Archived from groups: microsoft.public.win2000.security (
More info?)
Dear Roger,
I try the following C++ code can connect to the server OK.
{
NETRESOURCE ns;
memset(&ns,0,sizeof(ns));
ns.dwScope=RESOURCE_CONNECTED;
ns.dwType=RESOURCETYPE_DISK;
ns.dwDisplayType=RESOURCEDISPLAYTYPE_SHARE;
ns.lpLocalName="X:";
ns.lpRemoteName="\\\\10.0.0.2\\D$";
ns.lpComment=NULL;
ns.lpProvider=NULL;
char buf[MAX_PATH];
memset(&buf,0,sizeof(buf));
DWORD dw;
WNetUseConnection(NULL,&ns,"password","Administrator",CONNECT_REDIRECT,NULL,(DWORD*)&buf,&dw);
}
Why under to use Windows Shell cannot conncet only with "Administrator" or
"X\Administrator"
except "Administrator" any user can conncet OK.
--
MXC
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:u1r$qAEXFHA.2996@TK2MSFTNGP10.phx.gbl...
> "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> news:uydlww3WFHA.2768@tk2msftngp13.phx.gbl...
>> Yes, when I go to that server I can log in with the Administrator OK.
>> and I open the Local Security Policy / User Rights to see logon over
> network
>> the user list inlude the group "Administrators". The checkboxs are all
>> checked.
>>
>
> OK. So all those ducks seem in order.
> My guess is that for some reason the one machine is negotiating
> use of a different security protocol, or its settings for such as
> signing of communications, etc. are different and in disagreement
> with the server.
>
> When presented with the authentication prompt from server X
> the behavior is the same whether you say to log in
> X\Administrator or just Administrator ? If so, review the settings
> in the Local Security Policy of the machine from which access fails
> to verify that all the policies in the Computer section under Security
> Options that have (always) and/or (when possible) agree with
> settings on a machine from which access works. Also compare
> the LAN Manager authentication level setting to make sure it has
> something in common with the server from which access is failing.
>
> --
> Roger
>
>>
>> "Roger Abell" <mvpNOSpam@asu.edu>
> дÈëÏûÏ¢ÐÂÎÅ:e6xGYp3WFHA.3348@TK2MSFTNGP14.phx.gbl...
>> > and . . .
>> > when you go to that server you can log in with the Administrator
>> > account and password exactly as what fails when remote ??
>> > Check whether the account is allowed to log on over the network
>> > in the Local Security Policy / User Rights and also that it is not
>> > denied this right in the deny network logon right also found there.
>> >
>> > --
>> > Roger Abell
>> > Microsoft MVP (Windows Security)
>> > MCSE (W2k3,W2k,Nt4) MCDBA
>> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
>> > news:Om3DmC2WFHA.3876@tk2msftngp13.phx.gbl...
>> >> When I logged on to the server from my remote PC there are no errors
>> > report.
>> >> It remain the log on dialog box. Only the "Administrator" user cannot
> log
>> >> on.
>> >>
>> >> I go to the server to see the security log and there also no error
>> > recorded.
>> >> It very strange!!
>> >>
>> >> "Steven L Umbach" <n9rou@nospam-comcast.net>
>> > дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
>> >> > What happens - any error message or such?? Can you ping the server
>> >> > from
>> >> > the computer that you can to logon from to the shares?? Try enabling
>> >> > auditing of logon events in the Local Security Policy of the Windows
>> > 2000
>> >> > server [secpol.msc] and then see if a corresponding failure event is
>> >> > recorded in the security log that correlates to the time of the
> failed
>> >> > logon which will often have error codes as to why access was denied.
>> >> > Possible causes are host firewall/ipsec policy blocking access,
>> >> > incompatible security options such as digital signing or lan manager
>> >> > authentication level, or their is no user account on the server that
>> > will
>> >> > allow access. Keep in mind that XP Pro can use stored credentials
> which
>> >> > can block access after a password change. --- Steve
>> >> >
>> >> >
>> >> >
>> >> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
>> >> > news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
>> >> >> We have 2 win 2K server, If we run by "\\server01" or
> "\\10.0.0.1\d$"
>> >> >> command on a Win 2k PC.
>> >> >> There are all logged on OK, but if we run above command from a Win
> XP
>> > PC.
>> >> >> One can be logged on and another cannot.
>> >> >> who can tell me why?
>> >> >>
>> >> >> Thanks.
>> >> >>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>