Resolving shares with Win XP Pro

[TonyG]

I have been reading/working through all of the materials provided about
troubleshooting file and printer sharing problems in Windows XP Pro. It has
been useful to get an understanding of the scope of the
problem, but it has not helped to resolve it. Details of the problem and the
IPCONFIG and BROWSTAT results for the three PCs are below.

What I really need to know at this stage is:

(1) Does Internet Connection Sharing being enabled on a PC change its
security model in any way?
(2) Is there a reasonably simple way to compare security in depth between
two PCs?

My problem is much the same as many others. I have resources on a Win XP Pro
machine (PC1) that I want to share with another XP Pro machine (PC2) and a
Win2K machine (PC3). PC1 runs ICS to share a cable internet connection. PC2
and PC3 connect via an 8-port hub to share this connection and, ideally, its
printer as well.

PC1 can see all shares on PC2 and PC3. PC2 can see the shares on PC3 and
vice-versa. But PC2 and PC3 cannot see the shares on PC1. PC1 shows in
Network Neighborhood but gives the dreaded "Error 5" when you try to see its
shares.

I have tried many of the common 'fixes' suggested on other newsgroups:
- disable simple file sharing
- ensures shares have access by 'Everyone'
- common username/password on all three PCs
- enable the Guest account
- add Netbios over TCP/IP
- ensure a single master browser
- set registry key RestrictAnonymous to '0'
- check for hidden enumeration parameter
- cleaned up the protocol stack
- disabled Windows firewall entirely (no other firewalls)
- even tried adding NETBEUI to the three machines.

The only thing that made any difference was fiddling with some of the
security settings in GPEDIT.MSC, which switched the problem from an Error 5
message to a request for username/password - looked promising, but no
combination was accepted, even administrator sets which are also common on
all three.

Given that PC2 (XP Pro) is able to share its folders with both machines, and
PC1 (XP Pro) is not, I am looking now at the differences in security
settings between the two PCs. But I am concerned that I have fiddled with so
many settings now, I am not sure what is right and what is not any more.

I really need to know if Internet Connection Sharing might complicating the
issue in any way. And I need to directly compare all security settings
between PC1 and PC2 to identify the differences and see if any of these
impact the sharing model.

Sorry if I seem a bit terse, but this problem has been plaguing me for
months now, ever since replacing Win2K Pro with Win XP Pro (both clean
installs, by the way). I was quite surprised when PC2 opened its shares
(after a clean reinstall due to corruption) and it gave me new hope of
finding a solution.

Any help, tips, pointers, things I have not tried, utilities that might
help, etc. would be appreciated. The IPCONFIGS and BROWSTATS for each
machine are reproduced below for information. Some details have been 'xxx'd
for security reasons. The BROWSTAT for PC2 might be very significant...

TonyG

-----------------------------------------------------------------

PC1 - IPCONFIG /all
Host Name . . . . . . . . . . . . : Pentium4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxx.xxx.net.au
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-0D-61-2B-2A-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter XXX Cable:
Connection-specific DNS Suffix . : xxx.xxx.net.au
Description . . . . . . . . . . . : Motorola SURFboard 4200 USB
Cable Modem
Physical Address. . . . . . . . . : 00-0B-06-93-04-47
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : XXX.XXX.XXX.XXX
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : XXX.XXX.XXX.XXX
DHCP Server . . . . . . . . . . . : XXX.XXX.XXX.XXX
DNS Servers . . . . . . . . . . . : XXX.XXX.XXX.XXX
Lease Obtained. . . . . . . . . . : Friday, 16 September 2005
10:38:35 AM
Lease Expires . . . . . . . . . . : Friday, 16 September 2005
4:38:35 PM

--------------------------------------------------------

PC1 - BROWSTAT

Status for domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 1 domains in domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}

Status for domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
There are 1 domains in domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

---------------------------------------------------------------

PC2 - IPCONFIG /all

Host Name . . . . . . . . . . . . : packardbell
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mshome.net

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-05-1C-16-13-E6
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.98
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Friday, 16 September 2005
12:39:49 PM
Lease Expires . . . . . . . . . . : Friday, 23 September 2005
12:39:49 PM

----------------------------------------------------------

BROWSTAT for PC2

Status for domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
Browsing is active on domain.
Master browser name is: PENTIUM4
Could not connect to registry, error = 5 Unable to determine
build of browser master: 5
Unable to determine server information for browser master: 5
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
There are 1 domains in domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}

 

[Chuck]

I have been reading/working through all of the materials provided about
troubleshooting file and printer sharing problems in Windows XP Pro. It has
been useful to get an understanding of the scope of the
problem, but it has not helped to resolve it. Details of the problem and the
IPCONFIG and BROWSTAT results for the three PCs are below.

What I really need to know at this stage is:

(1) Does Internet Connection Sharing being enabled on a PC change its
security model in any way?
(2) Is there a reasonably simple way to compare security in depth between
two PCs?

My problem is much the same as many others. I have resources on a Win XP Pro
machine (PC1) that I want to share with another XP Pro machine (PC2) and a
Win2K machine (PC3). PC1 runs ICS to share a cable internet connection. PC2
and PC3 connect via an 8-port hub to share this connection and, ideally, its
printer as well.

PC1 can see all shares on PC2 and PC3. PC2 can see the shares on PC3 and
vice-versa. But PC2 and PC3 cannot see the shares on PC1. PC1 shows in
Network Neighborhood but gives the dreaded "Error 5" when you try to see its
shares.

I have tried many of the common 'fixes' suggested on other newsgroups:
- disable simple file sharing
- ensures shares have access by 'Everyone'
- common username/password on all three PCs
- enable the Guest account
- add Netbios over TCP/IP
- ensure a single master browser
- set registry key RestrictAnonymous to '0'
- check for hidden enumeration parameter
- cleaned up the protocol stack
- disabled Windows firewall entirely (no other firewalls)
- even tried adding NETBEUI to the three machines.

The only thing that made any difference was fiddling with some of the
security settings in GPEDIT.MSC, which switched the problem from an Error 5
message to a request for username/password - looked promising, but no
combination was accepted, even administrator sets which are also common on
all three.

Given that PC2 (XP Pro) is able to share its folders with both machines, and
PC1 (XP Pro) is not, I am looking now at the differences in security
settings between the two PCs. But I am concerned that I have fiddled with so
many settings now, I am not sure what is right and what is not any more.

I really need to know if Internet Connection Sharing might complicating the
issue in any way. And I need to directly compare all security settings
between PC1 and PC2 to identify the differences and see if any of these
impact the sharing model.

Sorry if I seem a bit terse, but this problem has been plaguing me for
months now, ever since replacing Win2K Pro with Win XP Pro (both clean
installs, by the way). I was quite surprised when PC2 opened its shares
(after a clean reinstall due to corruption) and it gave me new hope of
finding a solution.

Any help, tips, pointers, things I have not tried, utilities that might
help, etc. would be appreciated. The IPCONFIGS and BROWSTATS for each
machine are reproduced below for information. Some details have been 'xxx'd
for security reasons. The BROWSTAT for PC2 might be very significant...

TonyG

-----------------------------------------------------------------

PC1 - IPCONFIG /all
Host Name . . . . . . . . . . . . : Pentium4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxx.xxx.net.au
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-0D-61-2B-2A-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter XXX Cable:
Connection-specific DNS Suffix . : xxx.xxx.net.au
Description . . . . . . . . . . . : Motorola SURFboard 4200 USB
Cable Modem
Physical Address. . . . . . . . . : 00-0B-06-93-04-47
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : XXX.XXX.XXX.XXX
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : XXX.XXX.XXX.XXX
DHCP Server . . . . . . . . . . . : XXX.XXX.XXX.XXX
DNS Servers . . . . . . . . . . . : XXX.XXX.XXX.XXX
Lease Obtained. . . . . . . . . . : Friday, 16 September 2005
10:38:35 AM
Lease Expires . . . . . . . . . . : Friday, 16 September 2005
4:38:35 PM

--------------------------------------------------------

PC1 - BROWSTAT

Status for domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 1 domains in domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}

Status for domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
There are 1 domains in domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

---------------------------------------------------------------

PC2 - IPCONFIG /all

Host Name . . . . . . . . . . . . : packardbell
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mshome.net

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-05-1C-16-13-E6
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.98
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Friday, 16 September 2005
12:39:49 PM
Lease Expires . . . . . . . . . . : Friday, 23 September 2005
12:39:49 PM

----------------------------------------------------------

BROWSTAT for PC2

Status for domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
Browsing is active on domain.
Master browser name is: PENTIUM4
Could not connect to registry, error = 5 Unable to determine
build of browser master: 5
Unable to determine server information for browser master: 5
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}
There are 1 domains in domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}

Tony,

These items are relevant to visibility in Network Neighborhood (browsing):
add Netbios over TCP/IP
ensure a single master browser
set registry key RestrictAnonymous to '0'
check for hidden enumeration parameter
cleaned up the protocol stack
disabled Windows firewall entirely (no other firewalls)

These are not relevant to browsing:
disable simple file sharing
ensures shares have access by 'Everyone'
common username/password on all three PCs
enable the Guest account
even tried adding NETBEUI to the three machines

Here is one very interesting symptom:
PC1 - BROWSTAT
Master browser name is: PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

BROWSTAT for PC2
Master browser name is: PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}

Why "0 servers"? Do you have File and Printer Sharing properly bound under
NetBIOS Over TCP/IP, and is the Server service started, on both computers?
<http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#Components>

Check for LSP / Winsock corruption:
<http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html>

If that doesn't help, try running the Network Setup wizard, and make the
appropriate selection for Internet access.

 

[TonyG]

Tony,

These items are relevant to visibility in Network Neighborhood (browsing):
add Netbios over TCP/IP
ensure a single master browser
set registry key RestrictAnonymous to '0'
check for hidden enumeration parameter
cleaned up the protocol stack
disabled Windows firewall entirely (no other firewalls)

These are not relevant to browsing:
disable simple file sharing
ensures shares have access by 'Everyone'
common username/password on all three PCs
enable the Guest account
even tried adding NETBEUI to the three machines

Here is one very interesting symptom:
PC1 - BROWSTAT
Master browser name is: PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

BROWSTAT for PC2
Master browser name is: PENTIUM4
There are 0 servers in domain TONY on transport
\Device\NetBT_Tcpip_{1C697756-0ECC-4AB3-B027-2A04DBA2176E}

Why "0 servers"? Do you have File and Printer Sharing properly bound
under
NetBIOS Over TCP/IP, and is the Server service started, on both computers?
<http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#Components>

Check for LSP / Winsock corruption:
<http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html>

If that doesn't help, try running the Network Setup wizard, and make the
appropriate selection for Internet access.

Hi Chuck,

Thanks for the tips. The browser service was active on all PCs originally. I
have since disabled it on PC2 and PC3 to see if that helps resolve master
browser conflicts. I read the article about browser conflicts (that's where
I got Browstat.exe from) and worked through its suggestions. A new browstat
report for PC1 is included below.

I also tried repairing Winsock. That caused all sorts of grief, requiring me
to uninstall the network connections and reinstall them completely. That's
why you'll see my workgroup is now MSHOME.

I have tried running the network setup wizard a number of times on all three
computers, but it doesn't seem to help at all.

Any thoughts on my request about how to directly compare security settings
on the two XP Pro machines? Is there a way to print all security settings?
And is there any difference created in the security when one of the machines
runs ICS?

Thanks, Tony

Status for domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 2 servers in domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 1 domains in domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}


Status for domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 2 servers in domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
There are 1 domains in domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

 

[Chuck]

Hi Chuck,

Thanks for the tips. The browser service was active on all PCs originally. I
have since disabled it on PC2 and PC3 to see if that helps resolve master
browser conflicts. I read the article about browser conflicts (that's where
I got Browstat.exe from) and worked through its suggestions. A new browstat
report for PC1 is included below.

I also tried repairing Winsock. That caused all sorts of grief, requiring me
to uninstall the network connections and reinstall them completely. That's
why you'll see my workgroup is now MSHOME.

I have tried running the network setup wizard a number of times on all three
computers, but it doesn't seem to help at all.

Any thoughts on my request about how to directly compare security settings
on the two XP Pro machines? Is there a way to print all security settings?
And is there any difference created in the security when one of the machines
runs ICS?

Thanks, Tony

Status for domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 2 servers in domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 1 domains in domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}


Status for domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 2 servers in domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
There are 1 domains in domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

Tony,

The browstat for PC1 looks a bit better now. How about the others - please
verify that all browser access is straight, before we tackle security settings.

 

[Chuck]

Hi Chuck,

Thanks for the tips. The browser service was active on all PCs originally. I
have since disabled it on PC2 and PC3 to see if that helps resolve master
browser conflicts. I read the article about browser conflicts (that's where
I got Browstat.exe from) and worked through its suggestions. A new browstat
report for PC1 is included below.

I also tried repairing Winsock. That caused all sorts of grief, requiring me
to uninstall the network connections and reinstall them completely. That's
why you'll see my workgroup is now MSHOME.

I have tried running the network setup wizard a number of times on all three
computers, but it doesn't seem to help at all.

Any thoughts on my request about how to directly compare security settings
on the two XP Pro machines? Is there a way to print all security settings?
And is there any difference created in the security when one of the machines
runs ICS?

Thanks, Tony

Status for domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 2 servers in domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}
There are 1 domains in domain MSHOME on transport
\Device\NetBT_Tcpip_{71C01581-E0F7-454D-A309-72388F96200B}


Status for domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
Browsing is active on domain.
Master browser name is: PENTIUM4
Master browser is running build 2600
1 backup servers retrieved from master PENTIUM4
\\PENTIUM4
There are 2 servers in domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}
There are 1 domains in domain MSHOME on transport
\Device\NetBT_Tcpip_{53751DDA-A365-40FF-BD49-1F7DCE8BDCAA}

Tony,

Well, apparently something you did resolved the problem with PC1, which went
from "0 servers in domain" to "2 servers in domain". Any idea what? That could
be relevant in resolving the problem. What results do you see on the other
computers?

Sorry that the LSP / Winsock repairs was so painful. It's not a clean solution,
and when necessary, I recommend it after everything else has been tried to no
avail.

The Network Setup Wizard is not much of a magic bullet. It loads network
drivers (which only has to be done once), then makes network settings that
affect Internet access. If you run it once, and there's still a problem with
file sharing, chances are that running it again won't help a lot.

If you're still having problems, it may involve security settings, or it may
not. I recommend that we verify everything else is working first. Please
provide updated "browstat status" and "ipconfig /all" from each computer. We'll
run CDiag next.
<http://nitecruzr.blogspot.com/2005/05/using-cdiag-without-assistance.html>

With regard to ICS, that's basically a software NAT router. ICS affects file
sharing only when it affect connectivity between the computers - using ICS
should have no effect on security settings.

 

[TonyG]

Hi Chuck

I have sent you an offline email with the full reports from IPCONFIG,
BROWSTAT and CMDIAG.

Tony

 

[TonyG]

Hi Chuck

Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
for my network?

Tony

 

[Chuck]

Hi Chuck

Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
for my network?

Tony

Tony,

I've checked 6 of my email accounts, and none have any email from you. As long
as you're not sending anything titled for instance "Re: [6]" or similar. ;(

 

[TonyG]

Hi Chuck

I checked the address and I did make a mistake. It has now been resent to
the address at the bottom of your signature block and has the same subject
line as this post. The attachments are all TXT files. If this gives you a
problem, let me know - I could send them as PDFs if you prefer.

Thanks again,

Tony

Hi Chuck

Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
for my network?

Tony

Tony,

I've checked 6 of my email accounts, and none have any email from you. As
long
as you're not sending anything titled for instance "Re: [6]" or similar.
;(

 

[TonyG]

Hi Chuck,

FYI, I continued my probing into this problem by directly comparing, line
for line, the security settings on PC1 and PC2 using GPEDIT.MSC.

The major difference I spotted was that PC2 allowed "Access to this computer
from the network" for "everyone, administrators, power users and users",
whereas PC1 only allowed it for "ASP.NET". I changed PC1 to the same setting
as PC2 and reshared the printer. The printer was still not visible in the
"add printer" network browser, but I forced it using the \\computer\printer
path. That did not work, so I changed the name of the printer share and
tried again. It asked for username/password (as mentioned in my email
directly to you), but the guest user without PW was not being accepted (must
have a block on users without passwords somewhere). So I added a password to
the guest account and tried again with the PW. It worked! Not only that, but
it also made all of the PC1 shares visible on PC2!!

So, my hunch was correct ... it was never a network problem, always a
security problem. However, I am not absolutely confident that the changes I
have made to security have not opened a back door for some clever hacker
somewhere to break into my PC. If you have any thoughts about that, I'd be
interested.

In any case, this may give some others a new lead to resolve this problem.

Tony

Hi Chuck

Did you receive the files I sent to you with the IPCONFIGS, BROWSTATS, etc
for my network?

Tony

Tony,

I've checked 6 of my email accounts, and none have any email from you. As
long
as you're not sending anything titled for instance "Re: [6]" or similar.
;(

 

[Chuck]

Hi Chuck,

FYI, I continued my probing into this problem by directly comparing, line
for line, the security settings on PC1 and PC2 using GPEDIT.MSC.

The major difference I spotted was that PC2 allowed "Access to this computer
from the network" for "everyone, administrators, power users and users",
whereas PC1 only allowed it for "ASP.NET". I changed PC1 to the same setting
as PC2 and reshared the printer. The printer was still not visible in the
"add printer" network browser, but I forced it using the \\computer\printer
path. That did not work, so I changed the name of the printer share and
tried again. It asked for username/password (as mentioned in my email
directly to you), but the guest user without PW was not being accepted (must
have a block on users without passwords somewhere). So I added a password to
the guest account and tried again with the PW. It worked! Not only that, but
it also made all of the PC1 shares visible on PC2!!

So, my hunch was correct ... it was never a network problem, always a
security problem. However, I am not absolutely confident that the changes I
have made to security have not opened a back door for some clever hacker
somewhere to break into my PC. If you have any thoughts about that, I'd be
interested.

In any case, this may give some others a new lead to resolve this problem.

Tony

Hi Tony,

OK, so you have XP Pro with Simple File Sharing disabled, but you're using the
Guest account for network access anyway.

Using Guest authentication is mainly a policy issue. In your case, you're
probably safe.
# You don't have any wireless components, so your LAN is physically secure.
# As long as Pentium4 is properly firewalled (with file sharing blocked please),
it should be secure. Likewise Packardbell and Hpvectra. If you're not
firewalled, I don't think that having Guest accessible (with or without a
password) will make all that much difference to a hacker.

But please don't use Guest authentication as a general resolution for this
problem. It may be for you, but I'd not recommend it to everybody. Out of
principle, I'd still hope that you find out what the actual problem is.

 

[TonyG]

Hi Chuck

File and printer sharing is enabled on the LAN but disabled on the ICS
gateway. I have run every NetBios security tester I can find and none of
them can detect a share on the IP, so I guess I am safe. My only real
concern is could someone try to actually log into my machine from the
outside world if they guessed my Guest password? If that's not possible,
then I think it's OK. But I will continue to look for a better solution to
the problem.

Thanks for all your help. I guess at this stage the question still is why
does Pentium4 ask for a username and password when I try to access it from
other machines? And why does it only allow the Guest username to be entered
(username box is greyed out, with "Pentium4\Guest" in it).

Regards, Tony