NTService can't access a share (set to everyone)

C

cadilhac

Hi,

We have the following config:
- 2 PCs are on a same domain. They are both XP pro. On PC1, a share is
created with everyone full access control. On PC2, a NT service is
running as LocalSystem.

In this service I try to open a file in PC1 that is under the share. I
get an ACCES_DENIED. I can't understand why. If the share is placed on
a W2K machine, this is the same access denied.

If the service is set to run as a specific user, it can access the
share.
If the service (as localsystem) is moved to PC1, it can access the
share on its same machine.

Thanks for your help.

Nicolas
 
C

Colin Nash [MVP]

Hi,

We have the following config:
- 2 PCs are on a same domain. They are both XP pro. On PC1, a share is
created with everyone full access control. On PC2, a NT service is
running as LocalSystem.

In this service I try to open a file in PC1 that is under the share. I
get an ACCES_DENIED. I can't understand why. If the share is placed on
a W2K machine, this is the same access denied.

If the service is set to run as a specific user, it can access the
share.
If the service (as localsystem) is moved to PC1, it can access the
share on its same machine.

Thanks for your help.

Nicolas
Click to expand...

Regardless of permissions, there are restrictions against connecting to
shares without providing any credentials. (The credentials of one machines
SYSTEM account are meaningless to other machines on the network.)

Run SECPOL.MSC from Start--> Run
Under Local Policies, go to Security Options and add the name of your share
to "Network access: Shares that can be accessed anonymously "

Give it a reboot to make sure the policy takes effect (you should be able to
force it by running GPUPDATE on XP.)


Also have a look here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;289655 (I believe
setting the policy as above should accomplish the same thing)
 
C

cadilhac

Dear Colin,

thank you for your answer.
Adding my share in the list of anonymously accessible shares actually
fixes my problem. But I have some concerns:

- is it the only solution ?
- If I don't do it, but I add ANONYMOUS LOGON user in the share
permissions, it doesn't work anymore. What is the difference between
the 2 approaches ?
- What about "let everyone permissions apply to anonymous users"
setting ? In your solution, do I have to use it ? If I don't, does the
anonymous user has full access to the share ?

Thank you

Nicolas
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Mapping drive issues 3
share a folder in a workgroup 1
Turning Data into a Table 1
Turning a 3 column flat file into a "3D" Table 2
Unable to map to remote share XP Pro --> XP Pro 5
one way share 3
Cannot access XP sharing even settings are right 3
Can share files with one WinXP PC but not another 1

Top