Created a New Connection with a shortcut to the
shared documents on Main and I'm good to go! I know this may seem trivial to
you, but I was a big victory for me on a week long wrestling match! I wrote
back cuz maybe what we accomplished will help someone else. It is like it
didn't want to acknowledge the GUI icon, but when I could ping the files I
knew I had to be able to get through...weird. As I said, so far I really
like XP, but I'm not impressed with their ICS/ICF and especially the
wizard...seems like it screws more people up than it helps, but maybe they
are still getting the bugs worked out, you know?

Do you care if I get back with you on security issues? I don't want to
keep bugging you, but like I said, you explain things well. Let me know what
you think.

Thanks for all your help!


Kass

 

[Guest]

I've had exactly the same problem, and Hans-George's site sorted it - after
16 hours trying everything I could think of and find.

Go to his site, or try this:

You have all the following symptoms:

You can ping the computer by IP and by name.
When you type: net view \\computername, you get the error message, "Error 5:
You do not currently have access to this file. The file may be marked
read-only, or it may be part of a shared resource such as a folder, a named
pipe, a queue, or a semaphore. You can use the ATTRIB command to change the
read-only attribute, or try again later when the file may be available."
This is in some cases caused by a registry setting named RestrictAnonymous.
Go to the computer which you cannot access, start a registry editor and
change the following registry value.

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Control
\Lsa
Value name: RestrictAnonymous
Value type: DWORD

If the value is 1 or even 2, change it to 0, reboot and retest. If the
problem is solved, leave the value at zero. If not, you can change it back if
you like.

Background: RestrictAnonymous controls whether null sessions, sessions that
work without any authentication and use the permissions of the groups
Everyone and NETWORK, are allowed (value 0) or disallowed (value 1). The
value 2 is obsolete for Windows XP.

Don't mistake this for the value named restrictanonymoussam, which controls
null session SAM account name listings.

The man is a GENIUS!

 

[Chuck]

Chuck,

Success at last! This AM at work I tried several things (diable Norton...
shared something on Main besides My Documents... wipe out the ICS, internet
access and just tried sharing without internet access... I even took my peer
to peer router settings from my home network and manually set up the network
at work...etc.... all to no avail - I could still see Main from Randal but
not access). Then through all the times you had me try to access Host and
Client through Start:Run, I remembered to get access to the printer that is
on Main so Randal could print to it, I had to add a printer and use the
address \\main\printer. So I tried accessing the shared My Documents on Main
with the Start: Run \\main\shareddocs(or whatever the name of the shared
folder is) and there is was! I could access those shared files on Main just
fine. So, on Randal, I Created a New Connection with a shortcut to the
shared documents on Main and I'm good to go! I know this may seem trivial to
you, but I was a big victory for me on a week long wrestling match! I wrote
back cuz maybe what we accomplished will help someone else. It is like it
didn't want to acknowledge the GUI icon, but when I could ping the files I
knew I had to be able to get through...weird. As I said, so far I really
like XP, but I'm not impressed with their ICS/ICF and especially the
wizard...seems like it screws more people up than it helps, but maybe they
are still getting the bugs worked out, you know?

Do you care if I get back with you on security issues? I don't want to
keep bugging you, but like I said, you explain things well. Let me know what
you think.

Thanks for all your help!


Kass

Dude,

Congrats! You got it figured out.

There are no trivial issues - just trivial people. I love problems that end
with resolution. (I wish all did).

Any questions you got re security issues, post them here. What you (and
thousands like you) do affect the entire internet. Please ask any security
questions here if you wish.

Welcome to geekdom. ;-}

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Chuck,

Well, on to security issues! I'll have two types of set ups to address.
1. Work: We have a dial up connection (at least until I can talk my boss
into DSL ;-)
It shows on the dial up connection that there is a little firewall lock...
is that enough? Can I put a password lock on a folder or just files? I've
only done files up to now. Didn't know if you can password a folder or
drive, etc.

2. Home: I have 2 computers networked plus a laptop. The computers are on
an ethernet connection, and the laptop is on a wireless. I have a DSL
modem... Linksys router with each computer hooked to a hub connection and the
laptop uses a PC card for wireless connection to the router. My concerns on
my home set up are:
A. Is the router protection enough from outside intrusion? I have the XP
SP2 firewall on, but do have Exceptions set for file sharing. Is there a way
I can keep people outside my home network out, but allow full sharing on the
computers inside my home network?

Those are the big concerns for now.

Thanks, Chuck!

 

[Chuck]

Chuck,

Well, on to security issues! I'll have two types of set ups to address.
1. Work: We have a dial up connection (at least until I can talk my boss
into DSL ;-)
It shows on the dial up connection that there is a little firewall lock...
is that enough? Can I put a password lock on a folder or just files? I've
only done files up to now. Didn't know if you can password a folder or
drive, etc.

2. Home: I have 2 computers networked plus a laptop. The computers are on
an ethernet connection, and the laptop is on a wireless. I have a DSL
modem... Linksys router with each computer hooked to a hub connection and the
laptop uses a PC card for wireless connection to the router. My concerns on
my home set up are:
A. Is the router protection enough from outside intrusion? I have the XP
SP2 firewall on, but do have Exceptions set for file sharing. Is there a way
I can keep people outside my home network out, but allow full sharing on the
computers inside my home network?

Those are the big concerns for now.

Thanks, Chuck!

Kass,

Interesting questions. Not easy to explain, but I'll keep this as brief (not
very) as possible. ;-} Please see the part at the end about wireless security!

1) I have experimented with encrypting files, but haven't done anything with
folders. I would imagine that, if your encryption program will do folders, then
do one. I would guess you could zip a folder up, then encrypt the zip file.
Can you encrypt in place? I think I'll leave you to see, and let us know what
happens.

2) A NAT router will protect you from unsolicited incoming traffic. An SPI
firewall (which not all NAT routers have) will additionally protect you against
maliciously crafted incoming traffic. But, where NAT routers fail (and don't
talk about NAT routers and firewalls in the same breath in
comp.security.firewalls) is:
a) Hostile solicited incoming traffic.
b) Hostile outgoing traffic.

http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html
http://www.microsoft.com/athome/security/protect/firewall.mspx
http://www.homenethelp.com/router-guide/features-firewall.asp

With a NAT router, the only incoming traffic that gets to your computer is
traffic that you've asked for. So no problem with unsolicited worms like
Blaster, Sasser, etc. But if you setup a Kazaa server, surf over to
www.warezrus.com, or open Usenet articles with titles like "Use this critical
package", you may get traffic with unexpected content.

Read the SANS article "Follow the Bouncing Malware" (in 2 parts).
http://isc.sans.org/diary.php?date=2004-07-23
http://isc.sans.org/diary.php?date=2004-08-23

Or read an Eric Howes article about spyware analysis:
http://spywarewarrior.com/asw-test-guide.htm

NAT routers are not application aware, that is, a NAT router will simply pass
outgoing traffic to the internet. Which is not bad if you're surfing the web,
and just asking for web pages. But, if your newly installed copy of Kazaa
includes a trojan that installs a spam distribution server on your computer,
you'll know nothing about your new capability until your ISP cuts your service
off (if they ever do).

The bottom line is that a NAT router is a good outer layer in your defense
strategy. One NAT router protects your entire LAN. Just the outer layer
though.

The second layer is a software firewall, or a port monitor like Port Explorer
(free) from <http://www.diamondcs.com.au/portexplorer/index.php?page=home>. See
various discussions in comp.security.firewall for good advice on choosing a
firewall. A software firewall can selectively block incoming or outgoing
traffic, and a port monitor can at least let you know what's going on.

You need a software firewall on each computer in your LAN; in case one computer
gets infected, a software firewall on the others could save you a lot of
trouble.

A software firewall, with filters setup to allow file sharing only between
computers on your LAN, will complement the protection from your NAT router, and
allow you to share files between your computers safely. See below (end of this
article) for additional notes re wireless protection!

The third layer is good software, also on each computer. This layer has
multiple components.

AntiVirus protection. Realtime, plus a regularly scheduled virus scan.
Regularly updated. AV protection is not all that's needed today.

Adware / spyware protection. Realtime, plus a regularly run adware / spyware
scan. Regularly updated.
Complete instructions, using Spybot S&D and HijackThis (both free) are here:
<http://forums.spywareinfo.com/index.php?showtopic=227>.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

The fourth layer is common sense. Yours. Don't install software based upon
advice from unknown sources. Don't install free software, without researching
it carefully. Don't open email unless you know who it's from, and how and why
it was sent.

The fifth layer is education. Know what the risks are. Stay informed. Read
Usenet, and various web pages that discuss security problems. Check the logs
from the other layers regularly, look for things that don't belong, and take
action when necessary.

#######

Please use special protection for a wireless LAN - this includes each computer
connected to the wireless LAN, too!

Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.

The point is, you need to protect a wireless LAN with more precautions than just
the NAT router / firewall.

Change the router management password, and disable remote (WAN) management.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually. Please do this.

Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Open the
following ports for file sharing, only in the Local Zone: TCP 139, 445; UDP 137,
138, 445.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest, if possible (XP Home is a bad choice here).
Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.