Strange issue with View Workgroup

[DelJo63]

Usually I'm answering questions but this time I'm stumped.
View Entire Network->Microsoft Windows Network->Workgroup is strange in that

1. all systems on the Lan show-up alright and
2. I can browse or expand any to see the actual shares on the other systems except ---
3. my local system itself!​
4. All other systems can access the local shares correctly with user/pwd, but
5. the list of active systems is sans the local system.

Strange! This once was correct;
(1,2 and 4) says the firewall is not an issue (ports 135-139+445 are open to all LAN based systems and the broadcast port is open too)
and that the Computer Browser is operating.
I can even Map a Share which is local to the same system
eg: t:\RealEstate -> \\local\c:\RealEstate

System is XP/Pro + SP2 which is current
Yes I've even tested with the firewall shudown (SunBelt Personal FW 4)

The attachment is a list of the settings applied.
(the local system IsDomainMaster and all others never provide Master Browser Support; OS X, Win/98se, Linux6/7)

 

[simplepcguy]

Just wondering, have you checked the Event Log to see if you have any "Browser Wars" going on (read: any forced Browser Elections)? I recently had a strange one like this and it ended up being, somehow, that even thought the client was a DHCP client, the "node type" (see ipconfig /all) got changed away from "hybrid".

Just a thought. But the above node type issue really jacked the Browser Election functions and I found it in the Event Log.

 

[DelJo63]

good call but no joy. (thanks for the suggestion)

currently

Windows IP Configuration
        Host Name . . . . . . . . . . . . : ltbeard
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : [COLOR="Red"]Mixed[/COLOR]
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : socal.rr.com

I moved away from hybrid to Mixed to change the order of the network query

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Key: NodeType
Value Type: REG_DWORD - Number
Valid Range: 1,2,4,8 (B-node, P-node, M-node, H-node)

An M-node computer broadcasts first, and then queries the name server.
An H-node computer queries the name server first, and then broadcasts.
​

As this is a Workgroup system w/o a DC, there is no WINS server so why request something that is known to fail?
(btw: same symptom even with Hybrid setting)

Firewall log shows broadcast on port 137 (192.168.x.255:147)
Outbound traffic (192.168.x.y:445)
Inbound traffice (192.168.x.y:139)

Event ID: 6004 (said by MS to be safely ignored)

• Event Type: Error
  Event Source: EventLog
  Event Category: None
  Event ID: 6004
  Date: 2009-03-13
  Time: 09:53
  User: N/A
  Computer: LTBEARD
  Description:
  A driver packet received from the I/O subsystem was invalid. The data is the packet.
  
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 0c 00 e0 00 0e 00 00 00 ..à.....
  0008: 9e b2 40 4e fc a3 c9 01 ž²@Nü£É.
  0010: 40 00 00 00 00 00 00 00 @.......
  0018: 00 00 00 00 04 00 4e 00 ......N.
  0020: 00 00 00 00 cb 0b 00 80 ....Ë..€
  0028: 00 00 00 00 10 00 00 c0 .......À
  0030: 00 00 00 00 00 00 00 00 ........
  0038: 00 00 00 00 00 00 00 00 ........
  0040: 4d 00 52 00 78 00 53 00 M.R.x.S.
  0048: 6d 00 62 00 00 00 5c 00 m.b...\.
  0050: 44 00 65 00 76 00 69 00 D.e.v.i.
  0058: 63 00 65 00 5c 00 4c 00 c.e.\.L.
  0060: 61 00 6e 00 6d 00 61 00 a.n.m.a.
  0068: 6e 00 52 00 65 00 64 00 n.R.e.d.
  0070: 69 00 72 00 65 00 63 00 i.r.e.c.
  0078: 74 00 6f 00 72 00 00 00 t.o.r...
  0080: 57 00 4f 00 52 00 4b 00 W.O.R.K.
  0088: 47 00 52 00 4f 00 55 00 G.R.O.U.
  0090: 50 00 00 00 4e 00 65 00 P...N.e.
  0098: 74 00 42 00 54 00 5f 00 t.B.T._.
  00a0: 54 00 63 00 70 00 69 00 T.c.p.i.
  00a8: 70 00 5f 00 7b 00 44 00 p._.{.D.
  00b0: 35 00 37 00 33 00 31 00 5.7.3.1.
  00b8: 36 00 39 00 43 00 2d 00 6.9.C.-.
  00c0: 43 00 38 00 38 00 31 00 C.8.8.1.
  00c8: 2d 00 34 00 33 00 30 00 -.4.3.0.
  00d0: 31 00 2d 00 38 00 41 00 1.-.8.A.
  00d8: 30 00 43 00 2d 00 00 00 0.C.-...

but I suspect this is still related

This morning I just uninstalled the IPX/SPX stack (not present on network) and
now nothing is shown under Workgroup.
(event occurs before and after uninstall )

I think I'm going to reinstall IPX/SPX and see if that will jog the symptoms ...

 

[DelJo63]

... the above node type issue really jacked the Browser Election functions and I found it in the Event Log.

There use to be 'Browser Election' events, but as this PC is the major and the others are considered minor, I set this PC

IsDomainMaster = TRUE
MaintainServerList = Yes​

and all other systems are DomainMaster = FALSE

[edit] Should be Domain Master = No [/edit]

 

[simplepcguy]

Still recommend Hybrid "h node"

Hey Jobeard, While I fully agree that "mixed" makes more sense and a simple windows workgroup doesn't have a WINS server, the way I fixed the network (a friend's home network running wifi), was by setting the "always on" PC from "mixed" back to "hybrid". Used same reg hack to force it too. In testing I also played around with making "IsDomainMaster = True" and "MaintainServerList = Yes", (don't you miss the old days when you could simply set this in the NIC's properties), but I found his network finally became most stable when I returned everything to default. Again, I fully agree that the way I tried and the way you have it should be the more stable as you don't want the other PC's, especially the non Windows PC's to attempt to become the Master Browser. In my friend's case, all of the other PCs were laptop so I wanted his "always on" desktop to stay the Master Browser. Honestly, I took several packet captures (my native profession) and I had Browser Wars until I returned everything to default and set everyone to h-nodes. Go figure. I chalked it up to WIN-XP simply wanting its way instead of the logical way. Are you saying that when you remove IPX that the entire Browser List goes away? If so, are you sure you're not segmented somehow such that your Broadcast frames aren't getting end-to-end on your LAN? Thinking out loud.

 

[DelJo63]

good info there I'll do some more work as suggested.

as to segmenting; nope. all systems are in the x..x.x.1-x.x.x.4 range attached to a common router

yes, removal of IPX stopped the display of all workgroup names!
I'll first try the type=Hybrid again and report back.

tnx: 10^6
Jeff

 

[simplepcguy]

Try setting both: nodes to type "h" and return the Browser Parameters too.

I just double checked both of my XP-Pro PCs, currently on, on my Windows workgroup (w/o WINS server), both the laptop and the (always on) desktop have:
IsDomainMaster = False
MaintainServerList = Auto

Again, while several papers at both technet and M/S talk about setting these to the values you currently have, my actual testing is that it settles down and acts properly when set as above and all of the DHCP clients are h-nodes. Go figure

Remove (temp) IPX and do these steps. Then wait long enough for the Master Browser to build a new Browser List and then to distribute it to the other PC. I would wait some time and let it settle down. Maybe flame one or two of them off, then on, to "kick start" the new list.

 

[DelJo63]

ok, will do; meanwhile, I just went to my Mac and modified the smb.conf to read(in part)

[global]
...
browseable = yes
preferred master = no
local master = yes
domain master = auto
workgroup = WORKGROUP
name resolve order = hosts lmhosts bcast​

Guess what; All systems appear under Workgoup

run->cmd /k net view​

also show all (has to if the GUI is to work)

hmm; now, WHICH system is the MASTER browser???

 

[DelJo63]

Try setting both: nodes to type "h" and return the Browser Parameters too.

done

I just double checked both of my XP-Pro PCs, currently on, on my Windows workgroup (w/o WINS server), both the laptop and the (always on) desktop have:
IsDomainMaster = False
MaintainServerList = Auto

sheez; DomainMaster = FALSE would ensure any other system wins grrr.
In an election sequence, I want my system to win ALWAYS.

Prior post: which is M.B.?; clearly the Mac as putting it to sleep then reverts to prior behavior, nothing shown UNTIL the mac comes online again.

just wonderful; Samba config works as advertise; MS doc leads you into the swamp

 

[simplepcguy]

I think this has to do with the difference between the "Domain Master Browser" and the "Master Browser". The Domain Master Browser is assumed to be, almost expected to be, on another segment/LAN therefore each "local" segment/LAN has a Master Browser. These workgroups exist on local LANs and therefore really don't care about the DomainMasterBrowser, nor do they expect there to be a WINS Server.

I'm not familiar with MAC's playing in the NETB world, but my first read (before I scrolled down) of your MAC settings, my assumption was the MAC would be the local Master Browser, because of the "local master = yes". Indeed it was. Is there a setting of "auto" for that value? I have seen on two occasions, where MACs come on line and force a Browser Election, and win, regardless of the "silly" built-in, I'm bigger than you are" rule that M/S uses (which dates back to the old LANMAN specs).

Back to Windows: I believe "IsDomainMaster" causes a PC to keep the Domain Master Browser function, whereas in workgroups, you only need a "Master Browser" role active. So I leave it to its default of "False" and let them Broadcast each other to establish the local Master Browser.

Obviously, I'm just trying to help....

 

[DelJo63]

>>Obviously, I'm just trying to help....

Good comments --- you are and I appreciate another head musing over the issue.
I'll attempt to neuter the Mac and try the IsMaster change ...

 

[DelJo63]

here's the (sad) results

C:\Documents and Settings\nMaster>nbtstat -c

Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []
NetBIOS Remote Cache Name Table
Name Type Host Address Life [sec]
------------------------------------------------------------
WORKGROUP <00> UNIQUE 208.67.216.132 557

Thats part of the OpenDNS stuff, but has no right to access my workgroup:
Action taken: set firewall to DENY the remote address (208.67.216.132)
took same action on the \\emac's firewall so as to not cache it there either
​

XP IsDomainMaster = TRUE
MaintainServerList = AUTO
system \\emac off line (ie sleeping)

C:\Documents and Settings\nMaster>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered << OK THERE IS ONE!

however; browsing workgroup is futile (no systems do not show up at all)​

XP IsDomainMaster = Yes
MaintainServerList = AUTO
(emac sleeping)

C:\Documents and Settings\nMaster>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered

however; browsing workgroup is futile (no systems do not show up at all)​

C:\Documents and Settings\nMaster>nbtstat -a emac

Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
EMAC <00> UNIQUE Registered
EMAC <03> UNIQUE Registered
EMAC <20> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered << emac is Master
WORKGROUP <00> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
WORKGROUP <1E> GROUP Registered

and of course, browsing works on all systems​

(sleep the emac again)
XP IsDomainMaster = FALSE
MaintainServerList = AUTO

C:\Documents and Settings\nMaster>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
LTBEARD <03> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered <<<
and
C:\Documents and Settings\nMaster>nbtstat -a ltbeard
Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
LTBEARD <03> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered <<<​

yet, NO JOY on workgroup (no systems do not show up at all)
This is the apparent solution, but no browsing results :grrr:

btw: on the \\eMac, the test is

nmblookup -M -- -
-----------------------
query __MSBROWSE__ on 192.168.x.255
192.168.x.4 __MSBROWSER__ <01> << which is the XP!​

I'm at a total loss

 

[simplepcguy]

J.O. Beard, this is a very strange one indeed.

Shooting from the hip here, but I would change the workgroup name to something other than workgroup. First do your prefered Master Browser, let it reboot and let's see if it can see itself (plus maybe the "WORKGROUP" workgroup that might still be advertised). Then change the MAC to the same new workgroup name, but leave the others alone. It will be interesting to see how it follows the new workgroup name. It should, but then again, this thing is not playing by the rule now is it.

 

[DelJo63]

any port in a storm --- progress to follow ...

 

[DelJo63]

XP IsDomainMaster = FALSE
MaintainServerList = AUTO
(emac sleeping)

Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
KITTYHAWK <00> GROUP Registered
LTBEARD <03> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
JEFF <03> UNIQUE Registered
KITTYHAWK <1E> GROUP Registered
KITTYHAWK <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
​

no joy

XP IsDomainMaster = FALSE
MaintainServerList = Yes
(emac sleeping)

C:\Documents and Settings\Jeff>nbtstat -a ltbeard
Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
KITTYHAWK <00> GROUP Registered
LTBEARD <03> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
JEFF <03> UNIQUE Registered
KITTYHAWK <1E> GROUP Registered​

alter old boat anchor (98se) to same workgroup = KITTYHAWK

C:\Documents and Settings\Jeff>nbtstat -a 98sedesktop

Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
98SEDESKTOP <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
98SEDESKTOP <03> UNIQUE Registered
98SEDESKTOP <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered

BUT; not seen here C:\Documents and Settings\Jeff>nbtstat -n

Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
LTBEARD <00> UNIQUE Registered
KITTYHAWK <00> GROUP Registered
LTBEARD <03> UNIQUE Registered
LTBEARD <20> UNIQUE Registered
JEFF <03> UNIQUE Registered
KITTYHAWK <1E> GROUP Registered
KITTYHAWK <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
​

expected to also see 98SEDESKTOP <00> UNIQUE Registered
and 98sedesktop can not browse KITTYHAWK either

emac settings for the above were unmodified (system left sleeping)

brought online

C:\Documents and Settings\Jeff>nbtstat -a emac

Local Area Connection:
Node IpAddress: [192.168.0.4] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
EMAC <00> UNIQUE Registered
EMAC <03> UNIQUE Registered
EMAC <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered​

and not joined to KITTYHAWK (as expected)

purely fyi on OS X:
accessing \\ltbeard\sharename works regardless of the workgroup name
(ie while it is shown and can be altered in the prompt, it doesn't matter (kittyhawk, workgroup, some_bogus_name) as long as the user/pwd is correct :blackeye:​

[edit] browsing from the emac works fine with XP as the <browser> [/edit]

 

[DelJo63]

I Give UP!

wasted a whole day w/o progress and there is a viable alternative;

View Workgroup provides two servicves:

1. enumerate which systems are online
2. and list shares on each system

An alternative approach is run->\\systemname which will provide (2) if that system
is online. There is no solution for (1) when you have no idea of what's available on the subnet,
but HEY -- this is a small home lan and I better be able to count and name everything in the house

This alternative works to access (in my case) OS X, Win/98se, Linux6/7 and even local XP/shares.
The reverse access to Win/XP Pro from each system works per normal platform specifics.

I am done here.

Thanks for your time and input to this process.

For the record; the specific config options at this juncture are:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
NodeType Dword 0x08 (ie Hybrid)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
IsDomainMaster REG_SZ Yes

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
MaintainServerList REG_SZ Yes

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
IsDomainMaster Dword 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
IRPStackSize Dword 0x25
​

 

[simplepcguy]

Hey J.O.,

Not to open an old wound this early , but I was racking my brain about this and thought of something I came across a few years back that worked, but I'm not sure exactly what the setting does under the M/S covers, but I thought I would throw it out to you (just in case).

I had loaded a 3rd party "security lockdown patch" on one of my WinXPPro PCs and it would no longer see the workgroup. I found that (among other things) it changed the setting for "Use Simple File Sharing". I get to that setting by doing a right-click on Start, then Explore, then Tools, Folder Options, View, and then scroll down to the bottom of the list. If Use Simple File Sharing is checked, then uncheck it. If it is unchecked, then check it.

Again, I'm most likely telling you something you already know, but just in case. This worked for me, but I really don't know why. I investigated some, but couldn't find anything definitive.

Your call. Take care.

 

[DelJo63]

hmm; interesting and I might toggle that setting to see the effect -- HOWEVER,
I want more than Simple Sharing (which then forces access to be authenticated as
opposed to using the Guest Access route).

I'll report back later -- other 'real work' necessary today

tnx

 

[mflynn]

The mention of Simple File Sharing rang a bell with me. I had an issue don't remember that tho, but it took reversing what I had and rebooting then putting it back.

After simplepcguy's post and the above if no joy do this:

D/L and install Windows Resource Kit
Listed as 2003 but works in Vista, XP and 2K
http://www.microsoft.com/downloads/...69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

The install must be to the default location do not change

Then do the below

Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.
Then paste to the black screen of an open command prompt.

@echo off
:: Fix Access denied
cd /d "%ProgramFiles%\Windows Resource Kits\Tools"

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
exit
exit

Reboot to test!

Mike

 

[DelJo63]

> Dear jobeard,
>
> The mention of Simple File Sharing rang a bell with me. I had an issue don't remember that tho,
> but it took reversing what I had and rebooting then putting it back.
>
> After simplepcguy's post and the above if no joy do this:
>
> D/L and install Windows Resource Kit
> Listed as 2003 but works in Vista, XP and 2K
> http://www.microsoft.com/downloads/...69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en
>

hmm; I have Pgm Files\Win Resource Kits\Tools but the readme.html is imprecise as to any release date or versioning


> cd /d "%ProgramFiles%\Windows Resource Kits\Tools"

>
> subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
> subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
> subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
> subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
> subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
>
​

I have no issues with regedit nor NTFS permissions

> secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
​

hmm; Tools\secedit not present; my version is other than yours


> :: Remove AntiVirus2009
> attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
> attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
> attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
> attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"

Antivirus 2009 is not present on this system anywhere

> del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
> del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
> del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
> del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q
>
> rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
>
> attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
> rd /s/q "c:\Program Files\Antivirus 2009"
>

> attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
not present
> attrib -h -s -r c:\WINDOWS\system32\scui.cpl
not present
> attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
​

not present

>

> reg delete HKEY_CURRENT_USER\Software\75319611769193918898704537500611
> reg delete HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
> reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
> reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
> reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"​

these keys are not present either

I greatly appreciate the input and effort there :grinthumb

 

[DelJo63]

Not to open an old wound this early

not a problem

... I found that (among other things) it changed the setting for "Use Simple File Sharing". I get to that setting by doing a right-click on Start, then Explore, then Tools, Folder Options, View, and then scroll down to the bottom of the list. If Use Simple File Sharing is checked, then uncheck it. If it is unchecked, then check it.

Again, I'm most likely telling you something you already know, but just in case. This worked for me, but I really don't know why. I investigated some, but couldn't find anything definitive.

sadly -- still no joy

 

[mflynn]

LOL!

JO I posted the AntiVirus 2009 stuff by accident and removed it I thought pretty quickly.

But the post as it is now is what I intended!

But from your post I have no idea what you did.

True you may not have an Obvious permissions issue. But then that's what everyone thinks. But you are not everyone!

Did you reverse the Simple file sharing then reboot and reverse it back?

And did you do the copy/paste operation? I know you can find the scedit but if not the rest is complete the scedit is just a kicker!

Mike

 

[DelJo63]

JO I posted the AntiVirus 2009 stuff by accident and removed it I thought pretty quickly. ...But the post as it is now is what I intended!

the email notice included the data at the time of <submit>

But from your post I have no idea what you did.

simple regedit and NTFS inspections

Did you reverse the Simple file sharing then reboot and reverse it back?

yes, but I need to follow-up to verify that the stinking <everyone> group is not present

And did you do the copy/paste operation? I know you can find the scedit but if not the rest is complete the scedit is just a kicker!

As there were none of those items present, I did not -- if I had found just one, I would have abandon the inspection and opted for your instructions

Again, thank you

 

[DelJo63]

hmm; just discovered that NET SEND was not allowed (port 138 on the broadcast address).

there may be more firewall issues here ...